Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

dfdf

By: a guest on Jul 17th, 2012  |  syntax: None  |  size: 18.64 KB  |  hits: 31  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.  
  2.     /*
  3.      * BOPM sample configuration for Blitzed Admins.  For explanations of what all
  4.      * the directives do, please see bopm.conf.sample.
  5.      *
  6.      * Most of this stuff is just suggestions.  Any setting that is required will
  7.      * be noted as such.
  8.      *
  9.      */
  10.  
  11.     options {
  12.  
  13.        pidfile = "/cygdrive/c/BOPM/bopm.pid";
  14.        dns_fdlimit = 64;
  15.        
  16.        /*
  17.         * You can use this to log ALL port scans that are done.  This is
  18.         * optional and may be useful if you ever have to deal with abuse
  19.         * reports.
  20.         */
  21.     #  scanlog = "/home/asher/bopm/scan.log";
  22.     };
  23.  
  24.  
  25.     IRC {
  26.     #  vhost = "72.20.42.118";
  27.  
  28.        /* You're required to keep to this naming scheme! */
  29.        nick = "Sw33t-Elite";
  30.  
  31.        realname = "SweetBD Open Proxy Monitor";
  32.        username = "SweetBD";
  33.        server = "10.0.0.4";
  34.  
  35.        /* It makes sense to put the nick password here so it ID's quicker. */
  36.     #  password = "secret";
  37.        port = 6660;
  38.  
  39.        /*
  40.         * Your BOPM will need a registered nick and be identified to it, to get
  41.         * into #wg. (see below)
  42.         */
  43. #       nickserv = "nickserv :identify bopm-nick-password";
  44.        oper = "KILLZONE 123456"; /* i changed the password before i post this conf in this theard */
  45.        
  46.  
  47.        /* Please use these modes, they're the only ones that make sense. */
  48.        mode = "+s +cC";
  49.        away = "I'm a bot.  Your messages will be ignored.";
  50.  
  51.        channel {
  52.           /*
  53.            * This is where all of Blitzed's BOPMs are.  The name "#wg" is left over
  54.            * from the days of dalnet's wgmon.
  55.            */
  56.           name = "#2";
  57.  
  58.           /*
  59.            * Make sure your BOPM is set to ID to its nick, and that it has access
  60.            * enough in #wg to use the chanserv invite command.  Anyone opped in #wg
  61.            * can add this access for you.
  62.            */
  63.           invite = "chanserv :invite #staff";
  64.        };
  65.  
  66.        /* Hybrid / Bahamut / Unreal (in HCN mode) */
  67.        connregex = "\\*\\*\\* CONNECT: Client connecting on port [0-9]+: ([^ ]+)!([^@]+)@([^\\)]+) \\[([0-9\\.]+)\\] \\[.*\\]";
  68.  
  69.        /*
  70.         * "kline" controls the command used when an open proxy is confirmed.
  71.         *
  72.         *  %n     User's nick
  73.         *  %u     User's username
  74.         *  %h     User's irc hostname
  75.         *  %i     User's IP address
  76.         *
  77.         * You're required to use the following kline_command:
  78.         */
  79.        kline = "ZLINE *@%i 1d :An open proxy was detected on your host. Ensure you have removed any malware from your computer and secured any proxy software running";
  80.     };
  81.  
  82.  
  83.     OPM {
  84.        /* DroneBL (see http://www.dronebl.org/howtouse.do for details) */
  85.        blacklist {
  86.           name = "dnsbl.dronebl.org";
  87.           type = "A record bitmask";
  88.           ban_unknown = no;
  89.          
  90.           reply {
  91.              2 = "Sample";
  92.              3 = "IRC Drone";
  93.              5 = "Bottler";
  94.              6 = "Unknown spambot or drone";
  95.              7 = "DDOS Drone";
  96.              8 = "SOCKS Proxy";
  97.              9 = "HTTP Proxy";
  98.              10 = "ProxyChain";
  99.              255 = "Unknown";
  100.           };
  101.           kline = "GLINE *@%i 1d :Host listed in the DroneBL. For more information visit http://dronebl.org/lookup.do?ip=%i";
  102.        };
  103.  
  104.  
