1 |
<?xml version="1.0"?> |
2 |
<pxyservd> |
3 |
|
4 |
<server> |
5 |
<name>proxyscan.ircaide.org</name><!-- match a C:line on the hub --> |
6 |
<id>P1</id> |
7 |
<numeric>99</numeric> |
8 |
<maxclients>1</maxclients> |
9 |
<info>All your proxies are belong to us</info> |
10 |
<sendq>1000000</sendq> |
11 |
</server> |
12 |
|
13 |
<hub> |
14 |
<address>172.16.0.1</address> |
15 |
<port>4400</port> |
16 |
<bind-address></bind-address> |
17 |
<password>duck</password> |
18 |
</hub> |
19 |
|
20 |
<client> |
21 |
<nickname>prox</nickname> |
22 |
<nick-change-delay>7200</nick-change-delay> |
23 |
<username>proxyscan</username> |
24 |
<hostname>undernet.org</hostname> |
25 |
<realname>Undernet Proxy Scanner</realname> |
26 |
<userip>0.0.0.0</userip> |
27 |
<usermode>+idko</usermode> |
28 |
<channel>#proxy_info</channel> |
29 |
<channel-mode>+tn</channel-mode> |
30 |
<channel-timestamp>1004078035</channel-timestamp> |
31 |
<show-cached>1</show-cached> |
32 |
</client> |
33 |
|
34 |
<noscan> |
35 |
<server>uworld.undernet.org</server> |
36 |
<server>uworld.eu.undernet.org</server> |
37 |
<userip>127.0.0.1</userip> |
38 |
<userip>255.255.255.255</userip> |
39 |
<userip>0/8</userip> |
40 |
<userip>10/8</userip> |
41 |
<userip>172.16/12</userip> |
42 |
<userip>192.168/16</userip> |
43 |
</noscan> |
44 |
|
45 |
<scanner> |
46 |
<address>172.16.0.5</address> |
47 |
<port>9601</port> |
48 |
<bind-address></bind-address> |
49 |
</scanner> |
50 |
|
51 |
<log> |
52 |
<file type="current">logs/proxy-current.log</file> |
53 |
<file type="daily">logs/proxy-yesterday.log</file> |
54 |
<file type="system">logs/system.log</file> |
55 |
<file type="glines">logs/glines.log</file> |
56 |
<file type="opercmds">logs/opercmds.log</file> |
57 |
<file type="proxytop">logs/proxytop.db</file> |
58 |
<history-dirpath>logs/history</history-dirpath> |
59 |
<timezone>GMT</timezone> |
60 |
</log> |
61 |
|
62 |
<gline> |
63 |
<delay>900</delay> |
64 |
<!-- type constants taken from the OPAS library --> |
65 |
<reason type="1">Misconfigured Wingate. Please visit http://www.undernet.org/proxyscan.php </reason><!-- space at the end for mIRC users --> |
66 |
<reason type="2">Misconfigured Socks Server. Please visit http://www.undernet.org/proxyscan.php </reason> |
67 |
<reason type="3">Misconfigured Socks Server. Please visit http://www.undernet.org/proxyscan.php </reason> |
68 |
<reason type="4">Misconfigured Proxy Server. Please visit http://www.undernet.org/proxyscan.php </reason> |
69 |
<reason type="0">Misconfigured Proxy Server. Please visit http://www.undernet.org/proxyscan.php </reason> |
70 |
</gline> |
71 |
|
72 |
<notice> |
73 |
<line>This network is running an open proxy/open socks/wingate</line> |
74 |
<line>detection monitor. If you see a connection from</line> |
75 |
<line>proxscan.network.tld/12.34.56.78 please disregard it, as it is</line> |
76 |
<line>the detector in action and -not- a hostile attempt.</line> |
77 |
</notice> |
78 |
|
79 |
<help-menu> |
80 |
Undernet Proxy Scanner Service Help Menu |
81 |
======================================== |
82 |
Commands (global opers only) |
83 |
---------------------------- |
84 |
INV - Get an invite to my console channel |
85 |
SERVERS [...] - Show network servers and noscan status |
86 |
STATUS [...] - Status of server and scanner daemon |
87 |
NOSCAN - Print current noscan configuration list |
88 |
PROXYTOP - Proxies found per server |
89 |
STATS - Technical statistics |
90 |
PXSTATS - Statistics from the scanner daemon |
91 |
GREM <GLINE> - Remove a gline set by me |
92 |
INFO [...] - Show channel or user info |
93 |
RECHECK [...] - Recheck an user or a whole channel |
94 |
HELP CREDITS - Credits info |
95 |
HELP <COMMAND> - More help for <COMMAND> |
96 |
</help-menu> |
97 |
|
98 |
<help topic="inv"> |
99 |
INV |
100 |
=== |
101 |
This command gives any global IRC operator an invite on my |
102 |
current console channel. |
103 |
</help> |
104 |
|
105 |
<help topic="servers"> |
106 |
SERVERS [-info] [-noscan] |
107 |
============================================== |
108 |
Show IRC network tree with optional info: |
109 |
-info : Display user count |
110 |
-scan : Show scanned servers in bold |
111 |
</help> |
112 |
|
113 |
<help topic="status"> |
114 |
STATUS [-serv|-scan] (1/3) |
115 |
============================================== |
116 |
General and probably the more interesting command provided by |
117 |
pxyservd. Call it how often you want to quickly check how pxys |
