Advertisement
Guest User

Untitled

a guest
Nov 20th, 2016
200
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.58 KB | None | 0 0
  1. /*
  2. * Hybrid Open Proxy Monitor - HOPM sample configuration
  3. *
  4. * Copyright (c) 2014-2016 ircd-hybrid development team
  5. *
  6. * $Id: reference.conf 7710 2016-09-26 11:43:58Z michael $
  7. */
  8.  
  9. /*
  10. * Shell style (#), C++ style (//) and C style comments are supported.
  11. *
  12. * Files may be included by either:
  13. * .include "filename"
  14. * .include <filename>
  15. *
  16. * Times/durations are written as:
  17. * 12 hours 30 minutes 1 second
  18. *
  19. * Valid units of time:
  20. * year, month, week, day, hour, minute, second
  21. *
  22. * Valid units of size:
  23. * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
  24. *
  25. * Sizes and times may be singular or plural.
  26. */
  27.  
  28. options {
  29. /*
  30. * Full path and filename for storing the process ID of the running
  31. * HOPM.
  32. */
  33. pidfile = "var/run/hopm.pid";
  34.  
  35. /*
  36. * Maximum commands to queue. Set to 0 if you don't want HOPM
  37. * to process commands.
  38. */
  39. command_queue_size = 64;
  40.  
  41. /*
  42. * Interval to check command queue for timed out commands.
  43. */
  44. command_interval = 10 seconds;
  45.  
  46. /*
  47. * Timeout of commands.
  48. */
  49. command_timeout = 180 seconds;
  50.  
  51. /*
  52. * How long to store the IP address of hosts which are confirmed
  53. * (by previous scans) to be secure. New users from these
  54. * IP addresses will not be scanned again until this amount of time
  55. * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
  56. * DIRECTIVE, but it is provided due to demand.
  57. *
  58. * The main reason for not using this feature is that anyone capable
  59. * of running a proxy can get abusers onto your network - all they
  60. * need do is shut the proxy down, connect themselves, restart the
  61. * proxy, and tell their friends to come flood.
  62. *
  63. * Keep this directive commented out to disable negative caching.
  64. */
  65. # negcache = 1 hour;
  66.  
  67. /*
  68. * How long between rebuilds of the negative cache. The negcache
  69. * is only rebuilt to free up memory used by entries that are too old.
  70. * You probably don't need to tweak this unless you have huge amounts
  71. * of people connecting (hundreds per minute). Default is 12 hours.
  72. */
  73. negcache_rebuild = 12 hours;
  74.  
  75. /*
  76. * Amount of file descriptors to allocate to asynchronous DNS. 64
  77. * should be plenty for almost anyone.
  78. */
  79. dns_fdlimit = 64;
  80.  
  81. /*
  82. * Amount of time the resolver waits until a response is received
  83. * from a name server.
  84. */
  85. dns_timeout = 5 seconds;
  86.  
  87. /*
  88. * Put the full path and filename of a logfile here if you wish to log
  89. * every scan done. Normally HOPM only logs successfully detected
  90. * proxies in the hopm.log, but you may get abuse reports to your ISP
  91. * about portscanning. Being able to show that it was HOPM that did
  92. * the scan in question can be useful. Leave commented for no
  93. * logging.
  94. */
  95. # scanlog = "var/log/scan.log";
  96. };
  97.  
  98.  
  99. irc {
  100. /*
  101. * IP address to bind to for the IRC connection. You only need to
  102. * use this if you wish HOPM to use a particular interface
  103. * (virtual host, IP alias, ...) when connecting to the IRC server.
  104. * There is another "vhost" setting in the scan {} block below for
  105. * the actual portscans. Note that this directive expects an IP address,
  106. * not a hostname. Please leave this commented out if you do not
  107. * understand what it does, as most people don't need it.
  108. */
  109. # vhost = "0.0.0.0";
  110.  
