Hopm /
Hopm
1- doas useradd -m -g =uid -c "hopm" -d /home/hopm -s /bin/ksh hopm
2-
doas su hopm
cd
3-
ftp https://github.com/ircd-hybrid/hopm/archive/1.1.10.tar.gz
tar xvzf 1.1.10.tar.gz
cd hopm-1.1.10
./configure
make
make install
4- nano /home/hopm/hopm/etc/hopm.conf
options {
pidfile = "var/run/hopm.pid";
command_queue_size = 64;
command_interval = 10 seconds;
command_timeout = 180 seconds;
negcache_rebuild = 12 hours;
dns_fdlimit = 64;
dns_timeout = 5 seconds;
scanlog = "var/log/scan.log";
};
5- nano /home/hopm/hopm/var/log/scan.log
irc {
nick = "Almajd";
realname = "Hybrid Open Proxy Monitor";
username = "Almajd";
server = "127.0.0.1";
port = 16667;
tls = no;
readtimeout = 15 minutes;
reconnectinterval = 30 seconds;
nickserv = "SQUERY NickServ :IDENTIFY MyHopm PASSWORD";
oper = "Almajd opernow";
mode = "+BcFiIoqRsw";
away = "I'm a bot. Your messages will be ignored.";
channel {
name = "#ircfun-team";
key = "somekey";
invite = "SQUERY ChanServ :INVITE #hopm";
};
connregex = "Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
kline = "KLINE *@%h 3600 :Open proxy found on your host. Please contact support@ircfun.net if this is in error.";
notice = "To prevent spam and abuse, we scan users for open proxies.";
};
opm {
blacklist {
name = "dnsbl.dronebl.org";
address_family = ipv4, ipv6;
type = "A record reply";
ban_unknown = no;
reply {
2 = "Sample data used for heuristical analysis";
3 = "IRC spam drone (litmus/sdbot/fyle)";
5 = "Bottler (experimental)";
6 = "Unknown worm or spambot";
7 = "DDoS drone";
8 = "Open SOCKS proxy";
9 = "Open HTTP proxy";
10 = "ProxyChain";
11 = "Web Page Proxy";
12 = "Open DNS Resolver";
13 = "Automated dictionary attacks";
14 = "Open WINGATE proxy";
15 = "Compromised router / gateway";
16 = "Autorooting worms";
17 = "Automatically determined botnet IPs (experimental)";
18 = "Possibly compromised DNS/MX type hostname detected on IRC";
19 = "Abused VPN Service";
255 = "Uncategorized threat class";
};
kline = "KLINE *@%h 3600 :You have a host listed in the DroneBL. For more information, visit https://dronebl.org/lookup_branded?ip=%i&network=Network";
};
blacklist {
name = "rbl.efnetrbl.org";
type = "A record reply";
ban_unknown = no;
reply {
1 = "Open proxy";
2 = "spamtrap666";
3 = "spamtrap50";
4 = "TOR";
5 = "Drones / Flooding";
};
kline = "KLINE *@%h 3600 :Blacklisted proxy found. For more information, visit https://rbl.efnetrbl.org/?i=%i";
};
blacklist {
name = "tor.efnetrbl.org";
type = "A record reply";
ban_unknown = no;
reply {
1 = "TOR";
};
kline = "KLINE *@%h 3600 :TOR exit node found. For more information, visit https://rbl.efnetrbl.org/?i=%i";
};
};
scanner {
name = "default";
protocol = HTTP:80;
protocol = HTTP:8080;
protocol = HTTP:3128;
protocol = HTTP:6588;
# protocol = HTTPS:443;
# protocol = HTTPS:8443;
protocol = SOCKS4:1080;