  105.             blacklist {
  106.                name = "opm.tornevall.org";
  107.                type = "A record bitmask";
  108.                ban_unknown = yes;
  109.                reply {
  110.                   1 = "WinGate";
  111.                   2 = "Socks";
  112.                   4 = "HTTP";
  113.                   8 = "Router";
  114.                   16 = "HTTPPOST";
  115.                };
  116.                kline = "ZLINE *@%i 1d :Sorry, %n, Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
  117.             };
  118.              blacklist {
  119.                 name = "dnsbl.njabl.org";
  120.                 type = "A record bitmask";
  121.                 reply {
  122.                    1 = "WinGate";
  123.                    2 = "Socks";
  124.                    4 = "HTTP";
  125.                    8 = "Router";
  126.                    16 = "HTTPPOST";
  127.                 };
  128.                 ban_unknown = no;
  129.                 kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List.. www.njabl.org/cgi-bin/lookup.cgi?query=%i";
  130.             };
  131. #
  132. #            blacklist {
  133. #               name = "virbl.dnsbl.bit.nl";
  134. #               type = "A record reply";
  135. #               ban_unknown = yes;
  136. #               reply {
  137. #                  2 = "Virus";
  138. #               };
  139. #               kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our Virus List.. http://virbl.bit.nl/list.php";
  140. #            };
  141.  
  142.             blacklist {
  143.                name = "ircbl.ahbl.org";
  144.                type = "A record bitmask";
  145.                ban_unknown = yes;
  146.                reply {
  147.                   1 = "WinGate";
  148.                   2 = "Socks";
  149.                   4 = "HTTP";
  150.                   8 = "Router";
  151.                   16 = "HTTPPOST";
  152.      
  153.                };
  154.                kline = "GLINE *@%i 1d :%n, Your IP, %i, is in our DDoS/Drone/Spammer/Abuse List.. http://www.ahbl.org/tools/lookup.php?ip=%i";
  155.             };
  156.  
  157.  
  158. #
  159. #            blacklist {
  160. #               name = "tor.dnsbl.sectoor.de";
  161. #               type = "A record reply";
  162. #               reply {
  163. #                  1 = "Tor exit server";
  164. #               };
  165. #               ban_unknown = no;
  166. #               kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List.. http://www.sectoor.de/tor.php?ip=%i";
  167. #           };
  168. #
  169.  
  170.        /* rbl.efnet.org - http://rbl.efnet.org/ */
  171.        blacklist {
  172.           name = "rbl.efnet.org";
  173.           type = "A record bitmask";
  174.           reply {
  175.                   1 = "Open proxy";
  176.                   2 = "Trojan spreader";
  177.                   3 = "Trojan infected client";
  178.                   5 = "Drones / Flooding";
  179.           };
  180.           ban_unknown = no;
  181.           kline = "ZLINE *@%i 1d :Listed in rbl.efnet.org. See http://rbl.efnet.org/?i=%i";
  182.        };
  183.  
  184.             blacklist {
  185.                name = "rbl.efnetrbl.org";
  186.                type = "A record bitmask";
  187.                reply {
  188.                   1 = "WinGate";
  189.                   2 = "Socks";
  190.                   4 = "HTTP";
  191.                   8 = "Router";
  192.                   16 = "HTTPPOST";
  193.                };
  194.                ban_unknown = no;
  195.                kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our TOR Server List..  http://www.ahbl.org/tools/lookup.php?ip=%i";
  196.             };
  197.  
  198.           blacklist {
  199.                name = "dnsbl.tornevall.org";
  200.                type = "A record bitmask";
  201.                ban_unknown = no;
  202.                reply {
  203.                   1 = "WinGate";
  204.                   2 = "Socks";
  205.                   4 = "HTTP";
  206.                   8 = "Router";
  207.                   16 = "HTTPPOST";
  208.                };
  209.                kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List.. http://moensted.dk/spam/no-more-funn?addr=%i";
  210.             };
  211.  