  111. /*
  112. * Nickname for HOPM to use.
  113. */
  114. nick = "fly-opm";
  115.  
  116. /*
  117. * Text to appear in the "realname" field of HOPM's /whois output.
  118. */
  119. realname = "Hybrid Open Proxy Monitor";
  120.  
  121. /*
  122. * If you don't have an identd running, what username to use.
  123. */
  124. username = "hopm";
  125.  
  126. /*
  127. * Hostname (or IP address) of the IRC server which HOPM will monitor
  128. * connections on. IPv6 is now supported.
  129. */
  130. server = "81.2.212.111";
  131.  
  132. /*
  133. * Password used to connect to the IRC server (PASS)
  134. */
  135. password = "myspoof-password";
  136.  
  137. /*
  138. * Port of the above server to connect to. This is what HOPM uses to
  139. * get onto IRC itself, it is nothing to do with what ports/protocols
  140. * are scanned, nor do you need to list every port your ircd listens
  141. * on.
  142. */
  143. port = 6667;
  144.  
  145. /*
  146. * Defines time in which bot will timeout if no data is received
  147. */
  148. readtimeout = 15 minutes;
  149.  
  150. /*
  151. * Interval in how often we try to reconnect to the IRC server
  152. */
  153. reconnectinterval = 30 seconds;
  154.  
  155. /*
  156. * Command to execute to identify to NickServ (if your network uses
  157. * it). This is the raw IRC command text, and the below example
  158. * corresponds to "/msg nickserv identify password" in a client. If
  159. * you don't understand, just edit "password" in the line below to be
  160. * your HOPM's nick password. Leave commented out if you don't need
  161. * to identify to NickServ.
  162. */
  163. # nickserv = "NS IDENTIFY password";
  164.  
  165. /*
  166. * The username and password needed for HOPM to oper up.
  167. */
  168. oper = "fly-opm my-operpassword";
  169.  
  170. /*
  171. * Mode string that HOPM needs to set on itself as soon as it opers
  172. * up. This needs to include the mode for seeing connection notices,
  173. * otherwise HOPM won't scan anyone (that's usually umode +c).
  174. */
  175. mode = "+c";
  176.  
  177. /*
  178. * If this is set then HOPM will use it as an /away message as soon as
  179. * it connects.
  180. */
  181. away = "I'm a bot. Your messages will be ignored.";
  182.  
  183. /*
  184. * Info about channels you wish HOPM to join in order to accept
  185. * commands. HOPM will also print messages in these channels every
  186. * time it detects a proxy. Only IRC operators can command HOPM to do
  187. * anything, but some of the things HOPM reports to these channels
  188. * could be considered sensitive, so it's best not to put HOPM into
  189. * public channels.
  190. */
  191. channel {
  192. /*
  193. * Channel name. Local ("&") channels are supported if your ircd
  194. * supports them.
  195. */
  196. name = "#opm";
  197.  
  198. /*
  199. * If HOPM will need to use a key to enter this channel, this is
  200. * where you specify it.
  201. */
  202. # key = "somekey";
  203.  
  204. /*
  205. * If you use ChanServ then maybe you want to set the channel
  206. * invite-only and have each HOPM do "/msg ChanServ invite" to get
  207. * itself in. Leave commented if you don't, or if this makes no
  208. * sense to you.
  209. */
  210. # invite = "CS INVITE #opm";
  211. };
  212.  
  213. /*
  214. * You can define a bunch of channels if you want:
  215. *
  216. * channel { name = "#other"; }; channel { name= "#channel"; }
  217. */
  218.  
  219. /*
  220. * connregex is a POSIX regular expression used to parse connection
  221. * notices from the ircd. The complexity of the expression should
  222. * be kept to a minimum.
  223. *
  224. * Items in order MUST be: nick user host IP
  225. *
  226. * HOPM will not work with ircds which do not send an IP address in the
  227. * connection notice.
