bopm.conf For uneralircd4

Chief Fri Oct 13, 2017 11:15 pm

Code:: /* BOPM sample configuration */ options { /* * Full path and filename for storing the process ID of the running * BOPM. */ pidfile = "/home/asher/bopm/bopm.pid"; /* * How many seconds to store the IP address of hosts which are * confirmed (by previous scans) to be secure. New users from these * IP addresses will not be scanned again until this amount of time * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS * DIRECTIVE, but it is provided due to demand. * * The main reason for not using this feature is that anyone capable * of running a proxy can get abusers onto your network - all they * need do is shut the proxy down, connect themselves, restart the * proxy, and tell their friends to come flood. * * Keep this directive commented out to disable negative caching. */ # negcache = 3600; /* * Amount of file descriptors to allocate to asynchronous DNS. 64 * should be plenty for almost anyone - previous versions of BOPM only * did one at a time! */ dns_fdlimit = 64; /* * Put the full path and filename of a logfile here if you wish to log * every scan done. Normally BOPM only logs successfully detected * proxies in the bopm.log, but you may get abuse reports to your ISP * about portscanning. Being able to show that it was BOPM that did * the scan in question can be useful. Leave commented for no * logging. */ # scanlog = "/some/path/scan.log"; }; IRC { /* * IP to bind to for the IRC connection. You only need to use this if * you wish BOPM to use a particular interface (virtual host, IP * alias, ...) when connecting to the IRC server. There is another * "vhost" setting in the scan {} block below for the actual * portscans. Note that this directive expects an IP address, not a * hostname. Please leave this commented out if you do not * understand what it does, as most people don't need it. */ # vhost = "0.0.0.0"; /* * Nickname for BOPM to use. */ nick = "MyBopm"; /* * Text to appear in the "realname" field of BOPM's /whois output. */ realname = "Blitzed Open Proxy Monitor"; /* * If you don't have an identd running, what username to use. */ username = "bopm"; /* * Hostname (or IP) of the IRC server which BOPM will monitor * connections on. */ server = "192.168.1.219"; /* * Password used to connect to the IRC server (PASS) */ # password = "secret"; /* * Port of the above server to connect to. This is what BOPM uses to * get onto IRC itself, it is nothing to do with what ports/protocols * are scanned, nor do you need to list every port your ircd listens * on. */ port = 6665; /* * Command to execute to identify to NickServ (if your network uses * it). This is the raw IRC command text, and the below example * corresponds to "/msg nickserv identify password" in a client. If * you don't understand, just edit "password" in the line below to be * your BOPM's nick password. Leave commented out if you don't need * to identify to NickServ. */ # nickserv = "privmsg nickserv :identify password"; /* * The username and password needed for BOPM to oper up. */ oper = "hopm 123456"; /* * Mode string that BOPM needs to set on itself as soon as it opers * up. This needs to include the mode for seeing connection notices, * otherwise BOPM won't scan anyone (that's usually umode +c). It's * often also a good idea to remove any helper modes so that users * don't try to talk to the BOPM. * * REMEMBER THAT IRCU AND LATER VERSIONS OF UNREAL DO NOT USE A SIMPLE * +c !! */ mode = "+Bs +cF"; /* Example for Bahamut; +F gives BOPM relaxed flood limits */ # mode = "+Fc-h"; /* * If this is set then BOPM will use it as an /away message as soon as * it connects. */ away = "I'm a bot. Your messages will be ignored."; /* * Info about channels you wish BOPM to join in order to accept * commands. BOPM will also print messages in these channels every * time it detects a proxy. Only IRC operators can command BOPM to do * anything, but some of the things BOPM reports to these channels * could be soncidered sensitive, so it's best not to put BOPM into * public channels. */ channel { /* * Channel name. Local ("&") channels are supported if your ircd * supports them. */ name = "#mIRCx"; /* * If BOPM will need to use a key to enter this channel, this is * where you specify it. */ # key = "somekey"; /* * If you use ChanServ then maybe you want to set the channel * invite-only and have each BOPM do "/msg ChanServ invite" to get * itself in. Leave commented if you don't, or if this makes no * sense to you. */ # invite = "privmsg chanserv :invite #bopm"; }; /* * You can define a bunch of channels if you want: * * channel { name = "#other"; }; channel { name="#channel"; } */ /* * connregex is a POSIX regular expression used to parse connection * (+c) notices from the ircd. The complexity of the expression should * be kept to a minimum. * * Items in order MUST be: nick user host IP * * BOPM will not work with ircds which do not send an IP in the * connection notice. * * This is fairly complicated stuff, and the consequences of getting * it wrong are the BOPM does not scan anyone. Unless you know * absolutely what you are doing, please just uncomment the example * below that best matches the type of ircd you use. * * !!! NOTE !!! If a connregex for your ircd does not appear here and the * hybrid connregex does not appear to work, check the BOPM FAQ at * http://wiki.blitzed.org/BOPM before contacting our lists for help. * */ /* Hybrid / Bahamut / Unreal (in HCN mode) */ # connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9\\.]+)\\].*"; connregex = "\\*\\*\\* Client connecting: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*"; /* * Ultimate ircd - note the control-B characters around Connect/Exit, * that is because that text appears in bold in the actual connect * notice. Be very careful when editing this, do it as you would put * bold characters into IRC MOTDs. */ # connregex = "\\*\\*\\* Connect/Exit -- from [^:]+: Client connecting on port [0-9]+: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9\\.]+)\\].*"; /* * SorIRCd 1.3.4+ / StarIRCd 5.26+. */ # connregex = "\\*\\*\\* Notice -- Client connecting on port [0-9]+: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9\\.]+)\\].*"; /* * "kline" controls the command used when an open proxy is confirmed. * We suggest applying a temporary (no more than a few hours) KLINE on the host. * * <WARNING> * Make sure if you need to change this string you also change the * kline command for every DNSBL you enable below. * * Also note that some servers do not allow you to include ':' characters * inside the KLINE message (e.g. for a http:// address). * * Users rewriting this message into something that isn't even a valid * IRC command is the single most common cause of support requests and * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE * KLINE COMMANDS BELOW. * </WARNING> * * That said, should you wish to customise this text, several * printf-like placeholders are available: * * %n User's nick * %u User's username * %h User's irc hostname * %i User's IP address * */ kline = "KLINE *@%h :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; /* A GLINE example for IRCu: */ # kline = "GLINE +*@%i 1800 :Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; /* An AKILL example for services with OperServ * Your BOPM must have permission to AKILL for this to work! */ # kline = "PRIVMSG OpenServ :AKILL +3h *@%h Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information."; /* * Text to send on connection, these can be stacked and will be sent in this order * * !!! UNREAL USERS PLEASE NOTE !!! * Unreal users will need PROTOCTL HCN to force hybrid connect * notices. * * Yes Unreal users! That means you! That means you need the line * below! See that thing at the start of the line? That's what we * call a comment! Remove it to UNcomment the line. */ perform = "PROTOCTL HCN"; }; /* * OPM Block defines blacklists and information required to report new proxies * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone * file. There are several blacklist that list IP addresses known to be open * proxies or other forms of IRC abuse. By checking against these blacklists, * BOPMs are able to ban known sources of abuse without completely scanning them. */ OPM { /* * Blacklist zones to check IPs against. If you would rather not * trust a remotely managed blacklist, you could set up your own, or * leave these commented out in which case every user will be * scanned. The use of at least one open proxy DNSBL is recommended * however. * * Blitzed is not associated with any of these DNSBLs, please check * the policies of each blacklist you use to check you are comfortable * with using them to block access to your server (and that you are * allowed to use them). */ /* DroneBL - http://dronebl.org */ blacklist { /* The DNS name of the blacklist */ name = "dnsbl.dronebl.org"; /* * There are only two values that are valid for this * "A record bitmask" and "A record reply" * These options affect how the values specified to reply * below will be interpreted, a bitmask is where the reply * values are 2^n and more than one is added up, a reply is * simply where the last octet of the IP is that number. * If you are not sure then the values set for dnsbl.dronebl.org * will work without any changes. */ type = "A record bitmask"; /* Kline types not listed in the reply list below. * * For DNSBLs that are not IRC specific and you just wish to kline * certain types this can be disabled. */ ban_unknown = yes; /* The actual values returned by the dnsbl.dronebl.org blacklist * As documented at http://www.dronebl.org/howtouse.do */ reply { 2 = "Sample"; 3 = "IRC Drone"; 4 = "Tor"; 5 = "Bottler"; 6 = "Unknown spambot or drone"; 7 = "DDOS Drone"; 8 = "SOCKS Proxy"; 9 = "HTTP Proxy"; 10 = "ProxyChain"; 255 = "Unknown"; }; /* The kline message sent for this specific blacklist, remember to put * the removal method in this. */ kline = "ZLINE *@%i 1d :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=Network"; }; # /* ircbl.ahbl.org - see http://ahbl.org/docs/ircbl # * http://oldwww.temp.ahbl.org/docs/ircbl.php */ # blacklist { # name = "ircbl.ahbl.org"; # type = "A record reply"; # ban_unknown = no; # reply { # 2 = "Open proxy"; # }; # kline = "KLINE *@%h :Listed in ircbl.ahbl.org. See http://ahbl.org/removals"; # }; /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */ # blacklist { # name = "tor.dnsbl.sectoor.de"; # type = "A record reply"; # reply { # 1 = "Tor exit server"; # }; # ban_unknown = no; # kline = "KLINE *@%h :Tor exit server detected. See www.sectoor.de/tor.php?ip=%i"; # }; /* rbl.efnet.org - http://rbl.efnet.org/ */ blacklist { name = "rbl.efnet.org"; type = "A record bitmask"; reply { 1 = "Open proxy"; 2 = "Trojan spreader"; 3 = "Trojan infected client"; 4 = "TOR exit server"; 5 = "Drones / Flooding"; }; ban_unknown = yes; kline = "ZLINE *@%i 1d :Listed in rbl.efnet.org. See rbl.efnet.org/?i=%i"; }; /* example: NJABL - please read http://www.njabl.org/use.html before * uncommenting */ # blacklist { # name = "dnsbl.njabl.org"; # type = "A record reply"; # reply { # 9 = "Open proxy"; # }; # ban_unknown = no; # kline = "KLINE *@%h :Open proxy found on your host, please visit www.njabl.org/cgi-bin/lookup.cgi?query=%i"; # }; /* * You can report the insecure proxies you find to a DNSBL also! * The remaining directives in this section are only needed if you * intend to do this. Reports are sent by email, one email per IP * address. The format does support multiple addresses in one email, * but we don't know of any servers that are detecting enough insecure * proxies for this to be really necessary. */ /* * Email address to send reports FROM. If you intend to send reports, * please pick an email address that we can actually send mail to * should we ever need to contact you. */ # dnsbl_from = "mybopm@myserver.org"; /* * Email address to send reports TO. * For example DroneBL: */ # dnsbl_to = "bopm-report@dronebl.org"; /* * Full path to your sendmail binary. Even if your system does not * use sendmail, it probably does have a binary called "sendmail" * present in /usr/sbin or /usr/lib. If you don't set this, no * proxies will be reported. */ # sendmail = "/usr/sbin/sendmail"; }; /* * The short explanation: * * This is where you define what ports/protocols to check for. You can have * multiple scanner blocks and then choose which users will get scanned by * which scanners further down. * * The long explanation: * * Scanner defines a virtual scanner. For each user being scanned, a scanner * will use a file descriptor (and subsequent connection) for each protocol. * Once connecting it will negotiate the proxy to connect to * target_ip:target_port (target_ip MUST be an IP). * * Once connected, any data passed through the proxy will be checked to see if * target_string is contained within that data. If it is the proxy is * considered open. If the connection is closed at any point before * target_string is matched, or if at least max_read bytes are read from the * connection, the negotiation is considered failed. */ scanner { /* * Unique name of this scanner. This is used further down in the * user {} blocks to decide which users get affected by which * scanners. */ name="default"; /* * HTTP CONNECT - very common proxy protocol supported by widely known * software such as Squid and Apache. The most common sort of * insecure proxy and found on a multitude of weird ports too. Offers * transparent two way TCP connections. */ protocol = HTTP:80; protocol = HTTP:8080; protocol = HTTP:3128; protocol = HTTP:6588; /* * SOCKS4/5 - well known proxy protocols, probably the second most * common for insecure proxies, also offers transparent two way TCP * connections. Fortunately largely confined to port 1080. */ protocol = SOCKS4:1080; protocol = SOCKS5:1080; /* * Cisco routers with a default password (yes, it really does happen). * Also pretty much anything else that will let you telnet to anywhere * else on the internet. Fortunately these are always on port 23. */ protocol = ROUTER:23; /* * WinGate is commercial windows proxy software which is now not so * common, but still to be found, and helpfully presents an interface * that can be used to telnet out, on port 23. */ protocol = WINGATE:23; /* * The HTTP POST protocol, often dismissed when writing the access * controls for proxies, but sadly can still be used to abused. * Offers only the opportunity to send a single block of data, but * enough of them at once can still make for a devastating flood. * Found on the same ports that HTTP CONNECT proxies inhabit. * * Note that if your ircd has "ping cookies" then clients from HTTP * POST proxies cannot actually ever get onto your network anyway. If * you leave the checks in then you'll still find some (because some * people IRC from boxes that run them), but if you use BOPM purely as * a protective measure and you have ping cookies, you need not scan * for HTTP POST. */ protocol = HTTPPOST:80; /* * IP this scanner will bind to. Use this if you need your scans to * come FROM a particular interface on the machine you run BOPM from. * If you don't understand what this means, please leave this * commented out, as this is a major source of support queries! */ # vhost = "127.0.0.1"; /* Maximum file descriptors this scanner can use. Remember that there * will be one FD for each protocol listed above. As this example * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD * limit, this scanner can be used on 64 users _at the same time_. * That should be adequate for most servers. */ fd = 512; /* * Maximum data read from a proxy before considering it closed. Don't * set this too high, some people have fun setting up lots of ports * that send endless data to tie up your scanner. 4KB is plenty for * any known proxy. */ max_read = 4096; /* * Amount of time (in seconds) before a test is considered timed out. * Again, all but the poorest slowest proxies will be detected within * 30 seconds, and this helps keep resource usage low. */ timeout = 30; /* * Target IP to tell the proxy to connect to * * !!! THIS MUST BE CHANGED !!! * * You cannot instruct the proxy to connect to itself! The easiest * thing to do would be to set this to the IP of your ircd and then * keep the default target_strings. * * Please use an IP that is publically reachable from anywhere on the * Internet, because you have no way of knowing where the insecure * proxies will be located. Just because you and your BOPM can * connect to your ircd on some private IP like 192.168.0.1, does not * mean that the insecure proxies out there on the Internet will be * able to. And if they never connect, you will never detect them. * * Remember to change this setting for every scanner you configure. * */ target_ip = "127.0.0.1"; /* * Target port to tell the proxy to connect to. This is usually * something like 6667. Basically any client-usable port. */ target_port = 6665; /* * Target string we check for in the data read back by the scanner. * This should be some string out of the data that your ircd usually * sends on connect. The example below will work on most * hybrid/bahamut ircds. Multiple target strings are allowed. * * NOTE: Try to keep the number of target strings to a minimum. Two * should be fine. One for normal connections and one for throttled * connections. Comment out any others for efficiency. */ /* Usually first line sent to client on connection to ircd. * If your ircd supports a more specific line (see below), * using it will reduce false positives. */ target_string = "*** Looking up your hostname..."; /* Some ircds give a source for the NOTICE AUTH (bahamut for example). * It is recommended you use the following instead of the generic * "*** Looking up your hostname..." if your ircd supports it. * This will reduce the chances of false positives. */ # target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname..."; /* If you try to connect too fast, you'll be throttled by your own * ircd. Here's what a hybrid throttle message looks like: */ target_string = "ERROR :Trying to reconnect too fast."; /* And the same for bahamut (comment this out if you're not using bahamut): */ target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled."; }; scanner { name = "extended"; protocol = HTTP:81; protocol = HTTP:8000; protocol = HTTP:8001; protocol = HTTP:8081; protocol = HTTPPOST:81; protocol = HTTPPOST:6588; # protocol = HTTPPOST:4480; protocol = HTTPPOST:8000; protocol = HTTPPOST:8001; protocol = HTTPPOST:8080; protocol = HTTPPOST:8081; /* * IRCnet have seen many socks5 on these ports, more than on the * standard ports even. */ protocol = SOCKS4:4914; protocol = SOCKS4:6826; protocol = SOCKS4:7198; protocol = SOCKS4:7366; protocol = SOCKS4:9036; protocol = SOCKS5:4438; protocol = SOCKS5:5104; protocol = SOCKS5:5113; protocol = SOCKS5:5262; protocol = SOCKS5:5634; protocol = SOCKS5:6552; protocol = SOCKS5:6561; protocol = SOCKS5:7464; protocol = SOCKS5:7810; protocol = SOCKS5:8130; protocol = SOCKS5:8148; protocol = SOCKS5:8520; protocol = SOCKS5:8814; protocol = SOCKS5:9100; protocol = SOCKS5:9186; protocol = SOCKS5:9447; protocol = SOCKS5:9578; /* * These came courtsey of Keith Dunnett from a bunch of public open * proxy lists. */ protocol = SOCKS4:29992; protocol = SOCKS4:38884; protocol = SOCKS4:18844; protocol = SOCKS4:17771; protocol = SOCKS4:31121; fd = 400; /* If required you can add settings such as target_ip here * they will override the defaults set in the first scanner * for this and subsequent scanners defined in the config file * This affects the following options: * fd, vhost, target_ip, target_port, target_string, timeout and * max_read. */ }; /* * User blocks define what scanners will be used to scan which hostmasks. When * a user connects they will be scanned on every scanner {} (above) that * matches their host. */ user { /* * Users matching this host mask will be scanned with all the * protocols in the scanner named. */ mask = "*!*@*"; scanner = "default"; }; user { /* Connections without ident will match on a vast number of connections * very few proxies run ident though */ # mask = "*!~*@*"; mask = "*!squid@*"; mask = "*!nobody@*"; mask = "*!www-data@*"; mask = "*!cache@*"; mask = "*!CacheFlowS@*"; mask = "*!*@*www*"; mask = "*!*@*proxy*"; mask = "*!*@*cache*"; scanner = "extended"; }; /* * Exempt hosts matching certain strings from any form of scanning or dnsbl. * BOPM will check each string against both the hostname and the IP address of * the user. * * There are very few valid reasons to actually use "exempt". BOPM should * never get false positives, and we would like to know very much if it does. * One possible scenario is that the machine BOPM runs from is specifically * authorized to use certain hosts as proxies, and users from those hosts use * your network. In this case, without exempt, BOPM will scan these hosts, * find itself able to use them as proxies, and ban them. */ exempt { mask = "*!*@127.0.0.1"; };