118 |
is working. |
119 |
|
120 |
IRC server status |
121 |
----------------- |
122 |
A first part displays the IRC server status: number of servers |
123 |
on the network, number of clients and channels, classical. |
124 |
pxyservd retrieves the IPs of the network's clients and sends |
125 |
them to pxyscand, the associated scanner daemon process, for |
126 |
proxy scanning. "Scan ClientQ" is the number of clients that |
127 |
haven't been confirmed yet, pxyservd is waiting for a positive |
128 |
or negative reply from the scanner daemon. Take a look at this |
129 |
value as it shouldn't grow too much in normal conditions, and |
130 |
drop as soon as possible otherwise. Note it's normal to always |
131 |
have some clients in the scan queue... the scanner daemon can't |
132 |
always reply quickly. |
133 |
"Unscannable clients" shows the current number of *connected* |
134 |
clients concerned by a failed scan. A failed scan occurs when |
135 |
the host or network of this client is unreachable from the proxy |
136 |
scanner daemon. It is followed by the server's uptime (pxyservd |
137 |
uptime). |
138 |
|
139 |
Please consult HELP STATUS 2 for detailed description of the |
140 |
scanner status part. |
141 |
</help> |
142 |
|
143 |
<help topic="status 2"> |
144 |
STATUS [-serv|-scan] (2/3) |
145 |
============================================== |
146 |
Scanner status |
147 |
-------------- |
148 |
First, you need to know that the scanner daemon (pxyscand) is |
149 |
now separated from the IRC(u) service server (pxyservd). |
150 |
However, they are able to communicate: first to request proxy |
151 |
scanning, but for status/stats purposes too. So you may notice |
152 |
a delay before receiving the scanner status reply if the scanner |
153 |
daemon is not running locally, for example. |
154 |
The first lines display status info about the connection between |
155 |
the server and the scanner daemon. If they are not connected |
156 |
(eg. the scanner daemon is down), you will see a warning there. |
157 |
"Scanning activity" is a good indicator about the load of the |
158 |
scanner daemon. 100%% means all socket slots are taken and it's |
159 |
doing its best to scan them. Lower values means the scanner |
160 |
could handle more clients at this time. This percentage is |
161 |
followed by more precise values: the number of unique IPs |
162 |
currently being scanned, and the number of scans being performed |
163 |
at this time. Usually, you have several scans for one IP. The |
164 |
number of scan is in fact the number of sockets needed to |
165 |
perform the scans for these IPs (although it's not exactly the |
166 |
number of open sockets, but more, as some of them might not be |
167 |
created yet or already closed). |
168 |
"IP scans completed" is a simple real IP scan counter for the |
169 |
current session (all sessions in parenthesis). To consult the |
170 |
scanner's cache hits counter, please use the PXSTATS command. |
171 |
An average value of scan performed is given too. |
172 |
|
173 |
Please use HELP STATUS 3 for next page. |
174 |
</help> |
175 |
|
176 |
<help topic="status 3"> |
177 |
STATUS [-serv|-scan] (3/3) |
178 |
============================================== |
179 |
When "ScanQ size" is not zero, the current scanning activity |
180 |
should be 100%% (the maximum) and you know the scanner can't |
181 |
process all IPs at the same time: it then adds the IP scan |
182 |
requests in a queue for later processing. This number should |
183 |
drop until 0, otherwise you have a little problem. |
184 |
"Target" is the current selected needed target IP for some |
185 |
scans (as for Socks 4 discovery). It should be set to an IP of |
186 |
one of your network's stable IRC server. |
187 |
"Scan connect() timeout" indicates the number of seconds to |
188 |
wait before a scan bails out. |
189 |
|
190 |
Following the total number of proxy found, you will find there |
191 |
the uptime of the scanner daemon. The last part of the STATUS |
192 |
command shows a detailed table with proxy found counters since |
193 |
the scanner daemon is launched. For information, additional |
194 |
"open" counters are provided that count established connections. |
195 |
|
196 |
Options: |
197 |
-serv : only displays IRC server status |
198 |
-scan : only displays proxy scanner daemon status |
199 |
</help> |
200 |
|
201 |
<help topic="noscan"> |
202 |
NOSCAN |