  228. *
  229. * This is fairly complicated stuff, and the consequences of getting
  230. * it wrong are the HOPM does not scan anyone. Unless you know
  231. * absolutely what you are doing, please just uncomment the example
  232. * below that best matches the type of ircd you use.
  233. */
  234.  
  235. /* bahamut / charybdis / ircd-hybrid / ircd-ratbox / ircu / UnrealIRCd 3.2.x (in HCN mode) */
  236. connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
  237.  
  238. /* ircd-hybrid with far connect notices (user mode +F) to scan clients on remote servers */
  239. # connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
  240.  
  241. /* UnrealIRCd 4.0.x */
  242. # connregex = "\\*\\*\\* Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
  243.  
  244. /* InspIRCd */
  245. # connregex = "\\*\\*\\* .*CONNECT: Client connecting.*: ([^ ]+)!([^@]+)@([^\\)]+) \\(([0-9\\.]+)\\) \\[.*\\]";
  246.  
  247. /* ngIRCd */
  248. # connregex = "Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
  249.  
  250. /*
  251. * "kline" controls the command used when an open proxy is confirmed.
  252. * We suggest applying a temporary (no more than a few hours) KLINE on the host.
  253. *
  254. * <WARNING>
  255. * Make sure if you need to change this string you also change the
  256. * kline command for every DNSBL you enable below.
  257. *
  258. * Also note that some servers do not allow you to include ':' characters
  259. * inside the KLINE message (e.g. for a http:// address).
  260. *
  261. * Users rewriting this message into something that isn't even a valid
  262. * IRC command is the single most common cause of support requests and
  263. * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE
  264. * KLINE COMMANDS BELOW.
  265. * </WARNING>
  266. *
  267. * That said, should you wish to customise this text, several
  268. * printf-like placeholders are available:
  269. *
  270. * %n User's nick
  271. * %u User's username
  272. * %h User's irc hostname
  273. * %i User's IP address
  274. * %t Protocol type which has triggered a positive scan
  275. */
  276. kline = "KLINE 1440 *@%h :Open proxy found on your host.";
  277.  
  278. /* A GLINE example for ircu */
  279. # kline = "GLINE +*@%i 1800 :Open proxy found on your host.";
  280.  
  281. /*
  282. * An AKILL example for services with OperServ. Your HOPM must have permission to
  283. * AKILL for this to work!
  284. */
  285. # kline = "OS AKILL ADD +3h *@%h Open proxy found on your host.";
  286.  
  287. /*
  288. * Text to send on connection, these can be stacked and will be sent in this order.
  289. *
  290. * !!! UNREAL USERS PLEASE NOTE !!!
  291. * Unreal users will need PROTOCTL HCN to force hybrid connect
  292. * notices.
  293. *
  294. * Yes Unreal users! That means you! That means you need the line
  295. * below! See that thing at the start of the line? That's what we
  296. * call a comment! Remove it to UNcomment the line.
  297. *
  298. * Note that this is no longer needed as of UnrealIRCd 4.0.0.
  299. */
  300. # perform = "PROTOCTL HCN";
  301.  
  302. /*
  303. * Text to send, via NOTICE, immediately when a new client connects. These can be
  304. * stacked and will be sent in this order.
  305. */
  306. # notice = "You are now being scanned for open proxies. If you have nothing to hide, you have nothing to fear.";
  307. };
  308.  
  309.  
  310. /*
  311. * OPM Block defines blacklists and information required to report new proxies
  312. * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
  313. * file. There are several blacklist that list IP addresses known to be open
  314. * proxies or other forms of IRC abuse. By checking against these blacklists,
  315. * HOPMs are able to ban known sources of abuse without completely scanning them.
  316. */
  317. opm {
  318. /*
  319. * Blacklist zones to check IPs against. If you would rather not
  320. * trust a remotely managed blacklist, you could set up your own, or
  321. * leave these commented out in which case every user will be
  322. * scanned. The use of at least one open proxy DNSBL is recommended
  323. * however.
