From a2db8089a084b64618a2a1b9afbb9c33a69171e2 Mon Sep 17 00:00:00 2001
From: root <root@ovyvwnkjserklcrj>
Date: Wed, 17 Mar 2021 05:59:18 +0000
Subject: [PATCH] add some blacklist to general, classes to proxydmz, updates
 to services (chanserver cs_secure default and persist)

---
 config/anope/botserv.conf               |   1 -
 config/anope/chanserv.conf              |   2 +-
 config/anope/hostserv.conf              |   1 -
 config/anope/memoserv.conf              |   1 -
 config/anope/nickserv.conf              |   4 +-
 config/anope/operserv.conf              | 398 ++++++++++--------------
 config/anope/services.conf              |  20 +-
 config/hybrid/general.deny.conf         |   2 +-
 config/hybrid/general.kill.conf         |  16 +
 config/hybrid/include/user.classes.conf |  24 ++
 config/hybrid/proxy-dmz.auth.conf       |  18 +-
 11 files changed, 233 insertions(+), 254 deletions(-)

diff --git a/config/anope/botserv.conf b/config/anope/botserv.conf
index dda53bb..3129b9f 100644
--- a/config/anope/botserv.conf
+++ b/config/anope/botserv.conf
@@ -8,7 +8,6 @@ service
   user                = "BS"
   host                = "botserv.host"
   gecos               = "Bot Service"
-  modes               = "+oRp"
   channels            = "@#services"
 }
 
diff --git a/config/anope/chanserv.conf b/config/anope/chanserv.conf
index b8a80fe..faadaa8 100644
--- a/config/anope/chanserv.conf
+++ b/config/anope/chanserv.conf
@@ -17,7 +17,7 @@ module
 {
 	name                     = "chanserv"
 	client                   = "ChanServ"
-	defaults                 = "keeptopic peace cs_keep_modes securefounder signkick secureops"
+	defaults                 = "keeptopic peace cs_keep_modes cs_secure persist securefounder signkick secureops"
 	maxregistered            = 192
 	accessmax                = 256
 	inhabit                  = 15s
diff --git a/config/anope/hostserv.conf b/config/anope/hostserv.conf
index 9262b0f..14e207b 100644
--- a/config/anope/hostserv.conf
+++ b/config/anope/hostserv.conf
@@ -9,7 +9,6 @@ service
 	user            = "HS"
 	host            = "hostserv.host"
 	gecos           = "vHost Service"
-	modes           = "+oDRp"
 	channels        = "@#services"
 }
 
diff --git a/config/anope/memoserv.conf b/config/anope/memoserv.conf
index 79e3af0..26e442a 100644
--- a/config/anope/memoserv.conf
+++ b/config/anope/memoserv.conf
@@ -8,7 +8,6 @@ service
 	user       = "MS"
 	host       = "memoserv.host"
 	gecos      = "Memo Service"
-	modes      = "+oDR"
 	channels   = "@#services"
 }
 
diff --git a/config/anope/nickserv.conf b/config/anope/nickserv.conf
index c5a6c7b..020c905 100644
--- a/config/anope/nickserv.conf
+++ b/config/anope/nickserv.conf
@@ -4,7 +4,6 @@ service
 	user                 = "NS"
 	host                 = "nickserv.host"
 	gecos                = "Nickname Registration Service"
-	modes                = "+oDp"
 	channels             = "@#services"
 }
 