Chief Fri Oct 13, 2017 11:23 pm

Code:: /* * Hybrid Open Proxy Monitor - HOPM sample configuration * * Copyright (c) 2014-2017 ircd-hybrid development team * * $Id$ */ /* * Shell style (#), C++ style (//) and C style comments are supported. * * Files may be included by either: * .include "filename" * .include <filename> * * Times/durations are written as: * 12 hours 30 minutes 1 second * * Valid units of time: * year, month, week, day, hour, minute, second * * Valid units of size: * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte * * Sizes and times may be singular or plural. */ options { /* * Full path and filename for storing the process ID of the running * HOPM. */ pidfile = "/home/asher/hopm/var/run/hopm.pid"; /* * Maximum commands to queue. Set to 0 if you don't want HOPM * to process commands. */ command_queue_size = 64; /* * Interval to check command queue for timed out commands. */ command_interval = 10 seconds; /* * Timeout of commands. */ command_timeout = 180 seconds; /* * How long to store the IP address of hosts which are confirmed * (by previous scans) to be secure. New users from these * IP addresses will not be scanned again until this amount of time * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS * DIRECTIVE, but it is provided due to demand. * * The main reason for not using this feature is that anyone capable * of running a proxy can get abusers onto your network - all they * need do is shut the proxy down, connect themselves, restart the * proxy, and tell their friends to come flood. * * Keep this directive commented out to disable negative caching. */ # negcache = 1 hour; /* * How long between rebuilds of the negative cache. The negcache * is only rebuilt to free up memory used by entries that are too old. * You probably don't need to tweak this unless you have huge amounts * of people connecting (hundreds per minute). Default is 12 hours. */ negcache_rebuild = 12 hours; /* * Amount of file descriptors to allocate to asynchronous DNS. 64 * should be plenty for almost anyone. */ dns_fdlimit = 64; /* * Amount of time the resolver waits until a response is received * from a name server. */ dns_timeout = 5 seconds; /* * Put the full path and filename of a logfile here if you wish to log * every scan done. Normally HOPM only logs successfully detected * proxies in the hopm.log, but you may get abuse reports to your ISP * about portscanning. Being able to show that it was HOPM that did * the scan in question can be useful. Leave commented for no * logging. */ # scanlog = "var/log/scan.log"; }; irc { /* * IP address to bind to for the IRC connection. You only need to * use this if you wish HOPM to use a particular interface * (virtual host, IP alias, ...) when connecting to the IRC server. * There is another "vhost" setting in the scan {} block below for * the actual portscans. Note that this directive expects an IP address, * not a hostname. Please leave this commented out if you do not * understand what it does, as most people don't need it. */ # vhost = "0.0.0.0"; /* * Nickname for HOPM to use. */ nick = "MIRCX"; /* * Text to appear in the "realname" field of HOPM's /whois output. */ realname = "Hybrid Open Proxy Monitor"; /* * If you don't have an identd running, what username to use. */ username = "hopm"; /* * Hostname (or IP address) of the IRC server which HOPM will monitor * connections on. IPv6 is now supported. */ server = "192.168.1.219"; /* * Password used to connect to the IRC server (PASS) */ # password = "secret"; /* * Port of the above server to connect to. This is what HOPM uses to * get onto IRC itself, it is nothing to do with what ports/protocols * are scanned, nor do you need to list every port your ircd listens * on. */ port = 6665; /* * Defines time in which bot will timeout if no data is received */ readtimeout = 15 minutes; /* * Interval in how often we try to reconnect to the IRC server */ reconnectinterval = 30 seconds; /* * Command to execute to identify to NickServ (if your network uses * it). This is the raw IRC command text, and the below example * corresponds to "/msg nickserv identify password" in a client. If * you don't understand, just edit "password" in the line below to be * your HOPM's nick password. Leave commented out if you don't need * to identify to NickServ. */ nickserv = "auth matrix a123456"; /* * The username and password needed for HOPM to oper up. */ oper = "hopm 123456"; /* * Mode string that HOPM needs to set on itself as soon as it opers * up. This needs to include the mode for seeing connection notices, * otherwise HOPM won't scan anyone (that's usually umode +c). */ mode = "+Bs +cF"; /* * If this is set then HOPM will use it as an /away message as soon as * it connects. */ away = "I'm a bot. Your messages will be ignored."; /* * Info about channels you wish HOPM to join in order to accept * commands. HOPM will also print messages in these channels every * time it detects a proxy. Only IRC operators can command HOPM to do * anything, but some of the things HOPM reports to these channels * could be considered sensitive, so it's best not to put HOPM into * public channels. */ channel { /* * Channel name. Local ("&") channels are supported if your ircd * supports them. */ name = "#hopm"; /* * If HOPM will need to use a key to enter this channel, this is * where you specify it. */ # key = "somekey"; /* * If you use ChanServ then maybe you want to set the channel * invite-only and have each HOPM do "/msg ChanServ invite" to get * itself in. Leave commented if you don't, or if this makes no * sense to you. */ # invite = "ChanServ INVITE #mIRCx MIRCX"; }; /* * You can define a bunch of channels if you want: * * channel { name = "#mIRCx"; }; channel { name= "#channel"; } */ channel { name = "#mIRCx"; }; /* * connregex is a POSIX regular expression used to parse connection * notices from the ircd. The complexity of the expression should * be kept to a minimum. * * Items in order MUST be: nick user host IP * * HOPM will not work with ircds which do not send an IP address in the * connection notice. * * This is fairly complicated stuff, and the consequences of getting * it wrong are the HOPM does not scan anyone. Unless you know * absolutely what you are doing, please just uncomment the example * below that best matches the type of ircd you use. */ /* bahamut / charybdis / ircd-hybrid / ircd-ratbox / ircu / UnrealIRCd 3.2.x (in HCN mode) */ connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*"; connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9\\.]+)\\].*"; /* ircd-hybrid with far connect notices (user mode +F) to scan clients on remote servers */ # connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*"; /* UnrealIRCd 4.0.x */ connregex = "\\*\\*\\* Client connecting: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*"; /* InspIRCd */ # connregex = "\\*\\*\\* .*CONNECT: Client connecting.*: ([^ ]+)!([^@]+)@([^\\)]+) \$([0-9a-fA-F\\.:]+)\$ \\[.*\\]"; /* ngIRCd */ # connregex = "Client connecting: ([^ ]+) \$([^@]+)@([^\$]+)\\) \\[([0-9a-fA-F\\.:]+)\\].*"; /* * "kline" controls the command used when an open proxy is confirmed. * We suggest applying a temporary (no more than a few hours) KLINE on the host. * * <WARNING> * Make sure if you need to change this string you also change the * kline command for every DNSBL you enable below. * * Also note that some servers do not allow you to include ':' characters * inside the KLINE message (e.g. for a http:// address). * * Users rewriting this message into something that isn't even a valid * IRC command is the single most common cause of support requests and * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE * KLINE COMMANDS BELOW. * </WARNING> * * That said, should you wish to customise this text, several * printf-like placeholders are available: * * %n User's nick * %u User's username * %h User's irc hostname * %i User's IP address * %t Protocol type which has triggered a positive scan */ kline = "KLINE 180 *@%h :Open proxy found on your host."; /* A GLINE example for ircu */ # kline = "GLINE +*@%i 1800 :Open proxy found on your host."; /* * An AKILL example for services with OperServ. Your HOPM must have permission to * AKILL for this to work! */ # kline = "OS AKILL ADD +3h *@%h Open proxy found on your host."; /* * Text to send on connection, these can be stacked and will be sent in this order. * * !!! UNREAL USERS PLEASE NOTE !!! * Unreal users will need PROTOCTL HCN to force hybrid connect * notices. * * Yes Unreal users! That means you! That means you need the line * below! See that thing at the start of the line? That's what we * call a comment! Remove it to UNcomment the line. * * Note that this is no longer needed as of UnrealIRCd 4.0.0. */ perform = "PROTOCTL HCN"; /* * Text to send, via NOTICE, immediately when a new client connects. These can be * stacked and will be sent in this order. */ notice = "You are now being scanned for open proxies. If you have nothing to hide, you have nothing to fear."; }; /* * OPM Block defines blacklists and information required to report new proxies * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone * file. There are several blacklist that list IP addresses known to be open * proxies or other forms of IRC abuse. By checking against these blacklists, * HOPMs are able to ban known sources of abuse without completely scanning them. */ OPM { /* * Blacklist zones to check IPs against. If you would rather not * trust a remotely managed blacklist, you could set up your own, or * leave these commented out in which case every user will be * scanned. The use of at least one open proxy DNSBL is recommended * however. * * Please check the policies of each blacklist you use to check you * are comfortable with using them to block access to your server * (and that you are allowed to use them). */ /* dnsbl.dronebl.org - http://dronebl.org */ blacklist { /* The DNS name of the blacklist */ name = "dnsbl.dronebl.org"; /* * Address families that are supported by the blacklist. Default is 'ipv4'. */ address_family = ipv4; /* * There are only two values that are valid for this * "A record bitmask" and "A record reply" * These options affect how the values specified to reply * below will be interpreted, a bitmask is where the reply * values are 2^n and more than one is added up, a reply is * simply where the last octet of the IP address is that number. * If you are not sure then the values set for dnsbl.dronebl.org * will work without any changes. */ type = "A record bitmask"; /* * Kline types not listed in the reply list below. * * For DNSBLs that are not IRC specific and you just wish to kline * certain types this can be enabled/disabled. */ ban_unknown = yes; /* * The actual values returned by the dnsbl.dronebl.org blacklist as * documented at http://dronebl.org/docs/howtouse */ reply { 2 = "Sample data used for heuristical analysis"; 3 = "IRC spam drone (litmus/sdbot/fyle)"; 5 = "Bottler (experimental)"; 6 = "Unknown worm or spambot"; 7 = "DDoS drone"; 8 = "Open SOCKS proxy"; 9 = "Open HTTP proxy"; 10 = "ProxyChain"; 11 = "Web Page Proxy"; 12 = "Open DNS Resolver"; 13 = "Automated dictionary attacks"; 14 = "Open WINGATE proxy"; 15 = "Compromised router / gateway"; 16 = "Autorooting worms"; 17 = "Automatically determined botnet IPs (experimental)"; 18 = "DNS/MX type hostname detected on IRC"; 255 = "Uncategorized threat class"; }; /* * The kline message sent for this specific blacklist, remember to put * the removal method in this. */ kline = "ZLINE *@%i 1d :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=Network"; }; /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */ # blacklist { # name = "tor.dnsbl.sectoor.de"; # type = "A record reply"; # ban_unknown = no; # reply { # 1 = "Tor exit server"; # }; # kline = "KLINE 180 *@%h :Tor exit server detected. For more information, visit http://www.sectoor.de/tor.php?ip=%i"; # }; /* rbl.efnetrbl.org - http://rbl.efnetrbl.org/ */ blacklist { name = "rbl.efnetrbl.org"; type = "A record bitmask"; ban_unknown = yes; reply { 1 = "Open proxy"; 2 = "spamtrap666"; 3 = "spamtrap50"; 4 = "TOR"; 5 = "Drones / Flooding"; }; kline = "ZLINE *@%i 1d :Blacklisted proxy found. For more information, visit http://rbl.efnetrbl.org/?i=%i"; }; /* tor.efnetrbl.org - http://rbl.efnetrbl.org/ */ # blacklist { # name = "tor.efnetrbl.org"; # type = "A record reply"; # ban_unknown = no; # reply { # 1 = "TOR"; # }; # kline = "KLINE 180 *@%h :TOR exit node found. For more information, visit http://rbl.efnetrbl.org/?i=%i"; # }; /* * You can report the insecure proxies you find to a DNSBL also! * The remaining directives in this section are only needed if you * intend to do this. Reports are sent by email, one email per IP * address. The format does support multiple addresses in one email, * but we don't know of any servers that are detecting enough insecure * proxies for this to be really necessary. */ /* * Email address to send reports FROM. If you intend to send reports, * please pick an email address that we can actually send mail to * should we ever need to contact you. */ # dnsbl_from = "mybopm@myserver.org"; /* * Email address to send reports TO. * For example DroneBL: */ # dnsbl_to = "bopm-report@dronebl.org"; /* * Full path to your sendmail binary. Even if your system does not * use sendmail, it probably does have a binary called "sendmail" * present in /usr/sbin or /usr/lib. If you don't set this, no * proxies will be reported. */ # sendmail = "/usr/sbin/sendmail"; }; /* * The short explanation: * * This is where you define what ports/protocols to check for. You can have * multiple scanner blocks and then choose which users will get scanned by * which scanners further down. * * The long explanation: * * Scanner defines a virtual scanner. For each user being scanned, a scanner * will use a file descriptor (and subsequent connection) for each protocol. * Once connecting it will negotiate the proxy to connect to * target_ip:target_port (target_ip MUST be an IP address). * * Once connected, any data passed through the proxy will be checked to see if * target_string is contained within that data. If it is the proxy is * considered open. If the connection is closed at any point before * target_string is matched, or if at least max_read bytes are read from the * connection, the negotiation is considered failed. */ scanner { /* * Unique name of this scanner. This is used further down in the * user {} blocks to decide which users get affected by which * scanners. */ name = "default"; /* * HTTP CONNECT - very common proxy protocol supported by widely known * software such as Squid and Apache. The most common sort of * insecure proxy and found on a multitude of weird ports too. Offers * transparent two way TCP connections. */ protocol = HTTP:80; protocol = HTTP:8080; protocol = HTTP:3128; protocol = HTTP:6588; /* * The SSL/TLS variant of HTTP */ protocol = HTTPS:443; protocol = HTTPS:8443; /* * SOCKS4/5 - well known proxy protocols, probably the second most * common for insecure proxies, also offers transparent two way TCP * connections. Fortunately largely confined to port 1080. */ protocol = SOCKS4:1080; protocol = SOCKS5:1080; /* * Cisco routers with a default password (yes, it really does happen). * Also pretty much anything else that will let you telnet to anywhere * else on the Internet. Fortunately these are always on port 23. */ protocol = ROUTER:23; /* * WinGate is commercial windows proxy software which is now not so * common, but still to be found, and helpfully presents an interface * that can be used to telnet out, on port 23. */ protocol = WINGATE:23; /* * Dreambox DVB receivers with a default password allowing * full root access to telnet or install bouncers. */ protocol = DREAMBOX:23; /* * The HTTP POST protocol, often dismissed when writing the access * controls for proxies, but sadly can still be used to abused. * Offers only the opportunity to send a single block of data, but * enough of them at once can still make for a devastating flood. * Found on the same ports that HTTP CONNECT proxies inhabit. * * Note that if your ircd has "ping cookies" then clients from HTTP * POST proxies cannot actually ever get onto your network anyway. If * you leave the checks in then you'll still find some (because some * people IRC from boxes that run them), but if you use HOPM purely as * a protective measure and you have ping cookies, you need not scan * for HTTP POST. */ protocol = HTTPPOST:80; /* * The SSL/TLS variant of HTTPPOST */ protocol = HTTPSPOST:443; protocol = HTTPSPOST:8443; /* * IP address this scanner will bind to. Use this if you need your scans to * come FROM a particular interface on the machine you run HOPM from. * If you don't understand what this means, please leave this * commented out, as this is a major source of support queries! */ # vhost = "127.0.0.1"; /* * Maximum file descriptors this scanner can use. Remember that there * will be one FD for each protocol listed above. As this example * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD * limit, this scanner can be used on 64 users _at the same time_. * That should be adequate for most servers. */ fd = 512; /* * Maximum data read from a proxy before considering it closed. Don't * set this too high, some people have fun setting up lots of ports * that send endless data to tie up your scanner. 4KB is plenty for * any known proxy. */ max_read = 4 kbytes; /* * Amount of time before a test is considered timed out. * Again, all but the poorest slowest proxies will be detected within * 30 seconds, and this helps keep resource usage low. */ timeout = 30 seconds; /* * Target IP to tell the proxy to connect to * * !!! THIS MUST BE CHANGED !!! * * You cannot instruct the proxy to connect to itself! The easiest * thing to do would be to set this to the IP address of your ircd * and then keep the default target_strings. * * Please use an IP address that is publically reachable from anywhere * on the Internet, because you have no way of knowing where the insecure * proxies will be located. Just because you and your HOPM can * connect to your ircd on some private IP address like 192.168.0.1, * does not mean that the insecure proxies out there on the Internet will be * able to. And if they never connect, you will never detect them. * * Remember to change this setting for every scanner you configure. */ target_ip = "127.0.0.1"; /* * Target port to tell the proxy to connect to. This is usually * something like 6667. Basically any client-usable port. */ target_port = 6665; /* * Target string we check for in the data read back by the scanner. * This should be some string out of the data that your ircd usually * sends on connect. Multiple target strings are allowed. * * NOTE: Try to keep the number of target strings to a minimum. Two * should be fine. One for normal connections and one for throttled * connections. Comment out any others for efficiency. */ /* * Usually first line sent to client on connection to ircd. * If your ircd supports a more specific line (see below), * using it will reduce false positives. */ target_string = ":irc.example.org NOTICE * :*** Looking up your hostname"; /* * If you try to connect too fast, you'll be throttled by your own * ircd. Here's what a hybrid throttle message looks like: */ target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled."; }; scanner { name = "extended"; protocol = HTTP:81; protocol = HTTP:8000; protocol = HTTP:8001; protocol = HTTP:8081; protocol = HTTPPOST:81; protocol = HTTPPOST:6588; protocol = HTTPPOST:4480; protocol = HTTPPOST:8000; protocol = HTTPPOST:8001; protocol = HTTPPOST:8080; protocol = HTTPPOST:8081; /* * IRCnet have seen many socks5 on these ports, more than on the * standard ports even. */ protocol = SOCKS4:4914; protocol = SOCKS4:6826; protocol = SOCKS4:7198; protocol = SOCKS4:7366; protocol = SOCKS4:9036; protocol = SOCKS5:4438; protocol = SOCKS5:5104; protocol = SOCKS5:5113; protocol = SOCKS5:5262; protocol = SOCKS5:5634; protocol = SOCKS5:6552; protocol = SOCKS5:6561; protocol = SOCKS5:7464; protocol = SOCKS5:7810; protocol = SOCKS5:8130; protocol = SOCKS5:8148; protocol = SOCKS5:8520; protocol = SOCKS5:8814; protocol = SOCKS5:9100; protocol = SOCKS5:9186; protocol = SOCKS5:9447; protocol = SOCKS5:9578; protocol = SOCKS5:10000; protocol = SOCKS5:64101; /* * These came courtsey of Keith Dunnett from a bunch of public open * proxy lists. */ protocol = SOCKS4:29992; protocol = SOCKS4:38884; protocol = SOCKS4:18844; protocol = SOCKS4:17771; protocol = SOCKS4:31121; fd = 400; /* * If required you can add settings such as target_ip here * they will override the defaults set in the first scanner * for this and subsequent scanners defined in the config file * This affects the following options: * fd, vhost, target_ip, target_port, target_string, timeout and * max_read. */ }; /* * User blocks define what scanners will be used to scan which hostmasks. * When a user connects they will be scanned on every scanner {} (above) * that matches their host. */ user { /* * Users matching this host mask will be scanned with all the * protocols in the scanner named. */ mask = "*!*@*"; scanner = "default"; }; user { /* * Connections without ident will match on a vast number of connections * very few proxies run ident though */ # mask = "*!~*@*"; mask = "*!squid@*"; mask = "*!nobody@*"; mask = "*!www-data@*"; mask = "*!cache@*"; mask = "*!CacheFlowS@*"; mask = "*!*@*www*"; mask = "*!*@*proxy*"; mask = "*!*@*cache*"; scanner = "extended"; }; /* * Exempt hosts matching certain strings from any form of scanning or dnsbl. * HOPM will check each string against both the hostname and the IP address of * the user. * * There are very few valid reasons to actually use "exempt". HOPM should * never get false positives, and we would like to know very much if it does. * One possible scenario is that the machine HOPM runs from is specifically * authorized to use certain hosts as proxies, and users from those hosts use * your network. In this case, without exempt, HOPM will scan these hosts, * find itself able to use them as proxies, and ban them. */ exempt { mask = "*!*@127.0.0.1"; };