protocol = SOCKS5:1080;
protocol = ROUTER:23;
protocol = WINGATE:23;
protocol = DREAMBOX:23;
protocol = HTTPPOST:80;
# protocol = HTTPSPOST:443;
# protocol = HTTPSPOST:8443;
# bind = "127.0.0.1";
fd = 512;
max_read = 4 kbytes;
timeout = 30 seconds;
target_ip = "127.0.0.1";
target_port = 6667;
target_string = "NOTICE * :*** Looking up your hostname and checking ident";
};
scanner {
name = "extended";
protocol = HTTP:81;
protocol = HTTP:8000;
protocol = HTTP:8001;
protocol = HTTP:8081;
protocol = HTTPPOST:81;
protocol = HTTPPOST:6588;
protocol = HTTPPOST:4480;
protocol = HTTPPOST:8000;
protocol = HTTPPOST:8001;
protocol = HTTPPOST:8080;
protocol = HTTPPOST:8081;
protocol = SOCKS4:4914;
protocol = SOCKS4:6826;
protocol = SOCKS4:7198;
protocol = SOCKS4:7366;
protocol = SOCKS4:9036;
protocol = SOCKS5:4438;
protocol = SOCKS5:5104;
protocol = SOCKS5:5113;
protocol = SOCKS5:5262;
protocol = SOCKS5:5634;
protocol = SOCKS5:6552;
protocol = SOCKS5:6561;
protocol = SOCKS5:7464;
protocol = SOCKS5:7810;
protocol = SOCKS5:8130;
protocol = SOCKS5:8148;
protocol = SOCKS5:8520;
protocol = SOCKS5:8814;
protocol = SOCKS5:9100;
protocol = SOCKS5:9186;
protocol = SOCKS5:9447;
protocol = SOCKS5:9578;
protocol = SOCKS5:10000;
protocol = SOCKS5:64101;
protocol = SOCKS4:29992;
protocol = SOCKS4:38884;
protocol = SOCKS4:18844;
protocol = SOCKS4:17771;
protocol = SOCKS4:31121;
fd = 400;
};
scanner {
name = "ssh";
protocol = SSH:22;
target_string = "SSH-1.99-OpenSSH_5.1";
target_string = "SSH-2.0-dropbear_0.51";
target_string = "SSH-2.0-dropbear_0.52";
target_string = "SSH-2.0-dropbear_0.53.1";
target_string = "SSH-2.0-dropbear_2012.55";
target_string = "SSH-2.0-dropbear_2013.62";
target_string = "SSH-2.0-dropbear_2014.63";
target_string = "SSH-2.0-OpenSSH_4.3";
target_string = "SSH-2.0-OpenSSH_5.1";
target_string = "SSH-2.0-OpenSSH_5.5p1";
target_string = "SSH-2.0-ROSSSH";
target_string = "SSH-2.0-SSH_Server";
};
user {
mask = "*!*@*";
scanner = "default";
};
user {
# mask = "*!~*@*";
mask = "*!squid@*";
mask = "*!nobody@*";
mask = "*!www-data@*";
mask = "*!cache@*";
mask = "*!CacheFlowS@*";
mask = "*!*@*www*";
mask = "*!*@*proxy*";
mask = "*!*@*cache*";
scanner = "extended";
};
exempt {
mask = "*!*@127.0.0.1";
};
6- nano /home/hopm/hopm/bin/autohopm
#!/bin/sh
HOPMPATH=/home/hopm/hopm
if test -r $HOPMPATH/var/run/hopm.pid; then
HOPMPID=$(cat $HOPMPATH/var/run/hopm.pid)
if $(kill -0 $HOPMPID >/dev/null 2>&1)
then
exit 0
fi
fi
$HOPMPATH/bin/hopm &> /dev/null
7- $ chmod 754 /home/hopm/hopm/bin/autohopm
8- $ EDITOR=nano crontab -e
*/5 * * * * /home/hopm/hopm/bin/autohopm
9- nano /home/hopm/hopm/etc/reference.conf
line 130 = server = "domain-name";
line 673 = target_string = ":domain-name NOTICE * :*** Looking up your hostname";
10- Run Hopm: /home/hopm/hopm/bin/hopm -d