@@ -14,12 +13,11 @@ module
 	client               = "NickServ"
 	forceemail           = no
 	confirmemailchanges  = no
-	unregistered_notice  = "Use /msg NICKSERV REGISTER <password> to claim this an account with this nickname or /msg NICKSERV LOGIN to use your existing account"
+	unregistered_notice  = "Use /msg NICKSERV REGISTER <password> to claim an account with this nickname or /msg NICKSERV LOGIN to use your existing account"
 	defaults             = "ns_private hide_email hide_mask memo_signon memo_receive memo_mail autoop ns_keep_modes"
 	regdelay             = 1d
 	secureadmins         = yes
 	modeonid             = yes
-	modesonid            = "+R"
   expire               = 3650d
 	hidenetsplitquit     = no
   killquick            = 20s
diff --git a/config/anope/operserv.conf b/config/anope/operserv.conf
index 753df4b..28cf9bb 100644
--- a/config/anope/operserv.conf
+++ b/config/anope/operserv.conf
@@ -1,5 +1,5 @@
 /*
- * example configuration at https://github.com/anope/anope/blob/2.0/data/example.conf                                                                          
+ * example configuration at https://github.com/anope/anope/blob/2.0/data/example.conf                         
  */
 
 service
@@ -8,7 +8,7 @@ service
   user                    = "OS"
   host                    = "operserv.host"
   gecos                   = "Operator Service"
-  modes                   = "+DGRop"
+  #modes                   = "+Rop"
   channels                = "@#services,@#oper"
 }
 
@@ -28,326 +28,254 @@ module
   opersonly               = no
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "HELP";
-  command                 = "generic/help";
-}
 
 
 module {
   name                    = "os_akill";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "AKILL";
-  command                 = "operserv/akill";
-  permission              = "operserv/akill";
+module {
+  name                    = "os_config";
 }
 
 module {
   name                    = "os_chankill";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "CHANKILL";
-  command                 = "operserv/chankill";
-  permission              = "operserv/chankill";
-}
-
 module {
   name                    = "os_forbid";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "FORBID";
-  command                 = "operserv/forbid";
-  permission              = "operserv/forbid";
-}
-
 module {
   name                    = "os_ignore";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "IGNORE";
-  command                 = "operserv/ignore";
-  permission              = "operserv/ignore";
-}
-
 module {
   name                    = "os_info";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "INFO";
-  command                 = "operserv/info";
-  permission              = "operserv/info";
-}
-
 module {
   name                    = "os_jupe";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "JUPE";
-  command                 = "operserv/jupe";
-  permission              = "operserv/jupe";
-}
-
 module {
   name                    = "os_kick";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "KICK";
-  command                 = "operserv/kick";
-  permission              = "operserv/kick";
-}
-
 module {
   name                    = "os_kill";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "KILL";
-  command                 = "operserv/kill";
-  permission              = "operserv/kill";
-}
-
 module {
   name                    = "os_list"
 }
 
-/*
- * os_login
- *
- * Provides the commands operserv/login and operserv/logout.
- *
- * Used to login to OperServ, only required if your oper block requires this.
- */
-module { name = "os_login" }
-command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; }
-command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; }
-
-command {
-  service                 = "OperServ";
-  name                    = "CHANLIST";
-  command                 = "operserv/chanlist";
-  permission              = "operserv/chanlist";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "USERLIST";
-  command                 = "operserv/userlist";
-  permission              = "operserv/userlist";
-}
-
 module {
   name                    = "os_mode";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "UMODE";
-  command                 = "operserv/umode";
-  permission              = "operserv/umode";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "MODE";
-  command                 = "operserv/mode";
-  permission              = "operserv/mode";
-}
-
 module {
   name                    = "os_modinfo"
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "MODINFO";
-  command                 = "operserv/modinfo";
-  permission              = "operserv/modinfo";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "MODLIST";
-  command                 = "operserv/modlist";
-  permission              = "operserv/modinfo";
-}
-
 module
 {
   name                    = "os_news"
-  announcer               = "Global"
-  oper_announcer          = "OperServ"
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "LOGONNEWS";
-  command                 = "operserv/logonnews";
-  permission              = "operserv/news";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "OPERNEWS";
-  command                 = "operserv/opernews";
-  permission              = "operserv/news";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "RANDOMNEWS";
-  command                 = "operserv/randomnews";
-  permission              = "operserv/news";
+  announcer               = "n00z3"
+  oper_announcer          = "r00t"
 }
 
