BOPM

From NeoWiki

Blitzed Open Proxy Monitor (BOPM) [1] was created to scan clients for open ports and to check their IPs against DNS blocklists (DNSBLs.)

This article will help a server administrator compile and configure BOPM to work with UnrealIRCd. It does not, however, include details on how to activate BOPMs port scanning features.

Please install BOPM, as soon as possible, since it will marginally disrupt spammers from evading bans via open proxies and Tor. Technically, only one BOPM is necessary for the whole network but we run one on each server in case of netsplits and to prevent over reliance on a single point of failure.

There might be pre-built BOPM packages (binaries) available for your operating system. If your OS has a package, by all means, USE IT. Just scroll to Configuration section after you have installed the pre-built package for help with configuring BOPM.

This is just a guide. Don't trust it with your life. We don't know anything and we certainly do not take any responsibility for your BOPMs, god(s), the feds, your ISPs, or anyone(anything) else's (lack of) actions.

Contents

Before installing...

This section details what should be done prior to compiling BOPM.

Create user 'bopm' and its home directory

Before we create the user 'bopm' we'll need to drop into a root shell.

su -
useradd -d /home/bopm bopm
mkdir /home/bopm
chown bopm /home/bopm

At least take one of the below actions to increase the security of your system.

Restrict Access via SSH

Restricting access via SSH[2] is not necessary but might be useful to prevent direct remote access to user 'bopm'.

Add a password

You might want to must add a password for user 'bopm'. The following assumes you are still the root user:

passwd bopm

BOPM Installation

In this section we will download, untar, and compile BOPM from source.

Switching to user 'bopm'

su bopm
cd

Download BOPM this is symlinked to the latest listed on the BOPM wiki

wget http://static.blitzed.org/www.blitzed.org/bopm/files/bopm-current.tar.gz

Untar BOPM

tar xvvf bopm-current.tar.gz

Move to the BOPM directory this depends on what the current version is

cd bopm-3.1.3/

Read INSTALL and configure help you may find some interesting information

less INSTALL
./configure --help | less

./configure compile and put it in $HOME/bopm

./configure && make && make install

Configuration

bopm.conf

The following details how to install our BOPM configuration file.

cd /home/bopm/bopm/etc/
mv bopm.conf bopm.conf.old
wget -O - http://wiki.neoturbine.net/images/7/75/Bopm.conf.txt > bopm.conf

You will need to modify this file to change your BOPMs

  • opername and operpass (line 46),
  • nickname (line 25),
  • channel key (line 62),
    • PM someone in #neoturbine but don't expect a response
  • NickServ user/password (line 43),
    • If you haven't registered your bopm's nickname with NickServ comment it out
  • If you've installed BOPM from a binary package you will need to change where the bopm.pid is located. (line 8)

We suggest that you use the nano text editor because it is very easy to use.

nano bopm.conf

unrealircd.conf

This details what to add to your unrealircd.conf. Don't forget to switch to your UnrealIRCd user before you modify this file!

su unreal # might not be your UnrealIRCd user
cd ~/path/to/unreal
nano unrealircd.conf
oper bopm {
        class clients;
        from {
                userhost bopm@127.0.0.1;
        };
        password <password>;
        flags {
                netadmin;
                can_zline;
                can_gkline;
                get_host;
        };
};

Starting

Starting BOPM for the first time

While logged in as user 'bopm' just run the binary. It should automatically run in the background.

/home/bopm/bopm/bin/bopm

Make it start up automatically on boot

To make BOPM run automagically, the lazy way, we will modify the rc.local (or similar script.) The location of this file may vary depending on your operating system, so we have listed a few common ones here. If your OS has it in a different location, and you know of it, please update our list.

Gentoo

echo su -c /home/bopm/bopm/bin/bopm bopm >> /etc/conf.d/local.start

Archlinux

echo su -c /home/bopm/bopm/bin/bopm bopm >> /etc/rc.local

Slackware

echo su -c /home/bopm/bopm/bin/bopm bopm >> /etc/rc.d/rc.local

Debian/Ubuntu

# You should use the BOPM package in Debian's Repositories!

Remember: If there is an exit line at the end of your rc.local (or similar) script, make sure you put this command BEFORE it, otherwise the script will end before BOPM will get a chance to run.

For example:
exit 0
#blah blah blah
Becomes:
#blah blah blah
exit 0

Alternative method using 'bopmchk'

This method uses cron to check if BOPM is running every ten minutes. An advantage of this method is that it does not require root access.

As user 'bopm':

cd /home/bopm/bopm/bin && wget http://static.blitzed.org/www.blitzed.org/bopm/files/release/contrib/crontab/bopmchk
chmod +x bopmchk

Open an editor and change line 24 to: the directory where BOPM is located

cd /home/bopm/bopm

Then, as user 'bopm', run "crontab -e" (edit the crontab file) to add the following line: This checks if BOPM is running every ten minutes

0,10,20,30,40,50 * * * * /home/bopm/bopm/bin/bopmchk >/dev/null 2>&1

More information/ Links

Support

Ask in the channel if you need help but don't expect responses ASAP. If you do not run a server on NeoturbineNET IRC please don't contact us for help.

Sample Configurations

Please don't blindly use these (or even our) bopm.conf. Make sure you know what each line of the configuration file does before launching it in a "production environment".