diff --git a/.gitattributes b/.gitattributes index 699d151..886a9c3 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ * text=auto !eol +/README.blsb.html -text /blsb.vcproj -text diff --git a/Makefile.in b/Makefile.in index d683fee..5603506 100644 --- a/Makefile.in +++ b/Makefile.in @@ -15,6 +15,7 @@ @SET_MAKE@ + SOURCES = $(blsb_la_SOURCES) srcdir = @srcdir@ @@ -38,7 +39,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(am__configure_deps) $(noinst_HEADERS) \ +DIST_COMMON = $(am__configure_deps) $(dist_doc_DATA) $(noinst_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(srcdir)/modconfig.h.in $(top_srcdir)/autotools/rules.mk \ $(top_srcdir)/configure ChangeLog autotools/compile \ @@ -63,7 +64,7 @@ am__vpath_adj = case $$p in \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(pkglibdir)" +am__installdirs = "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(docdir)" pkglibLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(pkglib_LTLIBRARIES) blsb_la_LIBADD = @@ -80,6 +81,8 @@ LTCOMPILE = $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) \ CCLD = $(CC) SOURCES = $(blsb_la_SOURCES) DIST_SOURCES = $(blsb_la_SOURCES) +dist_docDATA_INSTALL = $(INSTALL_DATA) +DATA = $(dist_doc_DATA) HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags @@ -206,9 +209,12 @@ pkglib_LTLIBRARIES = blsb.la blsb_la_SOURCES = blsb.c blsb_help.c noinst_HEADERS = blsb.h blsb_la_LDFLAGS = -module -avoid-version +EXTRA_DIST = autotools/ccdv.c autotools/shtool RELNOTES +dist_doc_DATA = README.blsb README.blsb.html LINK = $(LIBTOOL) --tag=CXX --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ +docdir = $(prefix)/doc all: modconfig.h $(MAKE) $(AM_MAKEFLAGS) all-am @@ -303,6 +309,14 @@ distclean-libtool: -rm -f libtool uninstall-info-am: +uninstall-dist_docDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_doc_DATA)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(docdir)/$$f'"; \ + rm -f "$(DESTDIR)$(docdir)/$$f"; \ + done + ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -480,9 +494,9 @@ distcleancheck: distclean exit 1; } >&2 check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) modconfig.h +all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) modconfig.h installdirs: - for dir in "$(DESTDIR)$(pkglibdir)"; do \ + for dir in "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(docdir)"; do \ test -z "$$dir" || $(mkdir_p) "$$dir"; \ done install: install-am @@ -531,7 +545,7 @@ info: info-am info-am: -install-data-am: +install-data-am: install-dist_docDATA install-exec-am: install-pkglibLTLIBRARIES @@ -561,7 +575,8 @@ ps: ps-am ps-am: -uninstall-am: uninstall-info-am uninstall-pkglibLTLIBRARIES +uninstall-am: uninstall-dist_docDATA uninstall-info-am \ + uninstall-pkglibLTLIBRARIES .PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \ clean-generic clean-libtool clean-pkglibLTLIBRARIES ctags dist \ @@ -570,12 +585,13 @@ uninstall-am: uninstall-info-am uninstall-pkglibLTLIBRARIES distclean-hdr distclean-libtool distclean-tags distcleancheck \ distdir distuninstallcheck dvi dvi-am html html-am info \ info-am install install-am install-data install-data-am \ - install-exec install-exec-am install-info install-info-am \ - install-man install-pkglibLTLIBRARIES install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-info-am \ + install-dist_docDATA install-exec install-exec-am install-info \ + install-info-am install-man install-pkglibLTLIBRARIES \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-dist_docDATA uninstall-info-am \ uninstall-pkglibLTLIBRARIES @@ -704,7 +720,6 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) if test "x#" != "x@USECCDV@"; then echo "Installing $$f"; fi; \ else :; fi; \ done -#AM_CFLAGS = @PCRE_CFLAGS@ @CURL_CFLAGS@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/README.blsb b/README.blsb index ce6e894..8b13789 100644 --- a/README.blsb +++ b/README.blsb @@ -1,680 +1 @@ -OPSB Manual - _________________________________________________________________ - - 1. Prerequisites and Installation. - - 1.1. Compiling and Installation - - 2. Basic Configuration - - 2.1. Exclusion Lists - 2.2. TARGET IP and TARGET PORT - 2.3. BanTime - - 3. Detailed Configuration - - 3.1. CACHETIME Setting - 3.2. SCAN Setting - 3.3. AKILL Setting - 3.4. OPMDOMAIN Setting - 3.5. MAXBYTES Setting - 3.6. TIMEOUT - 3.7. OPENSTRING - 3.8. SPLITTIME - 3.9. SCANMSG Setting - 3.10. PORTS Setting - - 3.10.1. Listing Ports/Protocols - 3.10.2. Adding Ports - 3.10.3. Deleting Ports - - 4. Operational Commands - - 4.1. LOOKUP Command - 4.2. INFO Command - 4.3. CHECK Command - 4.4. STATUS Command - - Welcome to the Open Proxy Scanning Bot (OPSB) Manual. This document - will aid you in