 module {
   name                    = "os_oper";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "OPER";
-  command                 = "operserv/oper";
-  permission              = "operserv/oper";
-}
-
 module {
   name                    = "os_reload";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "RELOAD";
-  command                 = "operserv/reload";
-  permission              = "operserv/reload";
-}
-
-module
-{
-  name                    = "os_session"
-  defaultsessionlimit     = 8
-  maxsessionlimit         = 16
-  sessionlimitexceeded    = "Oper session limit for your IP %IP% has been exceeded"
-  maxsessionkill          = 3
-  sessionautokillexpiry   = 30m
-  session_ipv4_cidr       = 32
-  session_ipv6_cidr       = 128
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "EXCEPTION";
-  command                 = "operserv/exception";
-  permission              = "operserv/exception";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "SESSION";
-  command                 = "operserv/session";
-  permission              = "operserv/session";
-}
-
 module
 {
   name                    = "os_set"
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "SET";
-  command                 = "operserv/set";
-  permission              = "operserv/set";
-}
-
 module {
   name                    = "os_shutdown"
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "SHUTDOWN";
-  command                 = "operserv/shutdown";
-  permission              = "operserv/shutdown";
-}
-
 module {
   name                    = "os_stats";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "STATS";
-  command                 = "operserv/stats";
-  permission              = "operserv/stats";
-}
-
 module {
   name                    = "os_svs"
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "SVSNICK";
-  command                 = "operserv/svsnick";
-  permission              = "operserv/svs";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "SVSJOIN";
-  command                 = "operserv/svsjoin";
-  permission              = "operserv/svs";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "SVSPART";
-  command                 = "operserv/svspart";
-  permission              = "operserv/svs";
-}
-
 module {
   name                    = "os_sxline";
 }
 
-command {
-  service                 = "OperServ";
-  name                    = "SNLINE";
-  command                 = "operserv/snline";
-  permission              = "operserv/snline";
-}
-
-command {
-  service                 = "OperServ";
-  name                    = "SQLINE";
-  command                 = "operserv/sqline";
-  permission              = "operserv/sqline";
-}
-
 module {
   name                    = "os_update";
 }
 