  324. *
  325. * Please check the policies of each blacklist you use to check you
  326. * are comfortable with using them to block access to your server
  327. * (and that you are allowed to use them).
  328. */
  329.  
  330.  
  331. /* dnsbl.dronebl.org - http://dronebl.org */
  332. blacklist {
  333. /* The DNS name of the blacklist */
  334. name = "dnsbl.dronebl.org";
  335.  
  336. /*
  337. * There are only two values that are valid for this
  338. * "A record bitmask" and "A record reply"
  339. * These options affect how the values specified to reply
  340. * below will be interpreted, a bitmask is where the reply
  341. * values are 2^n and more than one is added up, a reply is
  342. * simply where the last octet of the IP address is that number.
  343. * If you are not sure then the values set for dnsbl.dronebl.org
  344. * will work without any changes.
  345. */
  346. type = "A record reply";
  347.  
  348. /*
  349. * Kline types not listed in the reply list below.
  350. *
  351. * For DNSBLs that are not IRC specific and you just wish to kline
  352. * certain types this can be enabled/disabled.
  353. */
  354. ban_unknown = yes;
  355.  
  356. /*
  357. * The actual values returned by the dnsbl.dronebl.org blacklist as
  358. * documented at http://dronebl.org/docs/howtouse
  359. */
  360. reply {
  361. 2 = "Sample";
  362. 3 = "IRC Drone";
  363. 5 = "Bottler";
  364. 6 = "Unknown spambot or drone";
  365. 7 = "DDOS Drone";
  366. 8 = "SOCKS Proxy";
  367. 9 = "HTTP Proxy";
  368. 10 = "ProxyChain";
  369. 13 = "Brute force attackers";
  370. 14 = "Open Wingate Proxy";
  371. 15 = "Compromised router / gateway";
  372. 17 = "Automatically determined botnet IPs (experimental)";
  373. 255 = "Unknown";
  374. };
  375.  
  376. /*
  377. * The kline message sent for this specific blacklist, remember to put
  378. * the removal method in this.
  379. */
  380. kline = "KLINE 1440 *@%h :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=Allnetwork";
  381. };
  382.  
  383.  
  384. /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */
  385. # blacklist {
  386. # name = "tor.dnsbl.sectoor.de";
  387. # type = "A record reply";
  388. # ban_unknown = no;
  389.  
  390. # reply {
  391. # 1 = "Tor exit server";
  392. # };
  393.  
  394. # kline = "KLINE 180 *@%h :Tor exit server detected. For more information, visit http://www.sectoor.de/tor.php?ip=%i";
  395. # };
  396.  
  397. /* rbl.efnetrbl.org - http://rbl.efnetrbl.org/ */
  398. blacklist {
  399. name = "rbl.efnetrbl.org";
  400. type = "A record reply";
  401. ban_unknown = yes;
  402.  
  403. reply {
  404. 1 = "Open proxy";
  405. 2 = "spamtrap666";
  406. 3 = "spamtrap50";
  407. 4 = "TOR";
  408. 5 = "Drones / Flooding";
  409. };
  410.  
  411. kline = "KLINE 1440 *@%h :Blacklisted proxy found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
  412. };
  413.  
  414.  
  415.  
  416. /* tor.efnetrbl.org - http://rbl.efnetrbl.org/ */
  417. # blacklist {
  418. # name = "tor.efnetrbl.org";
  419. # type = "A record reply";
  420. # ban_unknown = no;
  421.  
  422. # reply {
  423. # 1 = "TOR";
  424. # };
  425.  
  426. # kline = "KLINE 180 *@%h :TOR exit node found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
  427. # };
  428.  
  429. /*
  430. * You can report the insecure proxies you find to a DNSBL also!