Chief Sun Dec 10, 2017 2:22 am

you are welcome download the config when we fix it more thing do you have in a config options block ssl and connection for PyLink and block dnsbl enjoy
https://f2h.nana10.co.il/2c1r0kgko2yg
Fix By MIRCX IRC NETWORK

Chief Sat Aug 04, 2018 2:13 pm

ircu2 with features
"SPAM_OPER_COUNTDOWN" = "5";
"SPAM_EXPIRE_TIME" = "120";
"SPAM_JOINED_TIME" = "60";
"SPAM_FJP_COUNT" = "5";

to download
https://f2h.io/wq2biz2k9qiq
the config fix By BMT

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "irc.mIRCxNet.ISRAEL"; description = "mIRCx IRC Network"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "mIRCx IRC Network"; Location = "mIRCxNet IRC server"; Contact = "mIRCx@gmail.com"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # # Class { # name = "<class>"; # pingfreq = time; # connectfreq = time; # maxlinks = number; # sendq = size; # usermode = "+i"; # }; # # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+iw"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 5; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe_server (not used) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # unlimit_query, set, badchan, local_badchan and apass_opmode. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode # Any privileges listed in a Class block override the defaults. local = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Other"; ip = "*@*"; maxlinks = 2; }; Client { class = "Other"; host = "*@*"; maxlinks = 2; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.com"; class = "America"; maxlinks = 2; }; Client { host = "*@*.net"; class = "America"; maxlinks = 2; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Local"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 2; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # file = "path/to/motd/file"; # }; # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Motd block for each host entry, but makes # it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "uworld.eu.undernet.org"; name = "uworld2.undernet.org"; name = "uworld.undernet.org"; name = "channels.undernet.org"; name = "channels2.undernet.org"; name = "channels3.undernet.org"; name = "channels4.undernet.org"; name = "channels5.undernet.org"; name = "channels6.undernet.org"; }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "EuWorld,UWorld,UWorld2"; nick = "login,undernet,protocol,pass,newpass,org"; nick = "StatServ,NoteServ"; nick = "ChanSvr,ChanSaver,ChanServ"; nick = "NickSvr,NickSaver,NickServ"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: #Kill { host = "*.au"; reason = "Please use a nearer server"; }; #Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. #Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. #Kill #{ # host = "*luser@unixbox.flooder.co.uk"; # file = "kline/youflooded.txt"; #}; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # The realname field lets you ban by realname... #Kill #{ # realname = "*sub7*"; # reason = "You are infected with a Trojan"; #}; # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.219"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "PHP.mIRCxNet.ISRAEL.Services"; host = "192.168.1.219"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # Including the "all" modifier makes the rule always apply. Otherwise # it only applies to outbound autoconnects. # # CRule "servermask" all connectrule; # CRule "servermask" connectrule; CRule "*.US.Undernet.Org" connected("*.US.Undernet.Org"); CRule "*.EU.Undernet.Org" connected("Amsterdam.NL.EU.*"); # The following CRule is recommended for leaf servers: CRule "*" directcon("*"); # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*"; password = "$PLAIN$leetmoo"; name = "darksis"; class = "Opers"; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # # Setting to yes makes the port exempt from connection restrictions # # during a timed /restart or /die. # exempt = yes; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an IPv4-only Server port that is Hidden #Port { # server = yes; # hidden = yes; # port = ipv4 4401; #}; # The following are normal client ports Port { port = 5000; }; #Port { port = 6668; }; #Port { # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6666; # Allows your opers to connect during a timed /restart or /die. # exempt = yes; #}; # This is a hidden client port, listening on 168.8.21.107. Port { vhost = "192.168.1.219"; hidden = no; port = 5000; }; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. Pseudo "CHANSERV" { name = "X"; nick = "X@channels.undernet.org"; }; # You can also prepend text before the user's message. Pseudo "LOGIN" { name = "X"; prepend = "LOGIN "; nick = "X@channels.undernet.org"; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. # IAuth { # program = "../path/to/iauth" "-n" "options go here"; # }; # [Include] # You can include certain kinds of configuration snippets from other # files. The basic directive, which allows any kind of block or # recursive include, is: # # Include "filename"; # # You can limit the file to certain types of configuration blocks by # using the block name(s), optionally separated by commas. For # example: # # Include uworld, jupe, quarantine, kill from "linesync.conf"; # Include operator from "opers.conf"; # Include include from "include.conf"; # # The restrictions are transitive across includes. This means that # the last example is not very useful: the only thing include.conf may # do is include other include files, and none of them may have any # other kind of block! # # Well-formed but disallowed configuration blocks generate a warning # but do not break the file. The other syntax rules must still be # followed, because a syntax error will break the file. # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only way to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; # "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; # "CLIENT_FLOOD"="1024"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; # "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; # "WALLOPS_OPER_ONLY"="FALSE"; # "NODNS"="FALSE"; # "NOIDENT"="FALSE"; # "RANDOM_SEED"="<you should set one explicitly>"; # "DEFAULT_LIST_PARAM"="TRUE"; # "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="mIRCxNet"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="users.mIRCxNet.ISRAEL"; # "HIDDEN_IP"="127.0.0.1"; # "KILLCHASETIMELIMIT"="30"; # "MAXCHANNELSPERUSER"="10"; # "NICKLEN" = "12"; # "AVBANLEN"="40"; # "MAXBANS"="30"; # "MAXSILES"="15"; # "HANGONGOODLINK"="300"; # "HANGONRETRYDELAY" = "10"; # "CONNECTTIMEOUT" = "90"; # "MAXIMUM_LINKS" = "1"; # "PINGFREQUENCY" = "120"; # "CONNECTFREQUENCY" = "600"; # "DEFAULTMAXSENDQLENGTH" = "40000"; # "GLINEMAXUSERCOUNT" = "20"; # "MPATH" = "ircd.motd"; # "RPATH" = "remote.motd"; # "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; # "IRCD_RES_TIMEOUT" = "4"; # "IRCD_RES_RETRIES" = "2"; # "AUTH_TIMEOUT" = "9"; "IPCHECK_CLONE_LIMIT" = "4"; "IPCHECK_CLONE_PERIOD" = "40"; "IPCHECK_CLONE_DELAY" = "600"; # "CHANNELLEN" = "200"; # "CONFIG_OPERCMDS" = "FALSE"; # "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; # "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. "HIS_SNOTICES" = "TRUE"; "HIS_SNOTICES_OPER_ONLY" = "TRUE"; # "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_NAMESERVERS" = "TRUE"; # "HIS_STATS_CONNECT" = "TRUE"; # "HIS_STATS_CRULES" = "TRUE"; # "HIS_STATS_ENGINE" = "TRUE"; # "HIS_STATS_FEATURES" = "TRUE"; # "HIS_STATS_GLINES" = "TRUE"; # "HIS_STATS_ACCESS" = "TRUE"; # "HIS_STATS_HISTOGRAM" = "TRUE"; # "HIS_STATS_JUPES" = "TRUE"; # "HIS_STATS_KLINES" = "TRUE"; # "HIS_STATS_LINKS" = "TRUE"; # "HIS_STATS_MODULES" = "TRUE"; # "HIS_STATS_COMMANDS" = "TRUE"; # "HIS_STATS_OPERATORS" = "TRUE"; # "HIS_STATS_PORTS" = "TRUE"; # "HIS_STATS_QUARANTINES" = "TRUE"; # "HIS_STATS_MAPPINGS" = "TRUE"; # "HIS_STATS_USAGE" = "TRUE"; # "HIS_STATS_LOCALS" = "TRUE"; # "HIS_STATS_MOTDS" = "TRUE"; # "HIS_STATS_UPTIME" = "FALSE"; # "HIS_STATS_UWORLD" = "TRUE"; # "HIS_STATS_VSERVERS" = "TRUE"; # "HIS_STATS_USERLOAD" = "TRUE"; # "HIS_STATS_MEMUSAGE" = "TRUE"; # "HIS_STATS_CLASSES" = "TRUE"; # "HIS_STATS_MEMORY" = "TRUE"; # "HIS_STATS_IAUTH" = "TRUE"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; # "HIS_MODEWHO" = "TRUE"; # "HIS_BANWHO" = "TRUE"; # "HIS_KILLWHO" = "TRUE"; # "HIS_REWRITE" = "TRUE"; # "HIS_REMOTE" = "TRUE"; # "HIS_NETSPLIT" = "TRUE"; "HIS_SERVERNAME" = "*.mIRCxNet.ISRAEL"; "HIS_SERVERINFO" = "The mIRCxnet Underworld"; # "HIS_URLSERVERS" = "http://www.undernet.org/servers.php"; # "URLREG" = "http://cservice.undernet.org/live/"; "SPAM_OPER_COUNTDOWN" = "5"; "SPAM_EXPIRE_TIME" = "120"; "SPAM_JOINED_TIME" = "60"; "SPAM_FJP_COUNT" = "5"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

Enjoy

Chief Sat Aug 04, 2018 2:39 pm

mIRCx IRC Network Config - Page 2 Clone110

mIRCx IRC Network Config - Page 2 Clone210

by the way when do you run this ircu you need configure with this

Code:: ./configure --prefix=/home/asher --with-domain

is working good

Chief Sat Jun 15, 2019 11:51 pm

Hello people a new modules in inspircd 2.0.24 and in atheme.services only what you need is change pass address name your network and ip good luck
https://f2h.io/ixyv2ngo75ge