setting up and running OPSB on your IRC network. - - OPSB is a Proxy Scanning Service that scans connecting clients for - Open Proxies. These Open Proxies are often used by malicious users and - trojans to connect to your network and attack the network, users, or - channels that you host. It bases its scanning engine on the BOPM proxy - scanning library available at http://www.blitzed.org, but unlike the - BOPM software, it has native support to scan all clients network wide, - rather than via individual servers. This means that you only need one - OPSB service running on your network to protect your entire IRC - network. - - Additionally, OPSB makes use of Open Proxy lists. These lists often - contain IP addresses of verified Open Proxies, and OPSB can ban these - users without even scanning. By default, OPSB uses the blitzed open - proxy list (More details available at http://opm.blitzed.org) - - OPSB is flexible in that it has many advanced configuration options - available to IRC administrators, including the ability to easily - modify the protocols and ports to scan of connecting users, as well as - exclude certian users or servers from scanning. This allows you maxium - flexibility without the overhead of running multiple copies of proxy - scanning software. In addition, it has the ability to Queue up scans, - so during periods of peak usage, OPSB will not consume all bandwidth - or file descriptors, but still scan users in a timely manor. - - Proxy Scanning is only one defence against Trojans and Malicious - users, and can not detect all types of open Proxies. We therefore - recomend that the IRC administrators run other software such as - SecureServ, and familiarize themselves with the OperServ functionality - found in most traditional IRC services packages. - - By Default, OPSB scans the following protocols and ports (But this can - be easily customized) - * HTTP Proxies on Port 80, 3128, 8000, 8080 - * HTTP Post Proxies on Port 80, 3128, 8000, 8080 - * Wingate Servers on Port 23 - * Insecure Cisco Routers on port 23 - * SOCKS4 Servers on 1080 - * SOCKS5 Servers on 1080 - - These ports are some of the more common ports, but administrators - might find other ports that are often associated with open proxies. In - these cases, the administrator can simple add the new port to be - scanning without restarting OPSB. - -Warning - - When picking a host to run OPSB from, make sure you check with your - Shell or ISP provider to ensure that there are no Transparent HTTP - proxies enabled on that network. Transparent proxies are often used to - speed up HTTP downloads for users without requiring the user to update - their browser configuration. If you often get false positive scans on - users on port 80, then most likely your hosting provider has - implemented a Transparent Proxy. See if they can disable this - transparent proxy for you, or alternativly, find a new hosting - provider that does not run a transparent proxy. THERE IS NO WAY FOR - OPSB TO DETECT IT IS BEHIND A TRANSPARENT PROXY. - - OPSB is written and maintained by Justin Hammond. It requires the - NeoStats software. More information about OPSB, or NeoStats, can be - found at http://www.neostats.net/ - - OPSB is Copyright, 2004 by Justin Hammond. - -1. Prerequisites and Installation. - - OPSB is designed to run on Top of NeoStats. The Following requirements - at the time of writting are required for NeoStats: - * A Linux or BSD based Server or Shell. - * A supported IRCd. Currently, Hybrid7, Unreal, Ultimate2.x, - Ultimate3.x, NeoIRCd, Bahumat - * Some basic Unix administration Skill - * Of Course, a IRC network to connect it all together. - - Please refer to the NeoStats website for more information on the - requirements - - OPSB itself requires the following: - * NeoStats 2.5.8 or Higher correctly installed and Running - * The time to read this entire document. - -Warning - OPSB has the potential to Akill/Gline your entire network. Its - strongly suggested that you read this entire document before even - attempting to compile OPSB, as I'm just going to laugh, if you - didn't read, and it AKILL's your entire network. This is Beta - Software, there are BUGS. beware. - -1.1. Compiling and Installation - - As long as you have successfully setup NeoStats, and installed it - correctly, Compiling OPSB is very simple and straight forward. First - you must extract the files from the download package. This is as - simple as: -bash$ tar -xzf OPSB-.tar.gz - - This should then create a directory called OPSB- where - is the Version of OPSB. Then Proceed to Change into the OPSB - directory, and run Configure as follows: -bash$./configure [--enable-debug | --with-neostats=] - - --enable-debug is only usefull for diagnostics purposes when used in - conjuction with debugging tools. There should be no need to use this - option on a day to day basis - - --with-neostats= should be used if your neostats directory is not - in a standard location (~/NeoStats/). Replace with the full path - to your NeoStats installation directory (NOT SOURCE DIRECTORY) - - Configuring OPSB will look something like the following screen: -[Fish@fish-dt]$ ./configure -checking for gcc... gcc -checking for C compiler default output... a.out -checking whether the C compiler works... yes -checking whether we are cross compiling... no -checking for suffix of executables... -checking for suffix of object files... o -checking whether we are using the GNU C compiler... yes -checking whether gcc accepts -g... yes -checking for gcc option to accept ANSI C... none needed -checking for a BSD-compatible install... /usr/bin/install -c -checking for pcre_compile in -lpcre... yes -checking Location of NeoStats...... /home/fish/NeoStats/ -checking for /home/fish/NeoStats//include/dl.h... yes -checking Version of NeoStats...... Compatible Version -checking Whether to Enable Debuging...... no -configure: creating ./config.status -config.status: creating Makefile - -(*----------------------------------------------------------*) -(| To compile your module, please type 'make' |) -(| If make completes without errors, then you |) -(| Must 'make install', but please be sure that NeoStats |) -(| Is not currently running with a module of the same name |) -(| Running, otherwise Make install will not work |) -(| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |) -(| If you are running a BSD, make install may produce a |) -(| Error, if that is the case, then please manually copy |) -(| opsb.so to the NeoStats/dl directory |) -(| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |) -(*----------------------------------------------------------*) -(| For Support please visit: |) -(| IRC: /server irc.irc-chat.org |) -(| #neostats channel |) -(| WWW: http://www.neostats.net/boards/ |) -(*----------------------------------------------------------*) -(|This Module was written by: |) -(| fish (fish@dynam.ac) |) -(*----------------------------------------------------------*) - - If the configuration did not produce a error, you may then move onto - Compiling OPSB. Compiling is simply just issuing the "make" command - (or "gmake" if you are running BSD): -[Fish@fish-dt]$ make -(cd libopm; make libopm.a) -make[1]: Entering directory `/home/fish/opsb/libopm' -gcc -c -O2 -Wall -I. -I.. compat.c -gcc -c -O2 -Wall -I. -I.. config.c -gcc -c -O2 -Wall -I. -I.. inet.c -gcc -c -O2 -Wall -I. -I.. libopm.c -gcc -c -O2 -Wall -I. -I.. list.c -gcc -c -O2 -Wall -I. -I.. malloc.c -gcc -c -O2 -Wall -I. -I.. proxy.c -ar cru libopm.a compat.o config.o inet.o libopm.o list.o malloc.o proxy.o -ranlib libopm.a -make[1]: Leaving directory `/home/fish/opsb/libopm' -gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm opsb.c -gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm proxy.c -gcc -c -O2 -Wall -I/home/fish/NeoStats//include/ -I. -Ilibopm opsb_help.c -ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libop -m.a -[1005|/home/fish/opsb] -[Fish@fish-dt]$ - - Again, check for Error messages. As long as there are not error - messages, "make install" will install OPSB, this README file, and any - auxiluary files needed into your NeoStats directory: -[Fish@fish-dt]$ make install -(cd libopm; make libopm.a) -make[1]: Entering directory `/home/fish/opsb/libopm' -make[1]: `libopm.a' is up to date. -make[1]: Leaving directory `/home/fish/opsb/libopm' -ld -shared -o opsb.so opsb.o proxy.o opsb_help.o libopm/libop -m.a -/usr/bin/install -c - -m 644 opsb.so - /home/fish/NeoStats//dl/ -/usr/bin/install -c - -m 644 README.opsb opsb.S -ettings /home/fish/NeoStats//dl/../doc/ -[1006|/home/fish/opsb] - - If you recieve *ANY* errors at all during the this process, please - post them on our Support boards, at http//www.neostats.net/boards/ - - Once Installation is complete, you can either configure NeoStats to - load OPSB when it starts, or load OPSB via IRC. - - To Configure NeoStats to automatically load OPSB when it boots, add - the following line to your "neostats.cfg" file in the NeoStats - directory: - - LOAD_MODULE OPSB - - To load OPSB via IRC, you must make sure you have the appropriate - permissions and issue the following command: - - /msg neostats load OPSB - - Thats it. OPSB is now loaded and ready for use (in fact, it will - already be running now, but read on for futher information. - -2. Basic Configuration - - OPSB is completly configured