  212. #          blacklist {
  213. #               name = "rbls.org";
  214. #               type = "A record bitmask";
  215. #               ban_unknown = no;
  216. #               reply {
  217. #                  1 = "WinGate";
  218. #                  2 = "Socks";
  219. #                  4 = "HTTP";
  220. #                  8 = "Router";
  221. #                  16 = "HTTPPOST";
  222. #               };
  223. #               kline = "GLINE *@%i 1d :%n, Your IP, %i, is in our Open Proxy List as a %t.. http://openrbl.org/cgi-bin/db?IP=%i";
  224. #            };
  225. #
  226. #    blacklist {
  227. #      name = "spbl.bl.winbots.org";
  228. #      type = "A record reply";
  229. #      ban_unknown = yes;
  230. #      reply {
  231. #        1 = "Test";
  232. #        2 = "UnderNet Spam";
  233. #        3 = "QuakeNet Spam";
  234. #        4 = "Winbots Spam";
  235. #      };
  236. #      kline = "ZLINE *@%i 1d :%n, Your IP, %i, is in our %t List.. Email cobi@winbots.org to get this resolved.";
  237. #    };
  238. #
  239. #
  240. #            blacklist {
  241. #               name = "dronebl.noderebellion.net";
  242. #               type = "A record reply";
  243. #               ban_unknown = no;
  244. #               reply {
  245. #                  3 = "IRC spam drone (litmus/sdbot)";
  246. #                  4 = "Tor anonymous proxy";
  247. #                  5 = "IRC DDoS drone (wisdom/agobot/phatbot/rxbot)";
  248. #                  10 = "Open proxy";
  249. #                  14 = "Unknown worm/bot (found in DDoS attack by dronebl user)";
  250. #                  17 = "Unknown worm/bot (found scanning NodeRebellion's IP network)";
  251. #                  19 = "Open proxy (proxychain)";
  252. #               };
  253. #               kline = "ZLINE *@%i 1d :Your IP (%i), is listed as a %t in the DroneBL, see http://www.noderebellion.net/tools/lookup/?ip=%i";
  254. #            };
  255. #
  256. #    blacklist {
  257. #            name = "tor.sectoor.de";
  258. #            type = "A record reply";
  259. #            reply {
  260. #                    1 = "tor exit server";
  261. #            };
  262. #            ban_unknown = no;
  263. #            kline = "ZLINE *@%i 1d :You are in the tor.sectoor.de DNSBL. Please visit http://www.sectoor.de/tor.php?ip=%i";
  264. #    };
  265.  
  266.  
  267.        /* You must use a real email address below (that you actually read). */
  268.        dnsbl_from = "aaa@aaa.com";
  269.  
  270.        /* Don't change this, it's already the correct address. */
  271.        dnsbl_to = "bopm-report@dronebl.org";
  272.  
  273.        /* This is usually correct. */
  274.        sendmail = "/usr/sbin/sendmail";
  275.     };
  276.  
  277.     scanner {
  278.        name = "default";
  279.  
  280.        /*
  281.         * Any user will get scanned on these protocols.  This is the top 10 list of
  282.         * protocol/ports found in our blacklist and you're required to test at
  283.         * least these.
  284.         *
  285.         * If you want to add more, ask the OPM people for some sensible
  286.         * suggestions.
  287.         */
  288.             protocol = ROUTER:23;
  289.             protocol = SOCKS4:559;
  290.             protocol = HTTPPOST:3128;
  291.             protocol = SOCKS4:1080;
  292.             protocol = HTTP:8080;
  293.             protocol = SOCKS5:1182;
  294.             protocol = HTTP:3128;
  295.             protocol = HTTPPOST:8080;
  296.             protocol = SOCKS4:9999;
  297.             protocol = HTTPPOST:80;
  298.             protocol = SOCKS5:1080;
  299.             protocol = HTTP:63000;
  300.             protocol = HTTP:8000;
  301.             protocol = HTTPPOST:808;
  302.             protocol = HTTP:80;
  303.             protocol = HTTPPOST:6588;
  304.             protocol = HTTP:6588;
  305.             protocol = SOCKS5:3128;
  306.             protocol = SOCKS5:10080;
  307.             protocol = HTTPPOST:4480;
  308.             protocol = SOCKS4:6664;
  309.             protocol = SOCKS4:63808;
  310.             protocol = HTTP:6667;
  311.             protocol = SOCKS4:19991;
  312.             protocol = SOCKS4:1098;
  313.             protocol = SOCKS4:10000;
  314.             protocol = SOCKS4:4471;
  315.             protocol = HTTP:65506;
  316.             protocol = HTTP:63809;
  317.             protocol = SOCKS5:9090;
  318.             protocol = HTTP:9090;
  319.             protocol = HTTP:6668;
  320.             protocol = SOCKS4:58;
  321.             protocol = SOCKS5:58;
  322.             protocol = SOCKS4:6969;
  323.             protocol = WINGATE:23;
  324.             protocol = SOCKS5:3380;
  325.             protocol = SOCKS4:40;
  326.             protocol = SOCKS5:443;
  327.             protocol = SOCKS4:8888;
  328.             protocol = HTTPPOST:9090;
  329.             protocol = HTTP:5490;
  330.             protocol = SOCKS4:8080;
  331.             protocol = SOCKS5:6969;
  332.             protocol = SOCKS4:1026;
  333.             protocol = SOCKS4:1025;