  431. * The remaining directives in this section are only needed if you
  432. * intend to do this. Reports are sent by email, one email per IP
  433. * address. The format does support multiple addresses in one email,
  434. * but we don't know of any servers that are detecting enough insecure
  435. * proxies for this to be really necessary.
  436. */
  437.  
  438. /*
  439. * Email address to send reports FROM. If you intend to send reports,
  440. * please pick an email address that we can actually send mail to
  441. * should we ever need to contact you.
  442. */
  443. # dnsbl_from = "mybopm@myserver.org";
  444.  
  445. /*
  446. * Email address to send reports TO.
  447. * For example DroneBL:
  448. */
  449. # dnsbl_to = "bopm-report@dronebl.org";
  450.  
  451. /*
  452. * Full path to your sendmail binary. Even if your system does not
  453. * use sendmail, it probably does have a binary called "sendmail"
  454. * present in /usr/sbin or /usr/lib. If you don't set this, no
  455. * proxies will be reported.
  456. */
  457. # sendmail = "/usr/sbin/sendmail";
  458. #};
  459.  
  460.  
  461. /*
  462. * The short explanation:
  463. *
  464. * This is where you define what ports/protocols to check for. You can have
  465. * multiple scanner blocks and then choose which users will get scanned by
  466. * which scanners further down.
  467. *
  468. * The long explanation:
  469. *
  470. * Scanner defines a virtual scanner. For each user being scanned, a scanner
  471. * will use a file descriptor (and subsequent connection) for each protocol.
  472. * Once connecting it will negotiate the proxy to connect to
  473. * target_ip:target_port (target_ip MUST be an IP address).
  474. *
  475. * Once connected, any data passed through the proxy will be checked to see if
  476. * target_string is contained within that data. If it is the proxy is
  477. * considered open. If the connection is closed at any point before
  478. * target_string is matched, or if at least max_read bytes are read from the
  479. * connection, the negotiation is considered failed.
  480. */
  481. scanner {
  482. /*
  483. * Unique name of this scanner. This is used further down in the
  484. * user {} blocks to decide which users get affected by which
  485. * scanners.
  486. */
  487. name = "default";
  488.  
  489. /*
  490. * HTTP CONNECT - very common proxy protocol supported by widely known
  491. * software such as Squid and Apache. The most common sort of
  492. * insecure proxy and found on a multitude of weird ports too. Offers
  493. * transparent two way TCP connections.
  494. */
  495. # protocol = HTTP:80;
  496. # protocol = HTTP:8080;
  497. # protocol = HTTP:3128;
  498. protocol = HTTP:6588;
  499.  
  500. /*
  501. * The SSL/TLS variant of HTTP
  502. */
  503. # protocol = HTTPS:443;
  504. # protocol = HTTPS:8443;
  505.  
  506. /*
  507. * SOCKS4/5 - well known proxy protocols, probably the second most
  508. * common for insecure proxies, also offers transparent two way TCP
  509. * connections. Fortunately largely confined to port 1080.
  510. */
  511. # protocol = SOCKS4:1080;
  512. # protocol = SOCKS5:1080;
  513.  
  514. /*
  515. * Cisco routers with a default password (yes, it really does happen).
  516. * Also pretty much anything else that will let you telnet to anywhere
  517. * else on the Internet. Fortunately these are always on port 23.
  518. */
  519. # protocol = ROUTER:23;
  520.  
  521. /*
  522. * WinGate is commercial windows proxy software which is now not so
  523. * common, but still to be found, and helpfully presents an interface
  524. * that can be used to telnet out, on port 23.
  525. */
  526. # protocol = WINGATE:23;
  527.  
  528. /*
  529. * Dreambox DVB receivers with a default password allowing
  530. * full root access to telnet or install bouncers.
  531. */
  532. # protocol = DREAMBOX:23;
  533.  
  534. /*
  535. * The HTTP POST protocol, often dismissed when writing the access
  536. * controls for proxies, but sadly can still be used to abused.
