/*
Basic config for BOPM on EFnet by mofo, based on the sample configuration
Contact bopm@mofo.nl for questions/remarks/errors/suggestions.
Last modified: Sat Apr 14 01:57:00 CEST 2007
*/
options {
pidfile = "/some/path/bopm.pid"; /* CHANGE THIS */
dns_fdlimit = 64;
};
IRC {
/*
*
* The next block is for setting up the irc part.
* You do need to change this
*
*/
nick = "MyBopm";
realname = "Blitzed Open Proxy Monitor";
username = "bopm";
server = "myserver.somenetwork.org";
# password = "secret";
port = 6667;
oper = "bopm operpass";
mode = "+c";
away = "I'm a bot. Your messages will be ignored.";
channel {
name = "#bopm";
# key = "somekey";
# invite = "privmsg chanserv :invite #bopm";
};
connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
/*
*
* %n User's nick
* %u User's username
* %h User's irc hostname
* %i User's IP address
*
*/
kline = "KLINE 1440 *@%h ON * :Open Proxy found on your IP %i . Please check your system and fix it.";
};
OPM {
/*
*
* Please check the validity of using : signs in the K-line reason. If it is not supported,
* you should change the kline rules below to something without the : sign
*
*/
blacklist {
name = "cbl.abuseat.org";
type = "A record reply";
reply {
2 = "Open proxy";
};
ban_unknown = no;
kline = "KLINE 1440 *@%i :DNSBL listed. Check ircnet.com/cgi-bin/bl.cgi?ip=%i for removal.";
};
blacklist {
name = "tor.dnsbl.sectoor.de";
type = "A record reply";
reply {
1 = "Tor exit server";
};
ban_unknown = no;
kline = "KLINE 1440 *@%i :Tor exit server detected. Visit www.sectoor.de/tor.php?ip=%i for info.";
};
blacklist {
name = "torexit.dan.me.uk";
type = "A record reply";
reply {
100 = "Tor exit server";
};
ban_unknown = no;
kline = "KLINE 1440 *@%i :Tor exit server detected.";
};
blacklist {
name = "rbl.efnet.org";
type = "A record reply";
reply {
1 = "Open proxy";
2 = "Trojan spreader";
3 = "Trojan infected client";
4 = "TOR exit server";
5 = "Drones / Flooding";
};
ban_unknown = no;
kline = "KLINE 1440 *@%i :DNSBL listed. Check ircnet.com/cgi-bin/bl.cgi?ip=%i for removal.";
};
# dnsbl_from = "mybopm@myserver.org";
# dnsbl_to = "bopm@reports.blitzed.org";
# sendmail = "/usr/sbin/sendmail";
};
scanner {
name="default";
/*
*
* The next block of protocols is generated from the
* generated weekly blitzed lists and by a generated
* list of all newly found open proxies via the anal
* scans performed by the XS4ALL BOPM bots.
* The lists reflect the top hits in the period
* from 2007.01.01 - 2007.04.13
*
* If you do not want to scan at all and only check
* via the DNSBL's, you should comment all the
* protocol lines out. I highly recommend you do
* perform scans though. It's 165 in total, but it is
* a good reflection of the most basic scans a
* server should check on.
*
*/
protocol = ROUTER:23;
protocol = SOCKS4:559;
protocol = HTTPPOST:3128;
protocol = SOCKS4:1080;
protocol = SOCKS5:60088;
protocol = HTTP:8080;
protocol = SOCKS5:1182;
protocol = HTTP:3128;
protocol = HTTPPOST:8080;
protocol = SOCKS4:9999;
protocol = HTTPPOST:80;
protocol = SOCKS5:1080;
protocol = HTTP:63000;
protocol = HTTP:8000;
protocol = HTTPPOST:808;
protocol = HTTP:80;
protocol = HTTPPOST:6588;
protocol = HTTP:6588;
protocol = SOCKS5:3128;
protocol = SOCKS5:10080;
protocol = HTTPPOST:4480;
protocol = SOCKS4:6664;
protocol = SOCKS4:63808;
protocol = HTTP:6667;
protocol = SOCKS4:19991;
protocol = SOCKS4:1098;
protocol = SOCKS4:10000;
protocol = SOCKS4:4471;
protocol = HTTP:65506;
protocol = HTTP:63809;
protocol = SOCKS5:9090;
protocol = HTTP:9090;
protocol = HTTP:6668;
protocol = SOCKS4:58;
protocol = SOCKS5:58;
protocol = SOCKS4:6969;
protocol = WINGATE:23;
protocol = SOCKS5:3380;
protocol = SOCKS4:40;
protocol = SOCKS5:443;
protocol = SOCKS4:8888;
protocol = HTTPPOST:9090;
protocol = HTTP:5490;
protocol = SOCKS4:8080;
