]>
Commit | Line | Data |
---|---|---|
57a6a101 | 1 | HOPM |
fff74239 | 2 | · |
3 | [![Latest Github release](https://img.shields.io/github/v/tag/ircd-hybrid/hopm?color=425158&style=flat-square)](https://github.com/ircd-hybrid/hopm/tags) | |
058db60e | 4 | [![Build status](https://img.shields.io/github/actions/workflow/status/ircd-hybrid/hopm/ci.yml?branch=1.1.x&color=425158&style=flat-square)](https://github.com/ircd-hybrid/ircd-hybrid/actions/workflows/ci.yml) |
fff74239 | 5 | [![Coverity scan](https://img.shields.io/coverity/scan/ircd-hybrid-hopm?color=425158&style=flat-square)](https://scan.coverity.com/projects/ircd-hybrid-hopm) |
fff74239 | 6 | ===== |
09cb6074 | 7 | HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot designed to |
4b735d83 | 8 | monitor an individual server (all servers on the network have to run their own |
310fa43b | 9 | bot if the IRCd does not support the "far connect" user mode) with a local |
4b735d83 | 10 | operator {} block and monitor connections. When a client connects to a server, |
11 | HOPM will scan the connection for insecure proxies. Insecure proxies are | |
12 | determined by attempting to connect the proxy back to another host (usually the | |
13 | IRC server in question). | |
14 | ||
15 | HOPM is written ground-up in C language and it is an improved fork of BOPM | |
09cb6074 | 16 | (blitzed open proxy monitor), which is a concept derived from wgmon. It |
3a479287 | 17 | improves on wgmon with HTTP support, faster scanning (it can scan clients |
09cb6074 | 18 | simultaneously), better layout (scalability) and DNSBL support. |
3a479287 | 19 | |
20 | ||
fff74239 | 21 | ## Requirements |
3a479287 | 22 | |
310fa43b | 23 | * An IRCd, which presents connection notices in a format, which HOPM recognizes; |
3a479287 | 24 | |
09cb6074 | 25 | * A host with full connectivity for all the ports you wish to scan. i.e. is NOT |
3fb1cb11 | 26 | transparently proxied -- many domestic internet connections have port 80 |
09cb6074 | 27 | transparently proxied and this produces completely unpredictable results, |
28 | sometimes as severe as 100% of clients being K:lined; | |
3a479287 | 29 | |
09cb6074 | 30 | * A UNIX OS with GNU make, a C99 compiler, etc.; |
3a479287 | 31 | |
fa9cb045 | 32 | * Permission from your users to portscan them for open proxies; |
33 | ||
34 | * For HTTPS proxy detection, a working LibreSSL/OpenSSL library is required. | |
3a479287 | 35 | |
36 | ||
fff74239 | 37 | ## Compatibility |
09cb6074 | 38 | |
57a6a101 | 39 | * Bahamut 2.0.x |
40 | * InspIRCd 3.5.x | |
09cb6074 | 41 | * ircd-hybrid 8.2.x |
42 | * ircd-ratbox 3.0.x | |
43 | * ircu 2.10.x | |
e496f5db | 44 | * ngIRCd 25 |
57a6a101 | 45 | * UnrealIRCd 5.0.x |
09cb6074 | 46 | |
310fa43b | 47 | HOPM is easily suitable for any other IRCd with little modification (`connregex` |
48 | in `hopm.conf`). However, if an IRCd does not send IP addresses in a connection | |
4b735d83 | 49 | notice, HOPM will not work. |
3a479287 | 50 | |
51 | ||
fff74239 | 52 | ## Command-line options |
3a479287 | 53 | |
3fb1cb11 | 54 | `-c <name>` Configuration filename. By default, HOPM reads `hopm.conf`, |
55 | `-c foo` will cause HOPM to read `foo.conf`. The primary use for | |
09cb6074 | 56 | this is to run multiple HOPM from one directory. |
3a479287 | 57 | |
3fb1cb11 | 58 | `-d` Debug mode. HOPM will not fork and will write logs to `stderr`. |
59 | Multiple `-d` increase debug level. | |
3a479287 | 60 | |
61 | ||
fff74239 | 62 | ## Operator channel commands |
3a479287 | 63 | |
09cb6074 | 64 | `<bot> check <host> [scanner]` Manually scans host for insecure proxies and |
65 | outputs all errors. If scanner is not given, | |
3fb1cb11 | 66 | HOPM will scan on all scanners. NOTE: this will |
67 | not add a kline if it finds a proxy. | |
3a479287 | 68 | |
09cb6074 | 69 | `<bot> stats` Outputs scan stats, uptime and connection count. |
3a479287 | 70 | |
09cb6074 | 71 | `<bot> fdstat` Outputs info about file descriptors in use. |
110d5e0a | 72 | |
3fb1cb11 | 73 | Also, if several HOPM are present in one channel, they will all respond to `!all`, |
09cb6074 | 74 | for example `!all stats`. |
3a479287 | 75 | |
76 | ||
fff74239 | 77 | ## Rehashing HOPM |
3a479287 | 78 | |
3fb1cb11 | 79 | A `/quote KILL` on HOPM will cause the process to restart, rehashing the |
26ddae0a | 80 | configuration file and ending all queued scans. The same can be achieved |
3fb1cb11 | 81 | with `kill -HUP` from the command line. |
3a479287 | 82 | |
83 | ||
fff74239 | 84 | ## Logging |
3a479287 | 85 | |
09cb6074 | 86 | Once started, HOPM logs all significant events to a file called `hopm.log`, |
6cca7255 | 87 | which by default can be found at `$HOME/hopm/var/log/hopm.log`. There is also a |
09cb6074 | 88 | configuration option, `scanlog`, to log all proxy scans initiated, which can be |
89 | quite useful if you receive an abuse report related to portscanning. | |
3a479287 | 90 | |
3fb1cb11 | 91 | These log files, especially the `scan.log`, can grow quite large. It is suggested |
09cb6074 | 92 | that you arrange for these files to be rotated periodically. You should send a |
93 | `USR1` signal to HOPM after moving its logfiles -- this will cause HOPM to | |
94 | reopen those files. |