  537. * Offers only the opportunity to send a single block of data, but
  538. * enough of them at once can still make for a devastating flood.
  539. * Found on the same ports that HTTP CONNECT proxies inhabit.
  540. *
  541. * Note that if your ircd has "ping cookies" then clients from HTTP
  542. * POST proxies cannot actually ever get onto your network anyway. If
  543. * you leave the checks in then you'll still find some (because some
  544. * people IRC from boxes that run them), but if you use HOPM purely as
  545. * a protective measure and you have ping cookies, you need not scan
  546. * for HTTP POST.
  547. */
  548. # protocol = HTTPPOST:80;
  549.  
  550. /*
  551. * The SSL/TLS variant of HTTPPOST
  552. */
  553. # protocol = HTTPSPOST:443;
  554. # protocol = HTTPSPOST:8443;
  555.  
  556. /*
  557. * IP address this scanner will bind to. Use this if you need your scans to
  558. * come FROM a particular interface on the machine you run HOPM from.
  559. * If you don't understand what this means, please leave this
  560. * commented out, as this is a major source of support queries!
  561. */
  562. # vhost = "127.0.0.1";
  563.  
  564. /*
  565. * Maximum file descriptors this scanner can use. Remember that there
  566. * will be one FD for each protocol listed above. As this example
  567. * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
  568. * limit, this scanner can be used on 64 users _at the same time_.
  569. * That should be adequate for most servers.
  570. */
  571. fd = 512;
  572.  
  573. /*
  574. * Maximum data read from a proxy before considering it closed. Don't
  575. * set this too high, some people have fun setting up lots of ports
  576. * that send endless data to tie up your scanner. 4KB is plenty for
  577. * any known proxy.
  578. */
  579. max_read = 4 kbytes;
  580.  
  581. /*
  582. * Amount of time before a test is considered timed out.
  583. * Again, all but the poorest slowest proxies will be detected within
  584. * 30 seconds, and this helps keep resource usage low.
  585. */
  586. timeout = 30 seconds;
  587.  
  588. /*
  589. * Target IP to tell the proxy to connect to
  590. *
  591. * !!! THIS MUST BE CHANGED !!!
  592. *
  593. * You cannot instruct the proxy to connect to itself! The easiest
  594. * thing to do would be to set this to the IP address of your ircd
  595. * and then keep the default target_strings.
  596. *
  597. * Please use an IP address that is publically reachable from anywhere
  598. * on the Internet, because you have no way of knowing where the insecure
  599. * proxies will be located. Just because you and your HOPM can
  600. * connect to your ircd on some private IP address like 192.168.0.1,
  601. * does not mean that the insecure proxies out there on the Internet will be
  602. * able to. And if they never connect, you will never detect them.
  603. *
  604. * Remember to change this setting for every scanner you configure.
  605. */
  606. target_ip = "81.2.212.111";
  607.  
  608. /*
  609. * Target port to tell the proxy to connect to. This is usually
  610. * something like 6667. Basically any client-usable port.
  611. */
  612. target_port = 6667;
  613.  
  614. /*
  615. * Target string we check for in the data read back by the scanner.
  616. * This should be some string out of the data that your ircd usually
  617. * sends on connect. Multiple target strings are allowed.
  618. *
  619. * NOTE: Try to keep the number of target strings to a minimum. Two
  620. * should be fine. One for normal connections and one for throttled
  621. * connections. Comment out any others for efficiency.
  622. */
  623.  
  624. /*
  625. * Usually first line sent to client on connection to ircd.
  626. * If your ircd supports a more specific line (see below),
  627. * using it will reduce false positives.
  628. */
  629. target_string = ":fly.cz.allnetwork.org NOTICE * :*** Looking up your hostname";
  630.  
  631. /*
  632. * If you try to connect too fast, you'll be throttled by your own
  633. * ircd. Here's what a hybrid throttle message looks like:
  634. */
  635. target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
  636. };
  637.  
