1 |
Introduction |
2 |
------------ |
3 |
|
4 |
HOPM (Hybrid Open Proxy Monitor) is an open proxy monitoring bot designed for |
5 |
Hybrid based ircds. The bot is designed to monitor an individual server (all |
6 |
servers on the network have to run their own bot) with a local operator {} |
7 |
block and monitor connections. When a client connects to the server, HOPM will |
8 |
scan the connection for insecure proxies. Insecure proxies are determined by |
9 |
attempting to connect the proxy back to another host (usually the IRC server in |
10 |
question). |
11 |
|
12 |
HOPM is written ground-up in C language, concept derived from wgmon. It |
13 |
improves on wgmon with HTTP support, faster scanning (it can scan clients |
14 |
simultaneously), better layout (scalability), and dnsbl support. |
15 |
|
16 |
|
17 |
Requirements |
18 |
------------ |
19 |
|
20 |
o An IRCd which presents connection notices in a format which HOPM |
21 |
recognises (see below). |
22 |
|
23 |
o A host with full connectivity for all the ports you wish to scan. i.e. is |
24 |
NOT transparently proxied -- many domestic internet connections have port 80 |
25 |
transparently proxied and this produces completely unpredictable results, |
26 |
sometimes as severe as 100% of clients being K:lined! |
27 |
|
28 |
o A unix OS with GNU Make, a C99 compiler, etc.. |
29 |
|
30 |
o Permission from your users to portscan them for open proxies. |
31 |
|
32 |
|
33 |
Compatibility |
34 |
------------- |
35 |
|
36 |
ircd-hybrid 8.2.x |
37 |
ircd-ratbox 3.0.x |
38 |
ircu 2.10.x |
39 |
InspIRCd 2.0.x |
40 |
UnrealIRCd 3.2.x |
41 |
ngIRCd 22 |
42 |
Bahamut 2.0.x |
43 |
Charybdis 3.4.x |
44 |
|
45 |
HOPM is designed for ircd-hybrid based ircds. It is easily suitable for any |
46 |
other ircd with little modification (connregex in hopm.conf). However, if an |
47 |
ircd does not send IP addresses in a connection notice, HOPM will not be |
48 |
effective because the time it takes to resolve a hostname would be a |
49 |
significant factor to HOPM's efficiency. |
50 |
|
51 |
|
52 |
Command Line Options |
53 |
-------------------- |
54 |
|
55 |
-c <name> Config name. By default HOPM reads hopm.conf, "-c foo" |
56 |
will cause HOPM to read foo.conf. The primary use for |
57 |
this is to run multiple HOPMs from one directory. |
58 |
|
59 |
-d Debug mode. HOPM will not fork, and will write logs to stderr. |
60 |
Multiple -d increase debug level. |
61 |
|
62 |
|
63 |
Operator Channel Commands |
64 |
------------------------- |
65 |
|
66 |
botnick check <host> [scanner] -- Manually scan host for insecure proxies and output all errors. |
67 |
If scanner is not given, HOPM will scan on all scanners. |
68 |
NOTE: this will NOT add a kline (or whatever) if it finds a |
69 |
proxy. |
70 |
|
71 |
botnick stats -- Output scan stats, uptime and client connection count. |
72 |
|
73 |
botnick fdstat -- Output some into about file descriptors in use. |
74 |
|
75 |
Also if several HOPMs are present in one channel they will all respond to !all, |
76 |
for example !all stats. |
77 |
|
78 |
|
79 |
Rehashing HOPM |
80 |
-------------- |
81 |
|
82 |
A /kill to HOPM will cause the process to restart, rehashing the configuration file |
83 |
and ending all queued scans. |
84 |
|
85 |
|
86 |
Logging |
87 |
------- |
88 |
|
89 |
Once started, HOPM logs all significant events to a file called "hopm.log" |
90 |
which by default can be found at $HOME/hopm/var/hopm.log. There is also a |
91 |
config option to log all proxy scans initiated, which can be quite useful if |
92 |
you receive an abuse report related to portscanning. |
93 |
|
94 |
These log files, especially the scan log, can grow quite large. It is |
95 |
suggested that you arrange for these files to be rotated periodically. An |
96 |
example shell script is provided in the contrib/logrotate directory. If you |
97 |
prefer to use the log rotation facilities of your operating system then you |
98 |
should send a USR1 signal to HOPM after moving its logfiles - this will cause |
99 |
HOPM to reopen those files. |
100 |
|
101 |
|
102 |
Support |
103 |
------- |
104 |
|
105 |
* Bug Reports: |
106 |
- bugs@ircd-hybrid.org |
107 |
* IRC contact: |
108 |
- #ircd-coders on irc.ircd-hybrid.org |