Historical:1.2/Making BOPM work with InspIRCd
|2.0 Documentation||3.0 Documentation|
This tutorial will instruct you upon how to get BOPM up and running on your inspircd servers. As of writing, the latest version of BOPM is 3.1.3. This guide will use that version.
As an alternative to BOPM, Modules/dnsbl can be used. However, m_dnsbl does not support scanning for open proxies, and can only set bans via the IRCd (eg, you can't have a ban command like "PRIVMSG ChanServ AKILL ADD @host", etc).
First, obtain BOPM from the BOPM website.
Once you have the bopm tarball on your shell, extract the archive:
tar -zxf bopm-3.1.3.tar.gz cd bopm-3.1.3
Configure, then compile it. NOTE: By default, this installs BOPM to your home directory under a 'bopm' dir (eg, ~/bopm/). To change where BOPM is installed to, see the --prefix option in the "INSTALL" file.
./configure make make install
Change to the directory you installed BOPM to (or the default at ~/bopm) and then enter the 'etc' directory within it. The "etc" directory contains the configuration files for BOPM:
Now open up your config file (bopm.conf) in your favorite editor. There is quite a bit of configuration that needs to be done, so read through the file and change things as you please. One change specific to InspIRCd 1.2 is the connection regular expression. Use the connregex below.
connregex = "\\*\\*\\* CONNECT: Client connecting on port [0-9]+: ([^ ]+)!([^@]+)@([^\\)]+) \\[([0-9\\.]+)\\] \\[.*\\]";
The BOPM bot needs snomask +c in order to see local connects (and +C for remote connects if you want to monitor remote users as well). This can be done in two ways. Either set "+s +c" in the bopm bot's oper <type:modes> tag, or edit the mode="" option in bopm.conf.
You also need to change the kline rule in bopm.conf. You can change it to one of the following:
# The following line will set a ZLINE through the IRCd on the IP address. kline = "ZLINE %i 1d :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; # This line will set an AKILL through the services on the IP address. This example is for Atheme services. # I personally prefer this method because I like keeping all bans in the services for administration purposes. kline = "PRIVMSG OperServ :AKILL ADD *@%i !T 6h Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
There now follows a quick description of these config settings, for those who are new to BOPM or to inspircd or both.
The first configuration setting, mode=, sets the mode which the bopm client will set on itself when it connects.
The second setting, connregex, is arguably the most important and most difficult setting to understand. This defines a pattern of characters which must be matched so that bopm may perform a scan. This pattern matches inspircd connect notices (and currently to date no other connect notices known to man!). I repeat now the time is right that you must have alpha 12 or this connregex line will not work!.
The kline= line indicates how bopm will ban an open proxy host. You can use KLINE here if you want to set local bans, GLINE saves your network resources by making a network-wide ban. This ban is one day long, you may also change the '1d' to whatever you wish.
The final line is used by bopm to determine weather it has found an open proxy or not. Please note that you should change the server address in these config files to match the server bopm is connecting to. If you do not, BOPM will never find any new proxies and will only detect those which are already in its blacklist!
Oper Configuration for BOPM
One final note, you must prepare an <oper> tag for your bopm. After defining an oper username and password in your bopm config file you may wish to add a group of config tags to your inspircd Configuration file which look like the following:
<class name="BanOnly" commands="ZLINE" usermodes="s"> <type name="BOPM" classes="BanOnly"> <oper name="bopm" password="bopmpass" host="*@localhost" type="BOPM">
The reasoning for this is as follows: The bopm bot with these privileges may only see connect/exit notices and ZLINE people. This is the most secure possible configuration for your BOPM. Remember to set the hostname if necessary.