203 |
============================================== |
204 |
Show pxyservd's "noscan" rules. pxyservd, the IRC(u) service |
205 |
server part of pxys v2, is configured with a list of IP blocks |
206 |
that are ignored. Clients using one of these IPs are tagged as |
207 |
"scanning disabled". Additonally, a list of remote server names |
208 |
can be provided: clients using these servers are ignored too, |
209 |
thus useful for services, hubs, or IRC operator only servers. |
210 |
</help> |
211 |
|
212 |
<help topic="proxytop"> |
213 |
PROXYTOP |
214 |
============================================== |
215 |
This command shows the top list of servers where proxy were |
216 |
found on them (and then G-lined!). It might help you to find |
217 |
very-open servers with possibly bad I/K-lines rules, or servers |
218 |
floodbots like... Don't forget to relativize using the provided |
219 |
MAXUSERS indicator, as big servers obviously have more chance to |
220 |
host proxied clients. |
221 |
</help> |
222 |
|
223 |
<help topic="stats"> |
224 |
STATS |
225 |
============================================== |
226 |
Display statistics about sockets, internal structures and |
227 |
memory's consumption. |
228 |
</help> |
229 |
|
230 |
<help topic="pxstats"> |
231 |
PXSTATS |
232 |
============================================== |
233 |
Query the proxy scanner daemon for internal statistics. Only |
234 |
available when pxyscand is connected. Along other obscure |
235 |
values, it shows the IP cache hits count of already scanned |
236 |
users. This cache allows the scanner to work in very hard |
237 |
conditions, avoiding the re-scan of recently checked IPs. |
238 |
</help> |
239 |
|
240 |
<help topic="grem"> |
241 |
GREM <IP|GLINE> |
242 |
============================================== |
243 |
G-line removal method (only for proxyscan G-lines). Please |
244 |
provide the IP or the banned user@host mask, ie. *@<IP>. |
245 |
After the remgline, the IP is not ignored, it will be re-scanned |
246 |
if seen again. |
247 |
</help> |
248 |
|
249 |
<help topic="info"> |
250 |
INFO <NICK|CHANNEL> |
251 |
============================================== |
252 |
Info command about a client or a channel. Its purpose is to give |
253 |
some proxyscan-related info about a client or channel's clients. |
254 |
|
255 |
Examples: |
256 |
INFO bot-42 |
257 |
INFO #floodland |
258 |
</help> |
259 |
|
260 |
<help topic="recheck"> |
261 |
RECHECK <NICK|CHANNEL> |
262 |
============================================== |
263 |
Like GREM, this command performs an action and its purpose is |
264 |
not only informative, please use with care. |
265 |
The RECHECK command allows a global IRC operator to ask for a |
266 |
recheck of a specified user or all users on a given channel. |
267 |
|
268 |
Please note, however, that users matching NOSCAN rules are never |
269 |
proxy-checked. Also, if the user has not be scanned yet (eg. |
270 |
he's just connected), this command does nothing. Don't hesitate |
271 |
to use previously the INFO command on the user or channel if |
272 |
needed. |
273 |
|
274 |
Note that a notice is sent to my console channel for recheck of |
275 |
a whole channel. |
276 |
|
277 |
Examples: |
278 |
RECHECK bot-42 |
279 |
RECHECK #floodland |
280 |
</help> |
281 |
|
282 |
<help topic="evreg"> |
283 |
EVREG <MODES> |
284 |
============= |
285 |
This command allows global IRC operators to register for specific |
286 |
events. Several modes are provided, each character identifying an |
287 |
event. Opers who have event X enabled will be notified by the |
288 |
proxyscanner's virtual client (me) when event X occurs. |
289 |
|
290 |
MODES |
291 |
----- |
292 |
'p' : new insecure proxy found, show it |
293 |
'c' : show proxy-cache hits |
294 |
'o' : show global IRC operators using /oper |
295 |
'x' : pxyscand connection related events |
296 |
|
297 |
For example, an oper who want to be notified when a new proxy has |
298 |
been found and for /oper's would type: /msg <me> evreg +po |
299 |
|
300 |
To disable /oper's notifications only: /msg <me> evreg -o |
301 |
|
302 |
NOTE: Your modes remain until you disconnect or a split between |
303 |
you and the proxyscanner occurs. |
304 |
</help> |
305 |
|
306 |
<help topic="credits"> |
307 |
pxyservd v2 - part of pxys v2 software suite |
308 |
============================================ |
309 |
See: http://pxys.sf.net |
310 |
</help> |
311 |
|
312 |
</pxyservd> |