online via IRC. When you first start up - OPSB, it attempts some "Sane" defaults for you to get started with, - but you should always review these settings as soon as you install. - Additionally, while its in this "Default" state, it will warn you - every so often via a global message as well as messages to the - services channel that it is still "unconfigured". Some of the settings - that you may want to review right away are: - * Exclusion Lists - You should setup a Exclude list for your IRC - Services server (NickServ etc) - * Target IP address and Ports that OPSB tries to get the proxies to - connect to. - * Default Ban Time when OPSB finds a open Proxy. - - These are outlined below: - -2.1. Exclusion Lists - - Exclusion lists allow you to specify certian Hostmasks or Servers that - should be excluded from monitoring by OPSB. This exclusion list would - allow a administrator to say, allow users on that are matched against - a open proxy, when the administrator has verified that the trojan does - not in fact exist on the users host. - -Caution - - Exclusions should be setup for your Services Server, so that OPSB does - not try to scan ChanServ, or NickServ, or any of the bots relating to - Nickname protection. - - Adding a Entry - - To add a entry to the Exclusion list, use the following format: -/msg OPSB exclude add <1/0> - - Where: - - = The HostName/Server or Channel name. WildCards ? and * are - permitted. - - = The type of exclusion. 0 is for HostNames, 1 is for Servers - - = a short description of the exclusion, for operator - reference only. - - The output is as follows: ->OPSB< exclude add services.irc-chat.net 1 Blah is my reason --OPSB- Added services.irc-chat.net (Server) exception to list - - Listing an Entry - - To list the Exclusions simple type: -/msg OPSB exclude list - - And all the current exclusions are listed. Additionaly, a Position - number is provided for use with the delete command. The output is as - follows: ->OPSB< exclude list --OPSB- Exception List: --OPSB- 1) *.blah.com (Server) Added by Fish for Blah is my reason --OPSB- 2) is.blah.com (HostName) Added by Fish for can by high --OPSB- End of List. - - Deleting an Entry - - To delete a entry, you should first lookup the Position of the entry - that you wish to delete. The format of the command is as follows: -/msg OPSB exclude del - - Where: - - is the position of the entry you wish to delete in the list - - The output of the command is as follows: ->OPSB< exclude del 1 --OPSB- Deleted services.irc-chat.net server out of exception list - -2.2. TARGET IP and TARGET PORT - - By default, OPSB sets up each proxy scan to attempt to connect back to - the IP address and port of the server that NeoStats connects to. This - may not always be what you wish, as it can help a attacker map our how - your network is structured. Ideally, you should pick the IP address of - a IRC server you host that is stable and on a fast connection, and - enter its IP address and port numbers into OPSB. - - Changing the TargetIP - - To add a entry to the Helper list, use the following format: -/msg OPSB set targetip - - Where: - - = The ip address to attempt to get proxies to connect - to - - The output is as follows: - -> *opsb* set targetip 203.208.228.144 -=opsb= Target IP set to 203.208.228.144 - - Changing the Target Port - - To list the helpers simple type: -/msg OPSB set targetport - - Where: - - = the new port to attempt to get proxies to connect to - - The output is as follows: - -> *opsb* set targetport 6667 -=opsb= Target PORT set to 6667 - -2.3. BanTime - - OPSB by default bans the IP/Hostname of a Open Proxy for 1 day (86400 - seconds). Some networks may wish to increase or decrease this time - value. - - Changing the Ban Time - - To change the akilltime, type: - -> *opsb* set akilltime 86400 -=opsb= Ban time changed to 86400 - -3. Detailed Configuration - - OPSB attempts to be as configurable as possible in order to cater for - each individual networks requirements. This in turn though makes the - configuration very complex. There are many many settings with OPSB - that affect how it operates, how it responds and even, how affects the - performance of NeoStats Overall. Out of the box, OPSB provides - sensible defaults for these settings, but you may wish to read this - section for details on exactly what each option does, and its affect - on how OPSB operates. - - The following list summaries the available Options you can set in OPSB - * CACHETIME - * SCAN - * AKILL - * OPMDOMAIN - * MAXBYTES - * TIMEOUT - * OPENSTRING - * SPLITTIME - * SCANMSG - * PORTS - - To change any of these settings, you use the Set Interface in OPSB. - Eg: -/msg OPSB set