202 lines
7.7 KiB
Plaintext
202 lines
7.7 KiB
Plaintext
/* full configuration file example at
|
|
* https://raw.githubusercontent.com/ircd-hybrid/hopm/master/doc/reference.conf
|
|
*/
|
|
|
|
options {
|
|
pidfile = "/dev/shm/hopm.pid";
|
|
command_queue_size = 64;
|
|
command_interval = 10 seconds;
|
|
command_timeout = 180 seconds;
|
|
negcache_rebuild = 12 hours;
|
|
dns_fdlimit = 102400;
|
|
dns_timeout = 5 seconds;
|
|
};
|
|
|
|
irc {
|
|
nick = "SCANNER_AM_NL_EU_01";
|
|
realname = "n3tw3rk 1ns3cur1ty c0rp pr0xy sc4nn3r";
|
|
username = "sc4nn3r";
|
|
server = "100.64.64.66";
|
|
port = 6868;
|
|
tls = no;
|
|
tls_hostname_verification = yes;
|
|
readtimeout = 15 minutes;
|
|
reconnectinterval = 30 seconds;
|
|
nickserv = "NS IDENTIFY password";
|
|
oper = "SCANNER password";
|
|
mode = "+cgBDfkjwisq";
|
|
away = "go msg someone else";
|
|
|
|
channel {
|
|
name = "#oper";
|
|
invite = "CS INVITE #oper";
|
|
};
|
|
|
|
connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
|
|
kline = "OS AKILL ADD +3h *@%i Open proxy found on your host. Try connecting through the proxy DMZ or Tor instead.";
|
|
notice = "dronesbl/efnetrbl/port scanning you, if you have trouble connecting please use the proxy DMZ or Tor.";
|
|
};
|
|
|
|
opm {
|
|
blacklist {
|
|
name = "dnsbl.dronebl.org";
|
|
address_family = ipv4, ipv6;
|
|
type = "A record reply";
|
|
ban_unknown = yes;
|
|
|
|
reply {
|
|
2 = "Sample data used for heuristical analysis";
|
|
3 = "IRC spam drone (litmus/sdbot/fyle)";
|
|
5 = "Bottler (experimental)";
|
|
6 = "Unknown worm or spambot";
|
|
7 = "DDoS drone";
|
|
8 = "Open SOCKS proxy";
|
|
9 = "Open HTTP proxy";
|
|
10 = "ProxyChain";
|
|
11 = "Web Page Proxy";
|
|
12 = "Open DNS Resolver";
|
|
13 = "Automated dictionary attacks";
|
|
14 = "Open WINGATE proxy";
|
|
15 = "Compromised router / gateway";
|
|
16 = "Autorooting worms";
|
|
17 = "Automatically determined botnet IPs (experimental)";
|
|
18 = "DNS/MX type hostname detected on IRC";
|
|
255 = "Uncategorized threat class";
|
|
};
|
|
kline = "KLINE 180 *@%i :You have a host listed in the DroneBL. Try connecting through the proxy DMZ or Tor instead.";
|
|
};
|
|
|
|
blacklist {
|
|
name = "rbl.efnetrbl.org";
|
|
type = "A record reply";
|
|
ban_unknown = yes;
|
|
|
|
reply {
|
|
1 = "Open proxy";
|
|
2 = "spamtrap666";
|
|
3 = "spamtrap50";
|
|
4 = "TOR";
|
|
5 = "Drones / Flooding";
|
|
};
|
|
kline = "KLINE 180 *@%i :Blacklisted proxy found. Try connecting through the proxy DMZ or Tor instead.";
|
|
};
|
|
|
|
blacklist {
|
|
name = "tor.efnetrbl.org";
|
|
type = "A record reply";
|
|
ban_unknown = no;
|
|
|
|
reply {
|
|
1 = "TOR";
|
|
};
|
|
kline = "KLINE 180 *@%i :TOR exit node found. Try connecting through the proxy DMZ or Tor instead.";
|
|
};
|
|
};
|
|
|
|
scanner {
|
|
name = "default";
|
|
protocol = HTTP:80;