  334.             protocol = HTTP:8888;
  335.             protocol = HTTP:6669;
  336.             protocol = HTTP:8090;
  337.             protocol = HTTP:808;
  338.             protocol = SOCKS5:1029;
  339.             protocol = SOCKS4:41080;
  340.             protocol = SOCKS5:8020;
  341.             protocol = SOCKS5:6000;
  342.             protocol = HTTPPOST:8081;
  343.             protocol = HTTP:4480;
  344.             protocol = SOCKS5:1027;
  345.             protocol = SOCKS4:1028;
  346.             protocol = HTTP:3332;
  347.             protocol = SOCKS5:8888;
  348.             protocol = SOCKS5:1028;
  349.             protocol = SOCKS4:3330;
  350.             protocol = SOCKS4:29992;
  351.             protocol = SOCKS4:1234;
  352.             protocol = SOCKS4:1029;
  353.             protocol = HTTP:5000;
  354.             protocol = HTTP:443;
  355.             protocol = SOCKS5:1813;
  356.             protocol = SOCKS5:1081;
  357.             protocol = SOCKS5:1026;
  358.             protocol = SOCKS4:1337;
  359.             protocol = SOCKS4:1050;
  360.             protocol = HTTP:1080;
  361.             protocol = SOCKS5:9999;
  362.             protocol = SOCKS5:9100;
  363.             protocol = SOCKS5:19991;
  364.             protocol = SOCKS5:1098;
  365.             protocol = SOCKS4:9100;
  366.             protocol = SOCKS4:7080;
  367.             protocol = SOCKS4:1033;
  368.             protocol = HTTP:9000;
  369.             protocol = HTTP:5800;
  370.             protocol = HTTP:5634;
  371.             protocol = HTTP:4471;
  372.             protocol = HTTP:3382;
  373.             protocol = SOCKS5:1200;
  374.             protocol = SOCKS5:1039;
  375.             protocol = SOCKS5:1025;
  376.             protocol = SOCKS4:8002;
  377.             protocol = SOCKS4:6748;
  378.             protocol = SOCKS4:44548;
  379.             protocol = SOCKS4:3380;
  380.             protocol = SOCKS4:32167;
  381.             protocol = SOCKS4:2000;
  382.             protocol = SOCKS4:1979;
  383.             protocol = SOCKS4:12654;
  384.             protocol = SOCKS4:11225;
  385.             protocol = SOCKS4:1066;
  386.             protocol = SOCKS4:1030;
  387.             protocol = SOCKS4:1027;
  388.             protocol = SOCKS4:10099;
  389.             protocol = HTTP:81;
  390.             protocol = HTTP:6665;
  391.             protocol = HTTP:6664;
  392.             protocol = HTTP:6663;
  393.             protocol = SOCKS5:8278;
  394.             protocol = SOCKS5:6748;
  395.             protocol = SOCKS5:4914;
  396.             protocol = SOCKS5:4471;
  397.             protocol = SOCKS5:29992;
  398.             protocol = SOCKS5:17235;
  399.             protocol = SOCKS5:1234;
  400.             protocol = SOCKS5:1202;
  401.             protocol = SOCKS5:1180;
  402.             protocol = SOCKS5:1075;
  403.             protocol = SOCKS5:1033;
  404.             protocol = SOCKS5:10000;
  405.             protocol = SOCKS4:8020;
  406.             protocol = SOCKS4:4044;
  407.             protocol = SOCKS4:3128;
  408.             protocol = SOCKS4:3127;
  409.             protocol = SOCKS4:28882;
  410.             protocol = SOCKS4:24973;
  411.             protocol = SOCKS4:21421;
  412.             protocol = SOCKS4:1182;
  413.             protocol = SOCKS4:1032;
  414.             protocol = SOCKS4:10242;
  415.             protocol = HTTPPOST:8089;
  416.             protocol = HTTP:8082;
  417.             protocol = HTTP:6661;
  418.             protocol = HTTP:35233;
  419.             protocol = HTTP:19991;
  420.             protocol = HTTP:1098;
  421.             protocol = HTTP:1050;
  422.             protocol = SOCKS5:9988;
  423.             protocol = SOCKS5:8080;
  424.             protocol = SOCKS5:8009;
  425.             protocol = SOCKS5:6561;
  426.             protocol = SOCKS5:24971;
  427.             protocol = SOCKS5:18844;
  428.             protocol = SOCKS5:1122;
  429.             protocol = SOCKS5:10777;
  430.             protocol = SOCKS5:1030;
  431.             protocol = SOCKS5:10130;
  432.             protocol = SOCKS5:10099;
  433.             protocol = SOCKS4:8751;
  434.             protocol = SOCKS4:8278;
  435.             protocol = SOCKS4:8111;
  436.             protocol = SOCKS4:7007;
  437.             protocol = SOCKS4:6551;
  438.             protocol = SOCKS4:5353;
  439.             protocol = SOCKS4:443;
  440.             protocol = SOCKS4:43341;
  441.             protocol = SOCKS4:3801;
  442.             protocol = SOCKS4:2280;
  443.             protocol = SOCKS4:1978;
  444.             protocol = SOCKS4:1212;
  445.             protocol = SOCKS4:1039;
  446.             protocol = SOCKS4:1031;
  447.             protocol = HTTPPOST:81;
  448.             protocol = HTTP:9988;
  449.             protocol = HTTP:7868;
  450.             protocol = HTTP:7070;
  451.             protocol = HTTP:444;
  452.             protocol = HTTP:1200;
  453.             protocol = HTTP:1039;
  454.  