-command {
-  service                 = "OperServ";
+fantasy {
+  name                    = "AKILL";
+  command                 = "operserv/akill";
+  prepend_channel         = false;
+  permission              = "operserv/akill";
+}
+
+fantasy {
+  name                    = "CONFIG";
+  command                 = "operserv/config";
+  prepend_channel         = false;
+  permission              = "operserv/config";
+}
+
+
+fantasy {
+  name                    = "CHANKILL";
+  command                 = "operserv/chankill";
+  prepend_channel         = false;
+  permission              = "operserv/chankill";
+}
+
+fantasy {
+  name                    = "EXCEPTION";
+  command                 = "operserv/exception";
+  prepend_channel         = false;
+  permission              = "operserv/exception";
+}
+
+fantasy {
+  name                    = "FORBID";
+  command                 = "operserv/forbid";
+  prepend_channel         = false;
+  permission              = "operserv/forbid";
+}
+
+fantasy {
+  name                    = "JUPE";
+  command                 = "operserv/jupe";
+  prepend_channel         = false;
+  permission              = "operserv/jupe";
+}
+
+fantasy {
+  name                    = "KILL";
+  command                 = "operserv/kill";
+  prepend_channel         = false;
+  permission              = "operserv/kill";
+}
+
+fantasy {
+  name                    = "LOGONNEWS";
+  command                 = "operserv/logonnews";
+  prepend_channel         = false;
+  permission              = "operserv/logonnews";
+}
+
+fantasy {
+  name                    = "O_MODE";
+  command                 = "operserv/mode";
+  prepend_channel         = false;
+  permission              = "operserv/mode";
+}
+
+fantasy {
+  name                    = "NEWS";
+  command                 = "operserv/news";
+  prepend_channel         = false;
+  permission              = "operserv/news";
+}
+
+fantasy {
+  name                    = "OPER";
+  command                 = "operserv/oper";
+  prepend_channel         = false;
+  permission              = "operserv/oper";
+}
+
+fantasy {
+  name                    = "OPERNEWS";
+  command                 = "operserv/opernews";
+  prepend_channel         = false;
+  permission              = "operserv/opernews";
+}
+
+fantasy {
+  name                    = "RANDOMNEWS";
+  command                 = "operserv/randomnews";
+  prepend_channel         = false;
+  permission              = "operserv/randomnews";
+}
+
+fantasy {
+  name                    = "RELOAD";
+  command                 = "operserv/reload";
+  prepend_channel         = false;
+  permission              = "operserv/reload";
+}
+
+fantasy {
+  name                    = "SET";
+  command                 = "operserv/set";
+  prepend_channel         = false;
+  permission              = "operserv/set";
+}
+
+fantasy {
+  name                    = "SNLINE";
+  command                 = "operserv/snline";
+  prepend_channel         = false;
+  permission              = "operserv/snline";
+}
+
+fantasy {
+  name                    = "SQLINE";
+  command                 = "operserv/sqline";
+  prepend_channel         = false;
+  permission              = "operserv/sqline";
+}
+
+fantasy {
+  name                    = "SVSJOIN";
+  command                 = "operserv/svsjoin";
+  prepend_channel         = false;
+  permission              = "operserv/svsjoin";
+}
+
+fantasy {
+  name                    = "SVSNICK";
+  command                 = "operserv/svsnick";
+  prepend_channel         = false;
+  permission              = "operserv/svsnick";
+}
+
+fantasy {
+  name                    = "SVSPART";
+  command                 = "operserv/svspart";
+  prepend_channel         = false;
+  permission              = "operserv/svspart";
+}
+
+fantasy {
+  name                    = "UMODE";
+  command                 = "operserv/umode";
+  prepend_channel         = false;
+  permission              = "operserv/umode";
+}
+
+fantasy {
   name                    = "UPDATE";
   command                 = "operserv/update";
+  prepend_channel         = false;
   permission              = "operserv/update";
 }
+
+fantasy {
+  name                    = "USERLIST";
+  command                 = "operserv/userlist";
+  prepend_channel         = false;
+  permission              = "operserv/userlist";
+}
\ No newline at end of file
diff --git a/config/anope/services.conf b/config/anope/services.conf
index 39e5013..bcbc984 100644
--- a/config/anope/services.conf
+++ b/config/anope/services.conf
@@ -98,7 +98,7 @@ options
 	badpasslimit              = 5;
 	badpasstimeout            = 1h;
 	updatetimeout             = 5m;
-        hidestatso                = yes;
+  hidestatso                = yes;
 	expiretimeout             = 30m;
 	readtimeout               = 5s;
 	warningtimeout            = 4h;
@@ -191,23 +191,23 @@ opertype
 
 oper
 {
-        name                      = "sq";
-        type                      = "Services Root";
-        require_oper              = no;
+  name                      = "sq";
+  type                      = "Services Root";
+  require_oper              = no;
 }
 
 oper
 {
-        name                      = "sniff";
-        type                      = "Services Root";
-        require_oper              = no;
+  name                      = "sniff";
+  type                      = "Services Root";
+  require_oper              = no;
 }
  
 oper
 {
-        name                      = "kayos";
-        type                      = "Services Root";
-        require_oper              = no;
+  name                      = "kayos";
+  type                      = "Services Root";
+  require_oper              = no;
 }
  
 oper
diff --git a/config/hybrid/general.deny.conf b/config/hybrid/general.deny.conf
index b985d4d..e4ac6fd 100644
--- a/config/hybrid/general.deny.conf
+++ b/config/hybrid/general.deny.conf
@@ -2,4 +2,4 @@
  * https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
  */
 