Chief Fri Sep 20, 2019 5:19 am

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "Basic.NanaChat.co.il"; description = "NanaChat IRC Network"; vhost = "*"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "NanaChat IRC Network"; Location = "NanaChat IRC server"; Contact = "mIRCx@gmail.com"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; usermode = "+x"; }; # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+x"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 5; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; usermode = "+x"; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe_server (not used) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # umode_nochan (can set usermode +n to hide channels) # umode_noidle (can set usermode +I to hide idle time) # umode_chserv (can set umode +k) # umode_xtraop (can set umode +X) # umode_netserv (can set umode +S) # umode_overridecc (Allow to set umode +c which overrides cmodes +cC) # see_idletime (can see idletime of local +I users) # hide_idletime (hides idle time also from users with see_idletime, unless they are on the same server and have this priv too) # more_flood (has less throttling) # unlimited_flood (no more excess floods) # unlimited_targets (allow unlimited target changes) # noamsg_override (can override cmode +M) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # umode_chserv, umode_xtraop, umode_service, # unlimit_query, set, badchan, local_badchan and apass_opmode. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode, see_idletime, hide_channels, hide_idletime, # more_flood # Any privileges listed in a Class block override the defaults. local = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Other"; ip = "*@*"; maxlinks = 10; }; Client { class = "Other"; host = "*@*"; maxlinks = 10; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.com"; class = "America"; maxlinks = 2; }; Client { host = "*@*.net"; class = "America"; maxlinks = 2; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Local"; maxlinks=10; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Local"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 2; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # file = "path/to/motd/file"; # }; # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Motd block for each host entry, but makes # it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "ircd.mIRCxNet"; #numeric: 1 name = "services.mIRCxNet"; #numeric: 2 }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "server,svr,serv,sbnc,znc,SpamServ,SpamSvr,staff,admin,team"; nick = "login,testirc,protocol,pass,newpass,org,irc"; nick = "StatServ,NoteServ,MemoServ"; nick = "ChanSvr,ChanSrv,ChanSaver,ChanServ"; nick = "NickSvr,NickSrv,NickSaver,NickServ"; nick = "AuthSvr,AuthSrv,AuthSaver,AuthServ"; nick = "HostSvr,HostSrv,HostSaver,HostServ"; nick = "Watchdog,Watchcat,Global"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: #Kill { host = "*.au"; reason = "Please use a nearer server"; }; #Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. #Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected #with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. #Kill #{ # host = "*luser@unixbox.flooder.co.uk"; # file = "kline/youflooded.txt"; #}; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # The realname field lets you ban by realname... #Kill #{ # realname = "*sub7*"; # reason = "You are infected with a Trojan"; #}; # [SSL] # SSL { # # There need to be the private key AND the public key INSIDE the certificate file cert = "23 C6 0F BF F1 9E 2F 0A 12 93"; # # Optional CA certificate for non-self-signed certificates cacert = "15 DF FD 0F F6 EA A3 90 E9 24 ED 6B 1E"; }; SSL { cert = "ircd.pem"; }; # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "PHP.NanaChat.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "X3.NanaChat.Services"; host = "192.168.1.20"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # If more than one server mask is present in a single crule, the rule # applies to all servers. # CRULE # { # server = "servermask"; # rule = "connectrule"; # # Setting all to yes makes the rule always apply. Otherwise it only # # applies to autoconnects. # all = yes; # }; CRULE { server = "*.US.UnderNet.org"; rule = "connected(*.US.UnderNet.org)"; }; CRULE { server = "*.EU.UnderNet.org"; rule = "connected(Amsterdam.NL.EU.*)"; }; # The following block is recommended for leaf servers: CRULE { server = "*"; rule = "directcon(*)"; }; # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*@*"; password = "$PLAIN$leetmoo"; name = "darksis"; class = "Opers"; local = no; whox = yes; display = yes; chan_limit = yes; mode_lchan = yes; deop_lchan = yes; walk_lchan = yes; show_invis = yes; show_all_invis = yes; unlimit_query = yes; local_kill = yes; rehash = yes; restart = yes; die = yes; local_jupe = yes; set = yes; local_gline = yes; local_badchan = yes; see_chan = yes; list_chan = yes; wide_gline = yes; see_opers = yes; kill = yes; gline = yes; opmode = yes; badchan = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; unlimited_flood = yes; unlimited_targets = yes; noamsg_override = yes; chan_limit = yes; mode_lchan = yes; show_invis = yes; show_all_invis = yes; local_kill = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; umode_noidle = yes; umode_chserv = yes; umode_xtraop = yes; umode_netserv = yes; umode_overridecc = yes; local_opmode = yes; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # # Setting to yes makes the port to handle incoming connection as SSL connections # secure = no; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an IPv4-only Server port that is Hidden #Port { # server = yes; # hidden = yes; # port = ipv4 4401; #}; # The following are normal client ports Port { port = 5000; }; #Port { port = 6668; }; #Port { # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6666; #}; #SSL Port Port { secure = yes; port = 7778; }; # This is a hidden client port, listening on 168.8.21.107. Port { vhost = "192.168.1.20"; hidden = yes; port = 6661; }; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. # If the server behind the '@' is not valid or if the nick is not # on this server, the servername is interpreted as an accountname # and the nick must have this accountname set and +S as umode to get # the message relayed. Pseudo "CHANSERV" { name = "X3"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also prepend text before the user's message. Pseudo "cmd" { name = "X3"; prepend = "service"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also specify the default text to send if the user does not # supply some text. Pseudo "AUTHSERV" { name = "AUTH"; nick = "AuthServ@x3.NanaChat.Services"; }; Pseudo "AUTH" { name = "authserv"; nick = "AuthServ@X3.NanaChat.Services"; prepend = "AUTH "; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. # If required is set to yes, then all clients are rejected when # the iauth helper program could not be started/queried/timed-out. IAuth { program = "/usr/bin/perl" "/home/bmt/ircu2.10.12-pk/tools/iauthd.pl" "-v" "-d" "-c" "/home/bmt/lib/ircd.conf"; }; #IAUTH POLICY RTAWUwFr #IAUTH CACHETIMEOUT 21600 #IAUTH DNSTIMEOUT 5 #IAUTH BLOCKMSG Sorry! Your connection to NanaChat has been rejected because of your internet address's poor reputation. You may try an authenticated login using Login-On-Connect (LOC) instead. See http://NanaChat.org/rbl for more information. #IAUTH DNSBL server=dnsbl.sorbs.net index=2,3,4,5,6,7,9 mark=sorbs block=anonymous #IAUTH DNSBL server=dnsbl.dronebl.org index=2,3,5,6,7,8,9,10,13,14,15,16,17,18,255 mark=dronebl block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=4 mark=tor block=anonymous #IAUTH DNSBL server=rbl.efnet.org index=1,2,3,5 mark=efnet block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=1,2,3,4,5 mark=efnetrbl block=anonymous #IAUTH DNSBL server=dnsbl-2.uceprotect.net index=2 mark=uce-2 #IAUTH DNSBL server=6667.173.122.134.230.173.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=80.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=443.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only way to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; # "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; # "CLIENT_FLOOD"="433333333333335555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555553333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; "CONNEXIT_NOTICES" = "TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; # "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; # "WALLOPS_OPER_ONLY"="TRUE"; # "NODNS"="FALSE"; # "RANDOM_SEED"="<you should set one explicitly>"; # "DEFAULT_LIST_PARAM"="TRUE"; # "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="mIRCxNet"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="Basic.NanaChat.co.il"; # "HIDDEN_IP"="149.78.154.69"; # "KILLCHASETIMELIMIT"="30"; # "MAXCHANNELSPERUSER"="10"; # "NICKLEN" = "12"; # "AVBANLEN"="40"; # "MAXBANS"="30"; # "MAXSILES"="15"; # "HANGONGOODLINK"="300"; # "HANGONRETRYDELAY" = "10"; # "CONNECTTIMEOUT" = "90"; # "MAXIMUM_LINKS" = "1"; # "PINGFREQUENCY" = "120"; # "CONNECTFREQUENCY" = "600"; # "DEFAULTMAXSENDQLENGTH" = "40000"; # "GLINEMAXUSERCOUNT" = "20"; "MPATH" = "ircd.motd"; # "RPATH" = "remote.motd"; "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; # "IRCD_RES_TIMEOUT" = "4"; # "IRCD_RES_RETRIES" = "2"; # "AUTH_TIMEOUT" = "9"; # "IPCHECK_CLONE_LIMIT" = "4"; # "IPCHECK_CLONE_PERIOD" = "40"; # "IPCHECK_CLONE_DELAY" = "600"; "CHANNELLEN" = "200"; "CONFIG_OPERCMDS" = "TRUE"; "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; # "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. # "HIS_SNOTICES" = "TRUE"; # "HIS_SNOTICES_OPER_ONLY" = "TRUE"; # "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_a" = "TRUE"; # "HIS_STATS_c" = "TRUE"; # "HIS_STATS_d" = "TRUE"; # "HIS_STATS_e" = "TRUE"; # "HIS_STATS_f" = "TRUE"; # "HIS_STATS_g" = "TRUE"; # "HIS_STATS_i" = "TRUE"; # "HIS_STATS_j" = "TRUE"; # "HIS_STATS_J" = "TRUE"; # "HIS_STATS_k" = "TRUE"; # "HIS_STATS_l" = "TRUE"; # "HIS_STATS_L" = "TRUE"; # "HIS_STATS_m" = "TRUE"; # "HIS_STATS_M" = "TRUE"; # "HIS_STATS_o" = "TRUE"; # "HIS_STATS_p" = "TRUE"; # "HIS_STATS_q" = "TRUE"; # "HIS_STATS_r" = "TRUE"; # "HIS_STATS_R" = "TRUE"; # "HIS_STATS_t" = "TRUE"; # "HIS_STATS_T" = "TRUE"; # "HIS_STATS_u" = "TRUE"; # "HIS_STATS_U" = "TRUE"; # "HIS_STATS_v" = "TRUE"; # "HIS_STATS_w" = "TRUE"; # "HIS_STATS_x" = "TRUE"; # "HIS_STATS_y" = "TRUE"; # "HIS_STATS_z" = "TRUE"; "HIS_STATS_IAUTH" = "TRUE"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; # "HIS_MODEWHO" = "TRUE"; # "HIS_BANWHO" = "TRUE"; # "HIS_KILLWHO" = "TRUE"; # "HIS_REWRITE" = "TRUE"; # "HIS_REMOTE" = "TRUE"; # "HIS_NETSPLIT" = "TRUE"; # "ERR_CHANNELISFULL" = "Cannot join channel, channel is full (+l)"; # "ERR_INVITEONLYCHAN" = "Cannot join channel, you must be invited (+i)"; # "ERR_BANNEDFROMCHAN" = "Cannot join channel, you are banned (+b)"; # "ERR_BADCHANNELKEY" = "Cannot join channel, you need the correct key (+k)"; # "ERR_NEEDREGGEDNICK" = "Cannot join channel, you must be authed to join (+r)"; # "ERR_JOINACCESS" = "Cannot join channel, you don't have enough ChanServ access (+a)"; "HIS_SERVERNAME" = "*.NanaChat.co.il"; "HIS_SERVERINFO" = "The NanaChat Underworld"; "HIS_URLSERVERS" = "http://www.mIRCxnet.ISRAEL/servers.php"; # "LOC_ENABLE" = "FALSE"; # "LOC_TARGET" = "somenick"; # "CHMODE_A_ENABLE" = "TRUE"; # "CHMODE_A_TARGET" = "ChanServ"; # "CHMODE_A_NOSET" = "TRUE"; # Mode is not settable by normal users (only services chan set it) # "CHMODE_F_ENABLE" = "TRUE"; # "UNKNOWN_CMD_ENABLE" = "TRUE"; # "UNKNOWN_CMD_TARGET" = "OpServ"; # "NOAMSG_TIME" = "0"; # "NOAMSG_NUM" = "1"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