|
|
protocol = HTTP:8080;
|
|
protocol = HTTP:3128;
|
|
protocol = HTTP:6588;
|
|
protocol = SOCKS4:1080;
|
|
protocol = SOCKS5:1080;
|
|
protocol = ROUTER:23;
|
|
protocol = WINGATE:23;
|
|
protocol = DREAMBOX:23;
|
|
protocol = HTTPPOST:80;
|
|
fd = 102400;
|
|
max_read = 4 kbytes;
|
|
timeout = 30 seconds;
|
|
target_ip = "irc.clandestine.network";
|
|
target_port = 6667;
|
|
target_string = ":irc.clandestine.network NOTICE * :*** Looking up your hostname";
|
|
target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
|
|
};
|
|
|
|
scanner {
|
|
name = "extended";
|
|
protocol = HTTP:81;
|
|
protocol = HTTP:8000;
|
|
protocol = HTTP:8001;
|
|
protocol = HTTP:8081;
|
|
protocol = HTTPPOST:81;
|
|
protocol = HTTPPOST:6588;
|
|
protocol = HTTPPOST:4480;
|
|
protocol = HTTPPOST:8000;
|
|
protocol = HTTPPOST:8001;
|
|
protocol = HTTPPOST:8080;
|
|
protocol = HTTPPOST:8081;
|
|
protocol = SOCKS4:4914;
|
|
protocol = SOCKS4:6826;
|
|
protocol = SOCKS4:7198;
|
|
protocol = SOCKS4:7366;
|
|
protocol = SOCKS4:9036;
|
|
protocol = SOCKS5:4438;
|
|
protocol = SOCKS5:5104;
|
|
protocol = SOCKS5:5113;
|
|
protocol = SOCKS5:5262;
|
|
protocol = SOCKS5:5634;
|
|
protocol = SOCKS5:6552;
|
|
protocol = SOCKS5:6561;
|
|
protocol = SOCKS5:7464;
|
|
protocol = SOCKS5:7810;
|
|
protocol = SOCKS5:8130;
|
|
protocol = SOCKS5:8148;
|
|
protocol = SOCKS5:8520;
|
|
protocol = SOCKS5:8814;
|
|
protocol = SOCKS5:9100;
|
|
protocol = SOCKS5:9186;
|
|
protocol = SOCKS5:9447;
|
|
protocol = SOCKS5:9578;
|
|
protocol = SOCKS5:10000;
|
|
protocol = SOCKS5:64101;
|
|
protocol = SOCKS4:29992;
|
|
protocol = SOCKS4:38884;
|
|
protocol = SOCKS4:18844;
|
|
protocol = SOCKS4:17771;
|
|
protocol = SOCKS4:31121;
|
|
fd = 102400;
|
|
};
|
|
|
|
scanner {
|
|
name = "ssh";
|
|
protocol = SSH:22;
|
|
target_string = "SSH-1.99-OpenSSH_5.1";
|
|
target_string = "SSH-2.0-dropbear_0.51";
|
|
target_string = "SSH-2.0-dropbear_0.52";
|
|
target_string = "SSH-2.0-dropbear_0.53.1";
|
|
target_string = "SSH-2.0-dropbear_2012.55";
|
|
target_string = "SSH-2.0-dropbear_2013.62";
|
|
target_string = "SSH-2.0-dropbear_2014.63";
|
|
target_string = "SSH-2.0-OpenSSH_4.3";
|
|
target_string = "SSH-2.0-OpenSSH_5.1";
|
|
target_string = "SSH-2.0-OpenSSH_5.5p1";
|
|
target_string = "SSH-2.0-ROSSSH";
|
|
target_string = "SSH-2.0-SSH_Server";
|
|
};
|
|
|
|
user {
|
|
mask = "*!*@";
|
|
scanner = "extended";
|
|
};
|
|
|
|
user {
|
|
mask = "*!squid@*";
|
|
mask = "*!nobody@*";
|
|
mask = "*!www-data@*";
|
|
mask = "*!cache@*";
|
|
mask = "*!CacheFlowS@*";
|
|
mask = "*!*@*www*";
|
|
mask = "*!*@*proxy*";
|
|
mask = "*!*@*cache*";
|
|
scanner = "extended";
|
|
};
|
|
|
|
exempt {
|
|
mask = "*!*@127.0.0.1";
|
|
mask = "*!*@100.64.0.0/17";
|
|
mask = "*!*@*.n3tw3rk.1ns3cur1ty.c0rp";
|
|
mask = "*!*@*.clandestine.network";
|
|
};
|