-.include <hb_conf/include/deny.conf>
\ No newline at end of file
+.include <hb_conf/include/deny.conf>
diff --git a/config/hybrid/general.kill.conf b/config/hybrid/general.kill.conf
index 05327e3..6cd08a7 100644
--- a/config/hybrid/general.kill.conf
+++ b/config/hybrid/general.kill.conf
@@ -3,3 +3,19 @@
  */
 
 .include <hb_conf/include/kill.conf>
+
+
+kill {
+  user   = "*!*@109.169.29.95";
+  user   = "*!*@64.62.228.82";
+  user   = "*!*@78.129.202.38";
+  user   = "*!*@207.192.75.252";
+  user   = "*!*@*.mibbit.com";
+	reason = "mibbit users - please use the proxy-dmz to connect instead: irc.proxy.dmz.clandestine.network on port 6668 or 6698 (TLS.)";
+};
+
+kill {
+  user   = "*!*@107.161.16.0";
+  user   = "*!*@*.kiwiirc.com";
+	reason = "kiwiirc users - please use the proxy-dmz to connect instead: irc.proxy.dmz.clandestine.network on port 6668 or 6698 (TLS.)";
+};
\ No newline at end of file
diff --git a/config/hybrid/include/user.classes.conf b/config/hybrid/include/user.classes.conf
index 7cbc04b..fccfd19 100644
--- a/config/hybrid/include/user.classes.conf
+++ b/config/hybrid/include/user.classes.conf
@@ -27,6 +27,30 @@ class {
   flags                = hide_idle_from_opers;
 };
 
+class {
+	name                 = "mibbit_dmz_users";
+	ping_time            = 120 seconds;
+	number_per_ip_local  = 1024;
+	number_per_ip_global = 10240;
+	max_number           = 1024000;
+	cidr_bitlen_ipv4     = 24;
+	cidr_bitlen_ipv6     = 120;
+	number_per_cidr      = 16;
+	sendq                = 100 kbytes;
+};
+
+class {
+	name                 = "kiwiirc_dmz_users";
+	ping_time            = 120 seconds;
+	number_per_ip_local  = 1024;
+	number_per_ip_global = 10240;
+	max_number           = 1024000;
+	cidr_bitlen_ipv4     = 24;
+	cidr_bitlen_ipv6     = 120;
+	number_per_cidr      = 16;
+	sendq                = 100 kbytes;
+};
+
 class {
 	name                 = "proxy_dmz_users";
 	ping_time            = 15 seconds;
diff --git a/config/hybrid/proxy-dmz.auth.conf b/config/hybrid/proxy-dmz.auth.conf
index 6e2b885..2e5a382 100644
--- a/config/hybrid/proxy-dmz.auth.conf
+++ b/config/hybrid/proxy-dmz.auth.conf
@@ -4,9 +4,25 @@
 
 .include <hb_conf/include/auth.conf>
 
+auth {
+        spoof = "m1bb1t.dmz.n3tw3rk.1ns3cur1ty.c0rp";
+        user  = "*!*@*.mibbit.com";
+        user  = "*!*@109.169.29.95";
+        user  = "*!*@64.62.228.82";
+        user  = "*!*@78.129.202.38";
+        user  = "*!*@207.192.75.252";
+        class = "mibbit_dmz_users";
+};
+
+auth {
+        spoof = "k1w11rc.dmz.n3tw3rk.1ns3cur1ty.c0rp";
+        user  = "*!*@*.kiwiirc.com";
+        user  = "*!*@107.161.16.0";
+        class = "kiwiirc_dmz_users";
+};
+
 auth {
         spoof = "pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp";
         user  = "*@*";
         class = "proxy_dmz_users";
-
 };