Chief Fri Sep 20, 2019 2:34 pm

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "Basic.NanaChat.co.il"; description = "NanaChat IRC Network"; vhost = "*"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "NanaChat IRC Network"; Location = "NanaChat IRC server"; Contact = "mIRCx@gmail.com"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; usermode = "+x"; }; # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+x"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 5; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; usermode = "+x"; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe_server (not used) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # umode_nochan (can set usermode +n to hide channels) # umode_noidle (can set usermode +I to hide idle time) # umode_chserv (can set umode +k) # umode_xtraop (can set umode +X) # umode_netserv (can set umode +S) # umode_overridecc (Allow to set umode +c which overrides cmodes +cC) # see_idletime (can see idletime of local +I users) # hide_idletime (hides idle time also from users with see_idletime, unless they are on the same server and have this priv too) # more_flood (has less throttling) # unlimited_flood (no more excess floods) # unlimited_targets (allow unlimited target changes) # noamsg_override (can override cmode +M) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # umode_chserv, umode_xtraop, umode_service, # unlimit_query, set, badchan, local_badchan and apass_opmode. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode, see_idletime, hide_channels, hide_idletime, # more_flood # Any privileges listed in a Class block override the defaults. local = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Other"; ip = "*@*"; maxlinks = 10; }; Client { class = "Other"; host = "*@*"; maxlinks = 10; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.com"; class = "America"; maxlinks = 2; }; Client { host = "*@*.net"; class = "America"; maxlinks = 2; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Local"; maxlinks=10; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Local"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 2; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # file = "path/to/motd/file"; # }; # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Motd block for each host entry, but makes # it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "ircd.mIRCxNet"; #numeric: 1 name = "services.mIRCxNet"; #numeric: 2 }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "server,svr,serv,sbnc,znc,SpamServ,SpamSvr,staff,admin,team"; nick = "login,testirc,protocol,pass,newpass,org,irc"; nick = "StatServ,NoteServ,MemoServ"; nick = "ChanSvr,ChanSrv,ChanSaver,ChanServ"; nick = "NickSvr,NickSrv,NickSaver,NickServ"; nick = "AuthSvr,AuthSrv,AuthSaver,AuthServ"; nick = "HostSvr,HostSrv,HostSaver,HostServ"; nick = "Watchdog,Watchcat,Global"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: #Kill { host = "*.au"; reason = "Please use a nearer server"; }; #Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. #Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected #with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. #Kill #{ # host = "*luser@unixbox.flooder.co.uk"; # file = "kline/youflooded.txt"; #}; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # The realname field lets you ban by realname... #Kill #{ # realname = "*sub7*"; # reason = "You are infected with a Trojan"; #}; # [SSL] # SSL { # # There need to be the private key AND the public key INSIDE the certificate file cert = "23 C6 0F BF F1 9E 2F 0A 12 93"; # # Optional CA certificate for non-self-signed certificates cacert = "15 DF FD 0F F6 EA A3 90 E9 24 ED 6B 1E"; }; SSL { cert = "ircd.pem"; }; # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "PHP.NanaChat.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "X3.NanaChat.Services"; host = "192.168.1.20"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # If more than one server mask is present in a single crule, the rule # applies to all servers. # CRULE # { # server = "servermask"; # rule = "connectrule"; # # Setting all to yes makes the rule always apply. Otherwise it only # # applies to autoconnects. # all = yes; # }; CRULE { server = "*.US.UnderNet.org"; rule = "connected(*.US.UnderNet.org)"; }; CRULE { server = "*.EU.UnderNet.org"; rule = "connected(Amsterdam.NL.EU.*)"; }; # The following block is recommended for leaf servers: CRULE { server = "*"; rule = "directcon(*)"; }; # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*@*"; password = "$PLAIN$leetmoo"; name = "darksis"; class = "Opers"; local = no; whox = yes; display = yes; chan_limit = yes; mode_lchan = yes; deop_lchan = yes; walk_lchan = yes; show_invis = yes; show_all_invis = yes; unlimit_query = yes; local_kill = yes; rehash = yes; restart = yes; die = yes; local_jupe = yes; set = yes; local_gline = yes; local_badchan = yes; see_chan = yes; list_chan = yes; wide_gline = yes; see_opers = yes; kill = yes; gline = yes; opmode = yes; badchan = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; unlimited_flood = yes; unlimited_targets = yes; noamsg_override = yes; chan_limit = yes; mode_lchan = yes; show_invis = yes; show_all_invis = yes; local_kill = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; umode_noidle = yes; umode_chserv = yes; umode_xtraop = yes; umode_netserv = yes; umode_overridecc = yes; local_opmode = yes; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # # Setting to yes makes the port to handle incoming connection as SSL connections # secure = no; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an IPv4-only Server port that is Hidden #Port { # server = yes; # hidden = yes; # port = ipv4 4401; #}; # The following are normal client ports Port { port = 5000; }; #Port { port = 6668; }; #Port { # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6666; #}; #SSL Port Port { secure = yes; port = 7778; }; # This is a hidden client port, listening on 168.8.21.107. Port { vhost = "192.168.1.20"; hidden = yes; port = 6661; }; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. # If the server behind the '@' is not valid or if the nick is not # on this server, the servername is interpreted as an accountname # and the nick must have this accountname set and +S as umode to get # the message relayed. Pseudo "CHANSERV" { name = "X3"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also prepend text before the user's message. Pseudo "cmd" { name = "X3"; prepend = "service"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also specify the default text to send if the user does not # supply some text. Pseudo "AUTHSERV" { name = "AUTH"; nick = "AuthServ@x3.NanaChat.Services"; }; Pseudo "AUTH" { name = "authserv"; nick = "AuthServ@X3.NanaChat.Services"; prepend = "AUTH "; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. # If required is set to yes, then all clients are rejected when # the iauth helper program could not be started/queried/timed-out. IAuth { program = "/usr/bin/perl" "/home/bmt/ircu2.10.12-pk/tools/iauthd.pl" "-v" "-d" "-c" "/home/bmt/lib/ircd.conf"; }; #IAUTH POLICY RTAWUwFr #IAUTH CACHETIMEOUT 21600 #IAUTH DNSTIMEOUT 5 #IAUTH BLOCKMSG Sorry! Your connection to NanaChat has been rejected because of your internet address's poor reputation. You may try an authenticated login using Login-On-Connect (LOC) instead. See http://NanaChat.org/rbl for more information. #IAUTH DNSBL server=dnsbl.sorbs.net index=2,3,4,5,6,7,9 mark=sorbs block=anonymous #IAUTH DNSBL server=dnsbl.dronebl.org index=2,3,5,6,7,8,9,10,13,14,15,16,17,18,255 mark=dronebl block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=4 mark=tor block=anonymous #IAUTH DNSBL server=rbl.efnet.org index=1,3,5,6,7,9,14 mark=efnet block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=1,2,3,4,5 mark=efnetrbl block=anonymous #IAUTH DNSBL server=dnsbl-2.uceprotect.net index=2 mark=uce-2 #IAUTH DNSBL server=6667.173.122.134.230.173.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=80.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=443.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only way to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; # "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; # "CLIENT_FLOOD"="433333333333335555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555553333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; "CONNEXIT_NOTICES" = "TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; # "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; # "WALLOPS_OPER_ONLY"="TRUE"; # "NODNS"="FALSE"; # "RANDOM_SEED"="<you should set one explicitly>"; # "DEFAULT_LIST_PARAM"="TRUE"; # "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="mIRCxNet"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="Basic.NanaChat.co.il"; # "HIDDEN_IP"="149.78.154.69"; # "KILLCHASETIMELIMIT"="30"; # "MAXCHANNELSPERUSER"="10"; # "NICKLEN" = "12"; # "AVBANLEN"="40"; # "MAXBANS"="30"; # "MAXSILES"="15"; # "HANGONGOODLINK"="300"; # "HANGONRETRYDELAY" = "10"; # "CONNECTTIMEOUT" = "90"; # "MAXIMUM_LINKS" = "1"; # "PINGFREQUENCY" = "120"; # "CONNECTFREQUENCY" = "600"; # "DEFAULTMAXSENDQLENGTH" = "40000"; # "GLINEMAXUSERCOUNT" = "20"; "MPATH" = "ircd.motd"; # "RPATH" = "remote.motd"; "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; # "IRCD_RES_TIMEOUT" = "4"; # "IRCD_RES_RETRIES" = "2"; # "AUTH_TIMEOUT" = "9"; # "IPCHECK_CLONE_LIMIT" = "4"; # "IPCHECK_CLONE_PERIOD" = "40"; # "IPCHECK_CLONE_DELAY" = "600"; "CHANNELLEN" = "200"; "CONFIG_OPERCMDS" = "TRUE"; "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; # "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. # "HIS_SNOTICES" = "TRUE"; # "HIS_SNOTICES_OPER_ONLY" = "TRUE"; # "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_a" = "TRUE"; # "HIS_STATS_c" = "TRUE"; # "HIS_STATS_d" = "TRUE"; # "HIS_STATS_e" = "TRUE"; # "HIS_STATS_f" = "TRUE"; # "HIS_STATS_g" = "TRUE"; # "HIS_STATS_i" = "TRUE"; # "HIS_STATS_j" = "TRUE"; # "HIS_STATS_J" = "TRUE"; # "HIS_STATS_k" = "TRUE"; # "HIS_STATS_l" = "TRUE"; # "HIS_STATS_L" = "TRUE"; # "HIS_STATS_m" = "TRUE"; # "HIS_STATS_M" = "TRUE"; # "HIS_STATS_o" = "TRUE"; # "HIS_STATS_p" = "TRUE"; # "HIS_STATS_q" = "TRUE"; # "HIS_STATS_r" = "TRUE"; # "HIS_STATS_R" = "TRUE"; # "HIS_STATS_t" = "TRUE"; # "HIS_STATS_T" = "TRUE"; # "HIS_STATS_u" = "TRUE"; # "HIS_STATS_U" = "TRUE"; # "HIS_STATS_v" = "TRUE"; # "HIS_STATS_w" = "TRUE"; # "HIS_STATS_x" = "TRUE"; # "HIS_STATS_y" = "TRUE"; # "HIS_STATS_z" = "TRUE"; "HIS_STATS_IAUTH" = "TRUE"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; # "HIS_MODEWHO" = "TRUE"; # "HIS_BANWHO" = "TRUE"; # "HIS_KILLWHO" = "TRUE"; # "HIS_REWRITE" = "TRUE"; # "HIS_REMOTE" = "TRUE"; # "HIS_NETSPLIT" = "TRUE"; # "ERR_CHANNELISFULL" = "Cannot join channel, channel is full (+l)"; # "ERR_INVITEONLYCHAN" = "Cannot join channel, you must be invited (+i)"; # "ERR_BANNEDFROMCHAN" = "Cannot join channel, you are banned (+b)"; # "ERR_BADCHANNELKEY" = "Cannot join channel, you need the correct key (+k)"; # "ERR_NEEDREGGEDNICK" = "Cannot join channel, you must be authed to join (+r)"; # "ERR_JOINACCESS" = "Cannot join channel, you don't have enough ChanServ access (+a)"; "HIS_SERVERNAME" = "*.NanaChat.co.il"; "HIS_SERVERINFO" = "The NanaChat Underworld"; "HIS_URLSERVERS" = "http://www.mIRCxnet.ISRAEL/servers.php"; # "LOC_ENABLE" = "FALSE"; # "LOC_TARGET" = "somenick"; # "CHMODE_A_ENABLE" = "TRUE"; # "CHMODE_A_TARGET" = "ChanServ"; # "CHMODE_A_NOSET" = "TRUE"; # Mode is not settable by normal users (only services chan set it) # "CHMODE_F_ENABLE" = "TRUE"; # "UNKNOWN_CMD_ENABLE" = "TRUE"; # "UNKNOWN_CMD_TARGET" = "OpServ"; # "NOAMSG_TIME" = "0"; # "NOAMSG_NUM" = "1"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

Fix By ASHER BMT IRC Network

Chief Fri Sep 20, 2019 2:36 pm

Code:: /* This file describes what proxy tests to run: what ports to connect * to, what to send to them, what to look for, and what to do if that * is found. */ /* Connect on port 1080, sending "\5\1\0" as challenge. * If we get "\5\0" as a response, it's an unsecured socks5. */ "9050:050100" { "0500" "reject:Unsecured socks5"; }; /* Connect on port 1080, sending "\4\1" followed by the port * and IP of the client, followed by the (NUL-terminated) ident to * use. If we get a four byte response with '\x5a' as the second * byte, it's an unsecured socks4 proxy. * * It would be generally wise to replace the $p$i with a hard-coded * one; many insecure proxies refuse to connect to themselves. */ "1080:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "4145:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "44904:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "61360:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "4145:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "33099:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "23:" { // This first test is interesting: multi-stage, and a default action is reject // this crap at the front is the router trying to negotiate telnet options "fffb01fffb03fffd18fffd1f0d0a0d0a=U=s=e=r= =A=c=c=e=s=s= =V=e=r=i=f=i=c=a=t=i=o=n0d0a0d0a=P=a=s=s=w=o=r=d3a= :=c=i=s=c=o0d0a" { "0d0a=P=a=s=s=w=o=r=d3a= " "accept"; "other" "reject:[1 hour] Cisco router with default password"; }; "=W=i=n=G=a=t=e=>" "reject:Unsecured wingate"; "=T=o=o= =m=a=n=y" "reject:Unsecured wingate"; "=E=n=t=e=r= =h=o=s=t= =n=a=m=e" "reject:Unsecured wingate"; // the 3a is ':'; due to a parser glitch, =: isn't parsed like you might expect "=E=n=t=e=r= 3a= =<=h=o=s=t=>" "reject:Unsecured wingate"; }; /* Connect on port 3128 (squid), trying to use a HTTP CONNECT * proxy. If we get a 200 response, it worked and should be * booted. * If you do this check on port 80, you might check for "200 * Connection" instead to reduce false positives; many servers * send 200 OK responses for custom 404 Error pages. * As with the SOCKS4 check, you may want to replace the $c:3128 * (client hostname and port) with a hard-coded one. */ "3128:=C=O=N=N=E=C=T= $c=:=3=1=2=8= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "8080:=C=O=N=N=E=C=T= $c=:=8=0=8=0= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "44428:=C=O=N=N=E=C=T= $c=:=4=4=4=2=8= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "80:=C=O=N=N=E=C=T= $c=:=8=0= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "8686:=C=O=N=N=E=C=T= $c=:=8=6=8=6= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "27374:" { "" "reject:Subseven detected"; }; "3129:" { "" "reject:Subseven detected"; }; "8811:" { "" "reject:Subseven detected"; }; "32528:" { "" "reject:Subseven detected"; }; "40714:" { "" "reject:Subseven detected"; }; "31288:" { "" "reject:Subseven detected"; }; "41541:" { "" "reject:Subseven detected"; };