  455.  
  456.        /*
  457.         * If your ircd is running from a machine with more than one interface,
  458.         * you'll need to specify the IP to scan from here.  Particularly important
  459.         * if you're running on a shell server.
  460.         */
  461. #      vhost = "72.20.42.118";
  462.  
  463.        /* Don't bother changing these unless you know what they do. */
  464.        fd = 512;
  465.        max_read = 4096;
  466.        timeout = 30;
  467.  
  468.        /* Don't forget to change this to the public IP of your server! */
  469. #       target_ip     = "irc.mynetwork.com";
  470.  
  471.        /* This needs to be a port that is available to normal clients. */
  472. #       target_port   = 6667;
  473.  
  474.        /* Don't forget to change this to have your FULL server name here! */
  475. #       target_string = "*** Looking up your hostname...";
  476.     };
  477.  
  478.     scanner {
  479.        /*
  480.         * Here's a bunch more tests to do on "suspicious-looking" clients.  Again,
  481.         * these are the most popular ports/protocols found in our blacklist, but
  482.         * feel free to add/remove some if you know what you're doing.
  483.         */
  484.        name = "extra";
  485.  
  486.        protocol = WINGATE:1181;
  487.  
  488.        protocol = HTTP:81;
  489.        protocol = HTTP:8000;
  490.        protocol = HTTP:8001;
  491.        protocol = HTTP:8081;
  492.        protocol = HTTP:5748;
  493.        protocol = HTTP:443;
  494.  
  495.        protocol = HTTPPOST:81;
  496.        protocol = HTTPPOST:6588;
  497.        protocol = HTTPPOST:8000;
  498.        protocol = HTTPPOST:8001;
  499.        protocol = HTTPPOST:8081;
  500.  
  501.        protocol = SOCKS5:1978;
  502.        protocol = SOCKS5:10001;
  503.        protocol = SOCKS5:30021;
  504.        protocol = SOCKS5:30022;
  505.        protocol = SOCKS5:38994;
  506.        protocol = SOCKS5:15859;
  507.        protocol = SOCKS5:1027;
  508.        protocol = SOCKS5:2425;
  509.  
  510.        protocol = SOCKS4:559;
  511.        protocol = SOCKS4:29992;
  512.        protocol = SOCKS4:38884;
  513.        protocol = SOCKS4:18844;
  514.        protocol = SOCKS4:17771;
  515.        protocol = SOCKS4:31121;
  516.        protocol = SOCKS4:1182;
  517.  
  518.        protocol = ROUTER:23;
  519.  
  520.        /* Less fds are given to this scanner */
  521.        fd = 400;
  522.     };
  523.  
  524.     user {
  525.        scanner = "default";
  526.        mask = "*!*@*";
  527.     };
  528.  
  529.     user {
  530.        scanner = "extra";
  531.        /*
  532.         * If the user matches any of these masks they will get the extra scans
  533.         * too.
  534.         *
  535.         * Connections without ident will match on a vast number of connections;
  536.         * very few proxies run ident though.
  537.         */
  538.        mask = "*!~*@*";
  539.        mask = "*!squid@*";
  540.        mask = "*!nobody@*";
  541.        mask = "*!www-data@*";
  542.        mask = "*!cache@*";
  543.        mask = "*!CacheFlowS@*";
  544.        mask = "*!*@*www*";
  545.        mask = "*!*@*proxy*";
  546.        mask = "*!*@*cache*";
  547.     };
  548.  
  549.     /*
  550.      * You can use exempts to deliberately allow certain insecure proxies onto the
  551.      * network, but this should never be necessary!  Please consult BOPM people
  552.      * before using this.  If you think you have found a false positive then they
  553.      * really need to know.
  554.      */
  555.     /*
  556.     exempt {
  557.        mask = "*!*@127.0.0.1";
  558.     };
  559.     */
create a new version of this paste RAW Paste Data