/* * * SwiftDNSBL sample BOPM configuration file * Last Updated: 7th September 2008 * http://www.swiftbl.net * * Note: This configuration file should only serve as a basic start for your network defences. * * If you have any comments or suggestions email katlyn@swiftirc.net * */ options { pidfile = "/home/username/bopm/bopm.pid"; dns_fdlimit = 64; #scanlog = "/path/to/the/scan.log"; }; IRC { vhost = "127.0.0.1"; nick = "BOPM"; realname = "Open Proxy Scanner"; username = "scan"; server = "irc.yournet.org"; port = 6667; #password = "password"; #nickserv = "PRIVMSG NickServ :identify password"; oper = "username password"; away = "I'm a bot. Your messages will be ignored."; /* If you are using UnrealIRCd then use the configuration options below. */ mode = "+s +cF"; connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; perform = "PROTOCTL HCN"; /* If you are using IRCu then uncomment the configuration options below and comment out the three above *** Note: You must have 'F:CONNEXIT_NOTICES:TRUE' in your ircd.conf to allow opers to see connexits */ #mode = "+s 16384"; # Allows BOPM to see network-wide connexits. #connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*"; /* Visit http://wiki.blitzed.org/BOPM/FAQ for more connregex for other IRCd software. */ /* Channel configuration for BOPM */ channel { name = "#bopm"; key = "keyhere"; invite = "PRIVMSG chanserv :invite #bopm"; }; kline = "gline +*@%h 10000 :An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running."; }; OPM { /* The following blacklists are our recommendation only - We do not take responsibility for anything that might occur * as a result of you using them. If you have issues with any of the blacklists listed here please take it up with those * who run them and not ourselves. * * If you have any further blacklists you think should be listed here please contact us via email at admin@swiftbl.net */ /* http://www.dronebl.org */ blacklist { name = "dnsbl.dronebl.org"; type = "A record reply"; reply { 2 = "Sample"; 3 = "IRC Drone"; 5 = "Bottler"; 6 = "Unknown spambot or drone"; 7 = "DDOS Drone"; 8 = "SOCKS Proxy"; 9 = "HTTP Proxy"; 10 = "ProxyChain"; 13 = "Brute force attackers"; 255 = "Unknown"; }; ban_unknown = no; kline = "gline +*@%h 3000 :Your host is listed in the DroneBL. For further information visit http://dronebl.org/lookup_branded.do?ip=%i"; }; /* http://rbl.efnetrbl.org */ blacklist { name = "rbl.efnetrbl.org"; type = "A record reply"; ban_unknown = no; reply { 1 = "Open Proxy"; 2 = "spamtrap666"; 3 = "spamtrap50"; 4 = "TOR"; 5 = "Drones / Flooding"; }; kline = "gline +*@%h 3000 :Your host is listed in the EFNet RBL. For further information Visit http://rbl.efnetrbl.org/?i=%i"; }; /* http://dnsbl.swiftbl.net */ blacklist { name = "dnsbl.swiftbl.net"; type = "A record reply"; reply { 2 = "SOCKS Proxy"; 3 = "IRC Proxy"; 4 = "HTTP Proxy"; 5 = "IRC Drone"; 6 = "TOR"; }; ban_unknown = no; kline = "gline +*@%h 3000 :Your host is listed in SwiftBL. For futher information visit http://www.swiftbl.net/lookup"; }; }; scanner { name = "Default"; /* The following list of port scans have been compiled by analysing the most common open ports used by proxies that have been added to our DNSBL, and those which have connected to our network. Port scanning will never be able to detect every proxy connecting to your network as many now use random & uncommon ports. However there are still ports which are commonly used and we believe the majority of them are included below. Note: Some IRC hosts do not allow port scans to be conducted through their network regardless of the intention. Please check with your host before conducting any scans using BOPM. Be aware that scanning users on a large list of ports will severely impact the performance of your BOPM, and very often firewalls will block your scans after you have tried a certain number of ports. (Therefore you should list the port scans by how common they are). */ protocol = SOCKS5:1080; protocol = SOCKS4:1080; protocol = HTTP:8080; protocol = HTTP:80; protocol = HTTP:3128; protocol = HTTP:6588; protocol = SOCKS5:25552; protocol = SOCKS4:25552; protocol = SOCKS4:11171; protocol = SOCKS5:11171; /* Note that the following ports may not be scannable on certain machines/IPs. To ensure your network is fully protected * we advise you to make sure that your BOPM is able to scan these ports properly as they have recently become incredibly * popular and can be used in their thousands to connect to networks. */ protocol = SOCKS5:11011; protocol = SOCKS4:11011; protocol = SOCKS5:11022; protocol = SOCKS4:11022; protocol = SOCKS5:11033; protocol = SOCKS4:11033; protocol = SOCKS5:11055; protocol = SOCKS4:11055; protocol = SOCKS5:17327; protocol = SOCKS4:17327; protocol = SOCKS5:14841; protocol = SOCKS4:14841; protocol = SOCKS4:22277; protocol = SOCKS5:22277; protocol = SOCKS5:18888; protocol = SOCKS4:18888; fd = 5000; max_read = 4096; timeout = 15; /* These settings will work for scanning - Feel free to change them if you wish (be careful of false positives when using IRCd banner strings) */ target_ip = "62.212.66.68"; target_port = 6667; target_string = "swiftbl check"; }; user { mask = "*!*@*"; scanner = "Default"; }; exempt { mask = "*!*@127.0.0.1"; };