Fix By ASHER BMT IRC Network

Chief Fri Sep 20, 2019 7:48 pm

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "Basic.NanaChat.co.il"; description = "NanaChat IRC Network"; vhost = "*"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "NanaChat IRC Network"; Location = "NanaChat IRC server"; Contact = "mIRCx@gmail.com"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; usermode = "+x"; }; # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+x"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 5; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; usermode = "+x"; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe_server (not used) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # umode_nochan (can set usermode +n to hide channels) # umode_noidle (can set usermode +I to hide idle time) # umode_chserv (can set umode +k) # umode_xtraop (can set umode +X) # umode_netserv (can set umode +S) # umode_overridecc (Allow to set umode +c which overrides cmodes +cC) # see_idletime (can see idletime of local +I users) # hide_idletime (hides idle time also from users with see_idletime, unless they are on the same server and have this priv too) # more_flood (has less throttling) # unlimited_flood (no more excess floods) # unlimited_targets (allow unlimited target changes) # noamsg_override (can override cmode +M) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # umode_chserv, umode_xtraop, umode_service, # unlimit_query, set, badchan, local_badchan and apass_opmode. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode, see_idletime, hide_channels, hide_idletime, # more_flood # Any privileges listed in a Class block override the defaults. local = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Other"; ip = "*@*"; maxlinks = 10; }; Client { class = "Other"; host = "*@*"; maxlinks = 10; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.com"; class = "America"; maxlinks = 2; }; Client { host = "*@*.net"; class = "America"; maxlinks = 2; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Local"; maxlinks=10; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Local"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 2; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # file = "path/to/motd/file"; # }; # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Motd block for each host entry, but makes # it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "ircd.mIRCxNet"; #numeric: 1 name = "services.mIRCxNet"; #numeric: 2 }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "server,svr,serv,sbnc,znc,SpamServ,SpamSvr,staff,admin,team"; nick = "login,testirc,protocol,pass,newpass,org,irc"; nick = "StatServ,NoteServ,MemoServ"; nick = "ChanSvr,ChanSrv,ChanSaver,ChanServ"; nick = "NickSvr,NickSrv,NickSaver,NickServ"; nick = "AuthSvr,AuthSrv,AuthSaver,AuthServ"; nick = "HostSvr,HostSrv,HostSaver,HostServ"; nick = "Watchdog,Watchcat,Global"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: #Kill { host = "*.au"; reason = "Please use a nearer server"; }; #Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. #Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected #with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. #Kill #{ # host = "*luser@unixbox.flooder.co.uk"; # file = "kline/youflooded.txt"; #}; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # The realname field lets you ban by realname... #Kill #{ # realname = "*sub7*"; # reason = "You are infected with a Trojan"; #}; # [SSL] # SSL { # # There need to be the private key AND the public key INSIDE the certificate file cert = "23 C6 0F BF F1 9E 2F 0A 12 93"; # # Optional CA certificate for non-self-signed certificates cacert = "15 DF FD 0F F6 EA A3 90 E9 24 ED 6B 1E"; }; SSL { cert = "ircd.pem"; }; # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "PHP.NanaChat.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "X3.NanaChat.Services"; host = "192.168.1.20"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # If more than one server mask is present in a single crule, the rule # applies to all servers. # CRULE # { # server = "servermask"; # rule = "connectrule"; # # Setting all to yes makes the rule always apply. Otherwise it only # # applies to autoconnects. # all = yes; # }; CRULE { server = "*.US.UnderNet.org"; rule = "connected(*.US.UnderNet.org)"; }; CRULE { server = "*.EU.UnderNet.org"; rule = "connected(Amsterdam.NL.EU.*)"; }; # The following block is recommended for leaf servers: CRULE { server = "*"; rule = "directcon(*)"; }; # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*@*"; password = "$PLAIN$leetmoo"; name = "darksis"; class = "Opers"; local = no; whox = yes; display = yes; chan_limit = yes; mode_lchan = yes; deop_lchan = yes; walk_lchan = yes; show_invis = yes; show_all_invis = yes; unlimit_query = yes; local_kill = yes; rehash = yes; restart = yes; die = yes; local_jupe = yes; set = yes; local_gline = yes; local_badchan = yes; see_chan = yes; list_chan = yes; wide_gline = yes; see_opers = yes; kill = yes; gline = yes; opmode = yes; badchan = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; unlimited_flood = yes; unlimited_targets = yes; noamsg_override = yes; chan_limit = yes; mode_lchan = yes; show_invis = yes; show_all_invis = yes; local_kill = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; umode_noidle = yes; umode_chserv = yes; umode_xtraop = yes; umode_netserv = yes; umode_overridecc = yes; local_opmode = yes; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # # Setting to yes makes the port to handle incoming connection as SSL connections # secure = no; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an IPv4-only Server port that is Hidden #Port { # server = yes; # hidden = yes; # port = ipv4 4401; #}; # The following are normal client ports Port { port = 5000; }; #Port { port = 6668; }; #Port { # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6666; #}; #SSL Port Port { secure = yes; port = 7778; }; # This is a hidden client port, listening on 168.8.21.107. Port { vhost = "192.168.1.20"; hidden = yes; port = 6661; }; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. # If the server behind the '@' is not valid or if the nick is not # on this server, the servername is interpreted as an accountname # and the nick must have this accountname set and +S as umode to get # the message relayed. Pseudo "CHANSERV" { name = "X3"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also prepend text before the user's message. Pseudo "cmd" { name = "X3"; prepend = "service"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also specify the default text to send if the user does not # supply some text. Pseudo "AUTHSERV" { name = "AUTH"; nick = "AuthServ@x3.NanaChat.Services"; }; Pseudo "AUTH" { name = "authserv"; nick = "AuthServ@X3.NanaChat.Services"; prepend = "AUTH "; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. # If required is set to yes, then all clients are rejected when # the iauth helper program could not be started/queried/timed-out. IAuth { program = "/usr/bin/perl" "/home/bmt/ircu2.10.12-pk/tools/iauthd.pl" "-v" "-d" "-c" "/home/bmt/lib/ircd.conf"; }; #IAUTH POLICY RTAWUwFr #IAUTH CACHETIMEOUT 21600 #IAUTH DNSTIMEOUT 5 #IAUTH BLOCKMSG Sorry! Your connection to NanaChat has been rejected because of your internet address's poor reputation. You may try an authenticated login using Login-On-Connect (LOC) instead. See http://NanaChat.org/rbl for more information. #IAUTH DNSBL server=dnsbl.sorbs.net index=2,3,4,5,6,7,9 mark=sorbs block=anonymous #IAUTH DNSBL server=dnsbl.dronebl.org index=2,3,5,6,7,8,9,10,13,14,15,16,17,18,255 mark=dronebl block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=4 mark=tor block=anonymous #IAUTH DNSBL server=rbl.efnet.org index=1,3,5,6,7,9,14 mark=efnet block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=1,2,3,4,5 mark=efnetrbl block=anonymous #IAUTH DNSBL server=dnsbl-2.uceprotect.net index=2 mark=uce-2 #IAUTH DNSBL server=6667.173.122.134.230.173.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=80.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=443.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only way to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; # "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; # "CLIENT_FLOOD"="433333333333335555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555553333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; "CONNEXIT_NOTICES" = "TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; # "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; # "WALLOPS_OPER_ONLY"="TRUE"; # "NODNS"="FALSE"; # "RANDOM_SEED"="<you should set one explicitly>"; # "DEFAULT_LIST_PARAM"="TRUE"; # "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="mIRCxNet"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="Basic.NanaChat.co.il"; # "HIDDEN_IP"="149.78.154.69"; # "KILLCHASETIMELIMIT"="30"; # "MAXCHANNELSPERUSER"="10"; # "NICKLEN" = "12"; # "AVBANLEN"="40"; # "MAXBANS"="30"; # "MAXSILES"="15"; # "HANGONGOODLINK"="300"; # "HANGONRETRYDELAY" = "10"; # "CONNECTTIMEOUT" = "90"; # "MAXIMUM_LINKS" = "1"; # "PINGFREQUENCY" = "120"; # "CONNECTFREQUENCY" = "600"; # "DEFAULTMAXSENDQLENGTH" = "40000"; # "GLINEMAXUSERCOUNT" = "20"; "MPATH" = "ircd.motd"; # "RPATH" = "remote.motd"; "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; # "IRCD_RES_TIMEOUT" = "4"; # "IRCD_RES_RETRIES" = "2"; # "AUTH_TIMEOUT" = "9"; # "IPCHECK_CLONE_LIMIT" = "4"; # "IPCHECK_CLONE_PERIOD" = "40"; # "IPCHECK_CLONE_DELAY" = "600"; "CHANNELLEN" = "200"; "CONFIG_OPERCMDS" = "TRUE"; "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; # "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. # "HIS_SNOTICES" = "TRUE"; # "HIS_SNOTICES_OPER_ONLY" = "TRUE"; # "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_a" = "TRUE"; # "HIS_STATS_c" = "TRUE"; # "HIS_STATS_d" = "TRUE"; # "HIS_STATS_e" = "TRUE"; # "HIS_STATS_f" = "TRUE"; # "HIS_STATS_g" = "TRUE"; # "HIS_STATS_i" = "TRUE"; # "HIS_STATS_j" = "TRUE"; # "HIS_STATS_J" = "TRUE"; # "HIS_STATS_k" = "TRUE"; # "HIS_STATS_l" = "TRUE"; # "HIS_STATS_L" = "TRUE"; # "HIS_STATS_m" = "TRUE"; # "HIS_STATS_M" = "TRUE"; # "HIS_STATS_o" = "TRUE"; # "HIS_STATS_p" = "TRUE"; # "HIS_STATS_q" = "TRUE"; # "HIS_STATS_r" = "TRUE"; # "HIS_STATS_R" = "TRUE"; # "HIS_STATS_t" = "TRUE"; # "HIS_STATS_T" = "TRUE"; # "HIS_STATS_u" = "TRUE"; # "HIS_STATS_U" = "TRUE"; # "HIS_STATS_v" = "TRUE"; # "HIS_STATS_w" = "TRUE"; # "HIS_STATS_x" = "TRUE"; # "HIS_STATS_y" = "TRUE"; # "HIS_STATS_z" = "TRUE"; "HIS_STATS_IAUTH" = "TRUE"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; # "HIS_MODEWHO" = "TRUE"; # "HIS_BANWHO" = "TRUE"; # "HIS_KILLWHO" = "TRUE"; # "HIS_REWRITE" = "TRUE"; # "HIS_REMOTE" = "TRUE"; # "HIS_NETSPLIT" = "TRUE"; # "ERR_CHANNELISFULL" = "Cannot join channel, channel is full (+l)"; # "ERR_INVITEONLYCHAN" = "Cannot join channel, you must be invited (+i)"; # "ERR_BANNEDFROMCHAN" = "Cannot join channel, you are banned (+b)"; # "ERR_BADCHANNELKEY" = "Cannot join channel, you need the correct key (+k)"; # "ERR_NEEDREGGEDNICK" = "Cannot join channel, you must be authed to join (+r)"; # "ERR_JOINACCESS" = "Cannot join channel, you don't have enough ChanServ access (+a)"; "HIS_SERVERNAME" = "*.NanaChat.co.il"; "HIS_SERVERINFO" = "The NanaChat Underworld"; "HIS_URLSERVERS" = "http://www.mIRCxnet.ISRAEL/servers.php"; # "LOC_ENABLE" = "FALSE"; # "LOC_TARGET" = "somenick"; # "CHMODE_A_ENABLE" = "TRUE"; # "CHMODE_A_TARGET" = "ChanServ"; # "CHMODE_A_NOSET" = "TRUE"; # Mode is not settable by normal users (only services chan set it) # "CHMODE_F_ENABLE" = "TRUE"; # "UNKNOWN_CMD_ENABLE" = "TRUE"; # "UNKNOWN_CMD_TARGET" = "OpServ"; # "NOAMSG_TIME" = "0"; # "NOAMSG_NUM" = "1"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