protocol = SOCKS5:6969;
protocol = SOCKS4:1026;
protocol = SOCKS4:1025;
protocol = HTTP:8888;
protocol = HTTP:6669;
protocol = HTTP:8090;
protocol = HTTP:808;
protocol = SOCKS5:1029;
protocol = SOCKS4:41080;
protocol = SOCKS5:8020;
protocol = SOCKS5:6000;
protocol = HTTPPOST:8081;
protocol = HTTP:4480;
protocol = SOCKS5:1027;
protocol = SOCKS4:1028;
protocol = HTTP:3332;
protocol = SOCKS5:8888;
protocol = SOCKS5:1028;
protocol = SOCKS4:3330;
protocol = SOCKS4:29992;
protocol = SOCKS4:1234;
protocol = SOCKS4:1029;
protocol = HTTP:5000;
protocol = HTTP:443;
protocol = SOCKS5:1813;
protocol = SOCKS5:1081;
protocol = SOCKS5:1026;
protocol = SOCKS4:1337;
protocol = SOCKS4:1050;
protocol = HTTP:1080;
protocol = SOCKS5:9999;
protocol = SOCKS5:9100;
protocol = SOCKS5:19991;
protocol = SOCKS5:1098;
protocol = SOCKS4:9100;
protocol = SOCKS4:7080;
protocol = SOCKS4:1033;
protocol = HTTP:9000;
protocol = HTTP:5800;
protocol = HTTP:5634;
protocol = HTTP:4471;
protocol = HTTP:3382;
protocol = SOCKS5:1200;
protocol = SOCKS5:1039;
protocol = SOCKS5:1025;
protocol = SOCKS4:8002;
protocol = SOCKS4:6748;
protocol = SOCKS4:44548;
protocol = SOCKS4:3380;
protocol = SOCKS4:32167;
protocol = SOCKS4:2000;
protocol = SOCKS4:1979;
protocol = SOCKS4:12654;
protocol = SOCKS4:11225;
protocol = SOCKS4:1066;
protocol = SOCKS4:1030;
protocol = SOCKS4:1027;
protocol = SOCKS4:10099;
protocol = HTTP:81;
protocol = HTTP:6665;
protocol = HTTP:6664;
protocol = HTTP:6663;
protocol = SOCKS5:8278;
protocol = SOCKS5:6748;
protocol = SOCKS5:4914;
protocol = SOCKS5:4471;
protocol = SOCKS5:29992;
protocol = SOCKS5:17235;
protocol = SOCKS5:1234;
protocol = SOCKS5:1202;
protocol = SOCKS5:1180;
protocol = SOCKS5:1075;
protocol = SOCKS5:1033;
protocol = SOCKS5:10000;
protocol = SOCKS4:8020;
protocol = SOCKS4:4044;
protocol = SOCKS4:3128;
protocol = SOCKS4:3127;
protocol = SOCKS4:28882;
protocol = SOCKS4:24973;
protocol = SOCKS4:21421;
protocol = SOCKS4:1182;
protocol = SOCKS4:1032;
protocol = SOCKS4:10242;
protocol = HTTPPOST:8089;
protocol = HTTP:8082;
protocol = HTTP:6661;
protocol = HTTP:35233;
protocol = HTTP:19991;
protocol = HTTP:1098;
protocol = HTTP:1050;
protocol = SOCKS5:9988;
protocol = SOCKS5:8080;
protocol = SOCKS5:8009;
protocol = SOCKS5:6561;
protocol = SOCKS5:24971;
protocol = SOCKS5:18844;
protocol = SOCKS5:1122;
protocol = SOCKS5:10777;
protocol = SOCKS5:1030;
protocol = SOCKS5:10130;
protocol = SOCKS5:10099;
protocol = SOCKS4:8751;
protocol = SOCKS4:8278;
protocol = SOCKS4:8111;
protocol = SOCKS4:7007;
protocol = SOCKS4:6551;
protocol = SOCKS4:5353;
protocol = SOCKS4:443;
protocol = SOCKS4:43341;
protocol = SOCKS4:3801;
protocol = SOCKS4:2280;
protocol = SOCKS4:1978;
protocol = SOCKS4:1212;
protocol = SOCKS4:1039;
protocol = SOCKS4:1031;
protocol = HTTPPOST:81;
protocol = HTTP:9988;
protocol = HTTP:7868;
protocol = HTTP:7070;
protocol = HTTP:444;
protocol = HTTP:1200;
protocol = HTTP:1039;
# vhost = "127.0.0.1";
/*
*
* Note: it is really important to have enough file descriptors
* available to the bopm process.
* Also check for enough sockets. FreeBSD users should check the
* net.inet.ip.portrange.last sysctl setting. (I've changed my
* setting to 40000)
*
*/
fd = 10000;
max_read = 4096;
timeout = 12;
/*
*
* To set up a target for your own, you can simply
* add the following line to your /etc/services:
*
* bopm 11111/tcp
*
* and then add the following line to your /etc/inetd.conf
*
* bopm stream tcp nowait nobody /bin/echo echo Proxy Check
*
* of course you can change the port and the string to
* whatever you want
*
*/
target_ip = "194.109.153.5"; /* CHANGE ME */
target_port = 6667; /* CHANGE ME */
target_string = "Proxy Check"; /* CHANGE ME */
};
user {
mask = "*!*@*";
scanner = "default";
};
exempt {
mask = "*!*@127.0.0.1";
mask = "*!*@255.255.255.255";
};