Anope IRC Services
Anope Support => 2.0.x/1.9.x Support => Topic started by: CrazyCat on November 16, 2017, 01:27:51 PM
-
Hello there,
I had configured this module, turn off hopm and now I'm waiting...
hopm (and bopm) had a check command, allowing to test IP, I used it to test my blacklists.
I didn't find any equivalent in anope, so how can I verify that it works well ?
Regards,
CrazyCat
-
Sorry, but I think there's an error in the wiki.
The m_dnsbl page (https://wiki.anope.org/index.php/2.0/Modules/m_dnsbl) gives the following configuration:
blacklist
{
/* Name of the blacklist. */
name = "rbl.efnetrbl.org"
/* How long to set the ban for. */
time = 4h
/* Reason for akill.
* %n is the nick of the user
* %u is the ident/username of the user
* %g is the realname of the user
* %h is the hostname of the user
* %i is the IP of the user
* %r is the reason (configured below). Will be nothing if not configured.
* %N is the network name set in networkinfo:networkname
*/
reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
/* Replies to ban and their reason. If this is totally omitted all replies get banned. */
1 = "Open Proxy"
/* Don't ban for result 2 or 3 */
#2 = "spamtrap666"
#3 = "spamtrap50"
4 = "TOR"
5 = "Drones / Flooding"
}
(similar to bopm.conf)
but in the last module.example.conf, the replies use the following syntax:
blacklist
{
/* Name of the blacklist. */
name = "rbl.efnetrbl.org"
/* How long to set the ban for. */
time = 4h
/* Reason for akill.
* %n is the nick of the user
* %u is the ident/username of the user
* %g is the realname of the user
* %h is the hostname of the user
* %i is the IP of the user
* %r is the reply reason (configured below). Will be nothing if not configured.
* %N is the network name set in networkinfo:networkname
*/
reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
/* Replies to ban and their reason. If no replies are configured, all replies get banned. */
reply
{
code = 1
reason = "Open Proxy"
}
#reply
{
code = 2
reason = "spamtrap666"
}
#reply
{
code = 3
reason = "spamtrap50"
}
reply
{
code = 4
reason = "TOR"
/*
* If set, users identified to services at the time the result comes back
* will not be banned.
*/
#allow_account = yes
}
reply
{
code = 5
reason = "Drones / Flooding"
}
}
-
Sorry replying myself, but I think I misconfigured my blacklists.
I saw a suspect connexion but anope didn't kill it. So i launch hopm:
13:49:28 <CrazyCat> BlitzServ check WW.XX.YY.ZZ
13:49:28 <BlitzServ> CHECK -> Checking 'WW.XX.YY.ZZ' for open proxies on all scanners
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone tor.dnsbl.sectoor.de
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone dnsbl.swiftbl.net
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone dnsbl.sorbs.net
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ appears in BL zone dnsbl.dronebl.org (SOCKS Proxy)
13:49:28 <BlitzServ> CHECK -> DNSBL -> WW.XX.YY.ZZ does not appear in BL zone rbl.efnet.org
13:49:58 <BlitzServ> CHECK -> All tests on WW.XX.YY.ZZ completed.
Here is my blacklist configuration using dronebl (I didn't copy the others blacklists here)
module
{
name = "m_dnsbl"
check_on_connect = yes
check_on_netburst = no
add_to_akill = yes
blacklist
{
name = "dnsbl.dronebl.org"
time = 4h
reason = "%n, You have a host listed in the DroneBL. Visit http://dronebl.org/lookup_branded.do?ip=%i&network=Zeolia"
reply
{
code = 2
reason = "Sample"
}
reply
{
code = 3
reason = "IRC Drone"
}
reply
{
code = 5
reason = "Bottler"
}
reply
{
code = 6
reason = "Unknown spambot or drone"
}
reply
{
code = 7
reason = "DDOS Drone"
}
reply
{
code = 8
reason = "SOCKS Proxy"
}
reply
{
code = 9
reason = "HTTP Proxy"
}
reply
{
code = 10
reason = "Proxychain"
}
reply
{
code = 13
reason = "Brute force attackers"
}
reply
{
code = 14
reason = "Open Wingate Proxy"
}
reply
{
code = 15
reason = "Compromised router / gateway"
}
}
}
Did I do something wrong ?
-
Do you have m_dns loaded?
-
Yes, I can see it in the /msg operserv modlist reply. And m_dnsbl is loaded too.