  638.  
  639. #scanner {
  640. # name = "extended";
  641. #
  642. # protocol = HTTP:81;
  643. # protocol = HTTP:8000;
  644. # protocol = HTTP:8001;
  645. # protocol = HTTP:8081;
  646. #
  647. # protocol = HTTPPOST:81;
  648. # protocol = HTTPPOST:6588;
  649. # protocol = HTTPPOST:4480;
  650. # protocol = HTTPPOST:8000;
  651. # protocol = HTTPPOST:8001;
  652. # protocol = HTTPPOST:8080;
  653. # protocol = HTTPPOST:8081;
  654. #
  655. # /*
  656. # * IRCnet have seen many socks5 on these ports, more than on the
  657. # * standard ports even.
  658. # */
  659. # protocol = SOCKS4:4914;
  660. # protocol = SOCKS4:6826;
  661. # protocol = SOCKS4:7198;
  662. # protocol = SOCKS4:7366;
  663. # protocol = SOCKS4:9036;
  664. #
  665. # protocol = SOCKS5:4438;
  666. # protocol = SOCKS5:5104;
  667. # protocol = SOCKS5:5113;
  668. # protocol = SOCKS5:5262;
  669. # protocol = SOCKS5:5634;
  670. # protocol = SOCKS5:6552;
  671. # protocol = SOCKS5:6561;
  672. # protocol = SOCKS5:7464;
  673. # protocol = SOCKS5:7810;
  674. # protocol = SOCKS5:8130;
  675. # protocol = SOCKS5:8148;
  676. # protocol = SOCKS5:8520;
  677. # protocol = SOCKS5:8814;
  678. # protocol = SOCKS5:9100;
  679. # protocol = SOCKS5:9186;
  680. # protocol = SOCKS5:9447;
  681. # protocol = SOCKS5:9578;
  682. # protocol = SOCKS5:10000;
  683. # protocol = SOCKS5:64101;
  684. #
  685. # /*
  686. # * These came courtsey of Keith Dunnett from a bunch of public open
  687. # * proxy lists.
  688. # */
  689. # protocol = SOCKS4:29992;
  690. # protocol = SOCKS4:38884;
  691. # protocol = SOCKS4:18844;
  692. # protocol = SOCKS4:17771;
  693. # protocol = SOCKS4:31121;
  694. #
  695. # fd = 400;
  696. #
  697. # /*
  698. # * If required you can add settings such as target_ip here
  699. # * they will override the defaults set in the first scanner
  700. # * for this and subsequent scanners defined in the config file
  701. * This affects the following options:
  702. ## * fd, vhost, target_ip, target_port, target_string, timeout and
  703. # * max_read.
  704. # */
  705. #};
  706.  
  707.  
  708. /*
  709. * User blocks define what scanners will be used to scan which hostmasks.
  710. * When a user connects they will be scanned on every scanner {} (above)
  711. * that matches their host.
  712. */
  713. user {
  714. /*
  715. * Users matching this host mask will be scanned with all the
  716. * protocols in the scanner named.
  717. */
  718. mask = "*!*@*";
  719. scanner = "default";
  720. };
  721.  
  722.  
  723.  
  724. /*
  725. * Exempt hosts matching certain strings from any form of scanning or dnsbl.
  726. * HOPM will check each string against both the hostname and the IP address of
  727. * the user.
  728. *
  729. * There are very few valid reasons to actually use "exempt". HOPM should
  730. * never get false positives, and we would like to know very much if it does.
  731. * One possible scenario is that the machine HOPM runs from is specifically
  732. * authorized to use certain hosts as proxies, and users from those hosts use
  733. * your network. In this case, without exempt, HOPM will scan these hosts,
  734. * find itself able to use them as proxies, and ban them.
  735. */
  736. exempt {
  737. mask = "*!*@127.0.0.1";
  738. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement