The hybrid open proxy monitor fully based on BOPM
C Shell Makefile M4 Yacc Lex
Latest commit 2755e6a Dec 31, 2016 @miwob miwob - Update copyright years
git-svn-id: svn://svn.ircd-hybrid.org/svnroot/hopm/trunk@7927 82007160-df01-0410-b94d-b575c5fd34c7
Permalink
Failed to load latest commit information.
doc - Update copyright years Dec 31, 2016
m4 - ax_append_flag.m4: update to latest version Oct 24, 2015
src - Update copyright years Dec 31, 2016
.travis.yml - .travis.yml: disable gcc builds on osx for now Oct 18, 2016
AUTHORS
COPYING - Added COPYING file Dec 23, 2014
INSTALL - INSTALL: fixed typo Jun 20, 2015
Makefile.am - Save PID file in var/run/ and logfiles in var/log/ Jul 14, 2015
Makefile.in - Re-create autogenerated files Jul 14, 2015
NEWS - Update NEWS file Sep 26, 2016
README
aclocal.m4 - Re-create autogenerated files Jul 1, 2015
compile
config.guess
config.sub - automake 1.15 Jan 11, 2015
configure
configure.ac
depcomp - automake 1.15 Jan 11, 2015
install-sh - automake 1.15 Jan 11, 2015
ltmain.sh - autoreconf Apr 27, 2015
missing - automake 1.15 Jan 11, 2015
mkinstalldirs - C99 is now mandatory. Removed snprintf.c and related code Dec 22, 2014
ylwrap - automake 1.15 Jan 11, 2015

README

Introduction
============

HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot designed to
monitor an individual server (all servers on the network have to run their own
bot if the IRCD does not support `farconnect` user mode) with a local
operator {} block and monitor connections. When a client connects to a server,
HOPM will scan the connection for insecure proxies. Insecure proxies are
determined by attempting to connect the proxy back to another host (usually the
IRC server in question).

HOPM is written ground-up in C language and it is an improved fork of BOPM
(blitzed open proxy monitor), which is a concept derived from wgmon. It
improves on wgmon with HTTP support, faster scanning (it can scan clients
simultaneously), better layout (scalability) and DNSBL support.


Requirements
============

* An IRCD, which presents connection notices in a format, which HOPM recognizes;

* A host with full connectivity for all the ports you wish to scan. i.e. is NOT
transparently proxied -- many domestic Internet connections have port 80
transparently proxied and this produces completely unpredictable results,
sometimes as severe as 100% of clients being K:lined;

* A UNIX OS with GNU make, a C99 compiler, etc.;

* Permission from your users to portscan them for open proxies;

* For HTTPS proxy detection, a working LibreSSL/OpenSSL library is required.


Compatibility
=============

* ircd-hybrid 8.2.x
* ircd-ratbox 3.0.x
* ircu 2.10.x
* InspIRCd 2.0.x
* UnrealIRCd 3.2.x, 4.0.x
* ngIRCd 22
* Bahamut 2.0.x
* Charybdis 3.4.x

HOPM is easily suitable for any other IRCD with little modification (`connregex`
in hopm.conf). However, if an IRCD does not send IP addresses in a connection
notice, HOPM will not work.


Command-line options
====================

`-c <name>`     Configuration filename. By default, HOPM reads hopm.conf,
                `-c foo` will cause HOPM to read foo.conf. The primary use for
                this is to run multiple HOPM from one directory.

`-d`            Debug mode. HOPM will not fork and will write logs to stderr.
                Multiple -d increase debug level.


Operator channel commands
=========================

`<bot> check <host> [scanner]`  Manually scans host for insecure proxies and
                                outputs all errors. If scanner is not given,
                                HOPM will scan on all scanners.NOTE: this will
                                NOT add a kline if it finds a proxy.

`<bot> stats`                   Outputs scan stats, uptime and connection count.

`<bot> fdstat`                  Outputs info about file descriptors in use.

Also, if several HOPM are present in one channel, they will all respond to !all,
for example `!all stats`.


Rehashing HOPM
==============

A /quote KILL on HOPM will cause the process to restart, rehashing the
configuration file and ending all queued scans.


Logging
=======

Once started, HOPM logs all significant events to a file called `hopm.log`,
which by default can be found at `$HOME/hopm/var/hopm.log`. There is also a
configuration option, `scanlog`, to log all proxy scans initiated, which can be
quite useful if you receive an abuse report related to portscanning.

These log files, especially the scan.log, can grow quite large. It is suggested
that you arrange for these files to be rotated periodically. You should send a
`USR1` signal to HOPM after moving its logfiles -- this will cause HOPM to
reopen those files.


Contact information
===================

* Bug reports: bugs@ircd-hybrid.org
* IRC: #ircd-coders on irc.ircd-hybrid.org
* GitHub: https://github.com/ircd-hybrid/hopm

Anonymous SVN access is also available:
  Devel: `svn co svn://svn.ircd-hybrid.org/svnroot/hopm/trunk`
  Stable branch (1.1.x): `svn co svn://svn.ircd-hybrid.org/svnroot/hopm/branches/1.1.x`