Chief Sat Sep 21, 2019 5:10 pm

config Fix By ASHER

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "Basic.NanaChat.co.il"; description = "NanaChat IRC Network"; vhost = "*"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "NanaChat IRC Network"; Location = "NanaChat IRC server"; Contact = "mIRCx@gmail.com"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; usermode = "+x"; }; # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+x"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 5; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; usermode = "+x"; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe_server (not used) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # umode_nochan (can set usermode +n to hide channels) # umode_noidle (can set usermode +I to hide idle time) # umode_chserv (can set umode +k) # umode_xtraop (can set umode +X) # umode_netserv (can set umode +S) # umode_overridecc (Allow to set umode +c which overrides cmodes +cC) # see_idletime (can see idletime of local +I users) # hide_idletime (hides idle time also from users with see_idletime, unless they are on the same server and have this priv too) # more_flood (has less throttling) # unlimited_flood (no more excess floods) # unlimited_targets (allow unlimited target changes) # noamsg_override (can override cmode +M) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # umode_chserv, umode_xtraop, umode_service, # unlimit_query, set, badchan, local_badchan and apass_opmode. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode, see_idletime, hide_channels, hide_idletime, # more_flood # Any privileges listed in a Class block override the defaults. local = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Other"; ip = "*@*"; maxlinks = 10; }; Client { class = "Other"; host = "*@*"; maxlinks = 10; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.com"; class = "America"; maxlinks = 2; }; Client { host = "*@*.net"; class = "America"; maxlinks = 2; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Local"; maxlinks=10; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Local"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 2; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # file = "path/to/motd/file"; # }; # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Motd block for each host entry, but makes # it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "ircd.mIRCxNet"; #numeric: 1 name = "services.mIRCxNet"; #numeric: 2 }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "server,svr,serv,sbnc,znc,SpamServ,SpamSvr,staff,admin,team"; nick = "login,testirc,protocol,pass,newpass,org,irc"; nick = "StatServ,NoteServ,MemoServ"; nick = "ChanSvr,ChanSrv,ChanSaver,ChanServ"; nick = "NickSvr,NickSrv,NickSaver,NickServ"; nick = "AuthSvr,AuthSrv,AuthSaver,AuthServ"; nick = "HostSvr,HostSrv,HostSaver,HostServ"; nick = "Watchdog,Watchcat,Global"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: #Kill { host = "*.au"; reason = "Please use a nearer server"; }; #Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. #Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected #with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. #Kill #{ # host = "*luser@unixbox.flooder.co.uk"; # file = "kline/youflooded.txt"; #}; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # The realname field lets you ban by realname... #Kill #{ # realname = "*sub7*"; # reason = "You are infected with a Trojan"; #}; # [SSL] # SSL { # # There need to be the private key AND the public key INSIDE the certificate file cert = "23 C6 0F BF F1 9E 2F 0A 12 93"; # # Optional CA certificate for non-self-signed certificates cacert = "15 DF FD 0F F6 EA A3 90 E9 24 ED 6B 1E"; }; SSL { cert = "ircd.pem"; }; # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "PHP.NanaChat.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "X3.NanaChat.Services"; host = "192.168.1.20"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # If more than one server mask is present in a single crule, the rule # applies to all servers. # CRULE # { # server = "servermask"; # rule = "connectrule"; # # Setting all to yes makes the rule always apply. Otherwise it only # # applies to autoconnects. # all = yes; # }; CRULE { server = "*.US.UnderNet.org"; rule = "connected(*.US.UnderNet.org)"; }; CRULE { server = "*.EU.UnderNet.org"; rule = "connected(Amsterdam.NL.EU.*)"; }; # The following block is recommended for leaf servers: CRULE { server = "*"; rule = "directcon(*)"; }; # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*@*"; password = "$PLAIN$leetmoo"; name = "darksis"; class = "Opers"; local = no; whox = yes; display = yes; chan_limit = yes; mode_lchan = yes; deop_lchan = yes; walk_lchan = yes; show_invis = yes; show_all_invis = yes; unlimit_query = yes; local_kill = yes; rehash = yes; restart = yes; die = yes; local_jupe = yes; set = yes; local_gline = yes; local_badchan = yes; see_chan = yes; list_chan = yes; wide_gline = yes; see_opers = yes; kill = yes; gline = yes; opmode = yes; badchan = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; unlimited_flood = yes; unlimited_targets = yes; noamsg_override = yes; chan_limit = yes; mode_lchan = yes; show_invis = yes; show_all_invis = yes; local_kill = yes; see_idletime = yes; hide_idletime = yes; more_flood = no; umode_noidle = yes; umode_chserv = yes; umode_xtraop = yes; umode_netserv = yes; umode_overridecc = yes; local_opmode = yes; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # # Setting to yes makes the port to handle incoming connection as SSL connections # secure = no; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an IPv4-only Server port that is Hidden #Port { # server = yes; # hidden = yes; # port = ipv4 4401; #}; # The following are normal client ports Port { port = 5000; }; #Port { port = 6668; }; #Port { # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6666; #}; #SSL Port Port { secure = yes; port = 7778; }; # This is a hidden client port, listening on 168.8.21.107. Port { vhost = "192.168.1.20"; hidden = yes; port = 6661; }; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. # If the server behind the '@' is not valid or if the nick is not # on this server, the servername is interpreted as an accountname # and the nick must have this accountname set and +S as umode to get # the message relayed. Pseudo "CHANSERV" { name = "X3"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also prepend text before the user's message. Pseudo "cmd" { name = "X3"; prepend = "service"; nick = "AuthServ@X3.NanaChat.Services"; }; # You can also specify the default text to send if the user does not # supply some text. Pseudo "AUTHSERV" { name = "AUTH"; nick = "AuthServ@x3.NanaChat.Services"; }; Pseudo "AUTH" { name = "authserv"; nick = "AuthServ@X3.NanaChat.Services"; prepend = "AUTH "; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. # If required is set to yes, then all clients are rejected when # the iauth helper program could not be started/queried/timed-out. IAuth { program = "/usr/bin/perl" "/home/bmt/ircu2.10.12-pk/tools/iauthd.pl" "-v" "-d" "-c" "/home/bmt/lib/ircd.conf"; }; #IAUTH POLICY RTAWUwFr #IAUTH CACHETIMEOUT 21600 #IAUTH DNSTIMEOUT 5 #IAUTH BLOCKMSG Sorry! Your connection to NanaChat has been rejected because of your internet address's poor reputation. You may try an authenticated login using Login-On-Connect (LOC) instead. See http://NanaChat.org/rbl for more information. #IAUTH DNSBL server=dnsbl.sorbs.net index=2,3,4,5,6,7,9 mark=sorbs block=anonymous #IAUTH DNSBL server=dnsbl.dronebl.org index=2,3,5,6,7,8,9,10,13,14,15,16,17,18,255 mark=dronebl block=anonymous #IAUTH DNSBL server=tor.efnetrbl.org index=4 mark=tor block=anonymous #IAUTH DNSBL server=rbl.efnet.org index=1,4,5 mark=efnet block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=1,2,3,4,5 mark=efnetrbl block=anonymous #IAUTH DNSBL server=dnsbl-2.uceprotect.net index=2 mark=uce-2 block=anonymous #IAUTH DNSBL server=5000.97.52.138.77.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=80.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=800.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only way to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; # "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; "CLIENT_FLOOD"="1024"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; "CONNEXIT_NOTICES" = "TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; # "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; # "WALLOPS_OPER_ONLY"="TRUE"; # "NODNS"="FALSE"; # "RANDOM_SEED"="<you should set one explicitly>"; # "DEFAULT_LIST_PARAM"="TRUE"; # "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="mIRCxNet"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="Basic.NanaChat.co.il"; # "HIDDEN_IP"="149.78.154.69"; # "KILLCHASETIMELIMIT"="30"; # "MAXCHANNELSPERUSER"="10"; # "NICKLEN" = "12"; # "AVBANLEN"="40"; # "MAXBANS"="30"; # "MAXSILES"="15"; # "HANGONGOODLINK"="300"; # "HANGONRETRYDELAY" = "10"; # "CONNECTTIMEOUT" = "90"; # "MAXIMUM_LINKS" = "1"; # "PINGFREQUENCY" = "120"; # "CONNECTFREQUENCY" = "600"; # "DEFAULTMAXSENDQLENGTH" = "40000"; # "GLINEMAXUSERCOUNT" = "20"; "MPATH" = "ircd.motd"; # "RPATH" = "remote.motd"; "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; # "IRCD_RES_TIMEOUT" = "4"; # "IRCD_RES_RETRIES" = "2"; # "AUTH_TIMEOUT" = "9"; "IPCHECK_CLONE_LIMIT" = "4"; "IPCHECK_CLONE_PERIOD" = "40"; "IPCHECK_CLONE_DELAY" = "600"; "CHANNELLEN" = "200"; "CONFIG_OPERCMDS" = "TRUE"; "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; # "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. # "HIS_SNOTICES" = "TRUE"; # "HIS_SNOTICES_OPER_ONLY" = "TRUE"; # "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_a" = "TRUE"; # "HIS_STATS_c" = "TRUE"; # "HIS_STATS_d" = "TRUE"; # "HIS_STATS_e" = "TRUE"; # "HIS_STATS_f" = "TRUE"; # "HIS_STATS_g" = "TRUE"; # "HIS_STATS_i" = "TRUE"; # "HIS_STATS_j" = "TRUE"; # "HIS_STATS_J" = "TRUE"; # "HIS_STATS_k" = "TRUE"; # "HIS_STATS_l" = "TRUE"; # "HIS_STATS_L" = "TRUE"; # "HIS_STATS_m" = "TRUE"; # "HIS_STATS_M" = "TRUE"; # "HIS_STATS_o" = "TRUE"; # "HIS_STATS_p" = "TRUE"; # "HIS_STATS_q" = "TRUE"; # "HIS_STATS_r" = "TRUE"; # "HIS_STATS_R" = "TRUE"; # "HIS_STATS_t" = "TRUE"; # "HIS_STATS_T" = "TRUE"; # "HIS_STATS_u" = "TRUE"; # "HIS_STATS_U" = "TRUE"; # "HIS_STATS_v" = "TRUE"; # "HIS_STATS_w" = "TRUE"; # "HIS_STATS_x" = "TRUE"; # "HIS_STATS_y" = "TRUE"; # "HIS_STATS_z" = "TRUE"; "HIS_STATS_IAUTH" = "TRUE"; #IAUTHD <directive> <arguments>"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; # "HIS_MODEWHO" = "TRUE"; # "HIS_BANWHO" = "TRUE"; # "HIS_KILLWHO" = "TRUE"; # "HIS_REWRITE" = "TRUE"; # "HIS_REMOTE" = "TRUE"; # "HIS_NETSPLIT" = "TRUE"; # "ERR_CHANNELISFULL" = "Cannot join channel, channel is full (+l)"; # "ERR_INVITEONLYCHAN" = "Cannot join channel, you must be invited (+i)"; # "ERR_BANNEDFROMCHAN" = "Cannot join channel, you are banned (+b)"; # "ERR_BADCHANNELKEY" = "Cannot join channel, you need the correct key (+k)"; # "ERR_NEEDREGGEDNICK" = "Cannot join channel, you must be authed to join (+r)"; # "ERR_JOINACCESS" = "Cannot join channel, you don't have enough ChanServ access (+a)"; "HIS_SERVERNAME" = "*.NanaChat.co.il"; "HIS_SERVERINFO" = "The NanaChat Underworld"; "HIS_URLSERVERS" = "http://www.mIRCxnet.ISRAEL/servers.php"; # "LOC_ENABLE" = "FALSE"; # "LOC_TARGET" = "somenick"; # "CHMODE_A_ENABLE" = "TRUE"; # "CHMODE_A_TARGET" = "ChanServ"; # "CHMODE_A_NOSET" = "TRUE"; # Mode is not settable by normal users (only services chan set it) # "CHMODE_F_ENABLE" = "TRUE"; # "UNKNOWN_CMD_ENABLE" = "TRUE"; # "UNKNOWN_CMD_TARGET" = "OpServ"; # "NOAMSG_TIME" = "0"; # "NOAMSG_NUM" = "1"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

Chief Sat Sep 21, 2019 9:27 pm

Fix By ASHER

Code:: /* This file describes what proxy tests to run: what ports to connect * to, what to send to them, what to look for, and what to do if that * is found. */ /* Connect on port 1080, sending "\5\1\0" as challenge. * If we get "\5\0" as a response, it's an unsecured socks5. */ "9050:050100" { "0500" "reject:Unsecured socks5"; }; "6667:050100" { "0500" "reject:Unsecured socks5"; }; "8082:050100" { "0500" "reject:Unsecured socks5"; }; /* Connect on port 1080, sending "\4\1" followed by the port * and IP of the client, followed by the (NUL-terminated) ident to * use. If we get a four byte response with '\x5a' as the second * byte, it's an unsecured socks4 proxy. * * It would be generally wise to replace the $p$i with a hard-coded * one; many insecure proxies refuse to connect to themselves. */ "1080:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "4145:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "44904:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "61360:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "4145:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "33099:0401$p$i=p=r=o=x=y00" { "..5a...." "reject:Unsecured socks4"; }; "23:" { // This first test is interesting: multi-stage, and a default action is reject // this crap at the front is the router trying to negotiate telnet options "fffb01fffb03fffd18fffd1f0d0a0d0a=U=s=e=r= =A=c=c=e=s=s= =V=e=r=i=f=i=c=a=t=i=o=n0d0a0d0a=P=a=s=s=w=o=r=d3a= :=c=i=s=c=o0d0a" { "0d0a=P=a=s=s=w=o=r=d3a= " "accept"; "other" "reject:[1 hour] Cisco router with default password"; }; "=W=i=n=G=a=t=e=>" "reject:Unsecured wingate"; "=T=o=o= =m=a=n=y" "reject:Unsecured wingate"; "=E=n=t=e=r= =h=o=s=t= =n=a=m=e" "reject:Unsecured wingate"; // the 3a is ':'; due to a parser glitch, =: isn't parsed like you might expect "=E=n=t=e=r= 3a= =<=h=o=s=t=>" "reject:Unsecured wingate"; }; /* Connect on port 3128 (squid), trying to use a HTTP CONNECT * proxy. If we get a 200 response, it worked and should be * booted. * If you do this check on port 80, you might check for "200 * Connection" instead to reduce false positives; many servers * send 200 OK responses for custom 404 Error pages. * As with the SOCKS4 check, you may want to replace the $c:3128 * (client hostname and port) with a hard-coded one. */ "3128:=C=O=N=N=E=C=T= $c=:=3=1=2=8= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "8080:=C=O=N=N=E=C=T= $c=:=8=0=8=0= =H=T=T=P=/=1=.=00d0a0d0a" { "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy"; }; "8811:" { "" "reject:Subseven detected"; }; "443:" { "" "reject:Subseven detected"; }; "8888:" { "" "reject:Subseven detected"; }; "3128:" { "" "reject:Subseven detected"; }; "8000:" { "" "reject:Subseven detected"; };

Chief Sun Jan 26, 2020 6:56 am

snircd version u2.10.12.13-rc2+snircd 1.4.0 work good with srvx

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "irc.mIRCxnet.org"; description = "mIRCxNet IRC Server"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "BMT"; Location = "mIRCxNET IRC Server"; Contact = "darksis <irc@gogonet.org>"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # # Class { # name = "<class>"; # pingfreq = time; # connectfreq = time; # maxlinks = number; # sendq = size; # usermode = "+i"; # }; # # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+x"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 5; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; usermode = "+x"; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; usermode = "+x"; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe_server (not used) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # unlimit_query, set, badchan, local_badchan and apass_opmode. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode # Any privileges listed in a Class block override the defaults. local = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Other"; ip = "*@*"; maxlinks = 2; }; Client { class = "Other"; host = "*@*"; maxlinks = 2; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.com"; class = "America"; maxlinks = 2; }; Client { host = "*@*.net"; class = "America"; maxlinks = 2; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Local"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 2; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # file = "path/to/motd/file"; # }; # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Motd block for each host entry, but makes # it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "CServe.mIRCxnet.org"; name = "services.mIRCxnet.org"; name = "spamscan.mIRCxnet.org"; name = "trojanscan.mIRCxnet.org"; name = "proxyscan.mIRCxnet.org"; name = "help.mIRCxnet.org"; name = "channels4.undernet.org"; name = "channels5.undernet.org"; name = "channels6.undernet.org"; }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "EuWorld,UWorld,UWorld2"; nick = "login,undernet,protocol,pass,newpass,org"; nick = "StatServ,NoteServ"; nick = "ChanSvr,ChanSaver,ChanServ"; nick = "NickSvr,NickSaver,NickServ"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: Kill { host = "*.au"; reason = "Please use a nearer server"; }; Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. Kill { host = "*luser@unixbox.flooder.co.uk"; file = "kline/youflooded.txt"; }; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # The realname field lets you ban by realname... Kill { realname = "*sub7*"; reason = "You are infected with a Trojan"; }; # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.12"; password = "asher"; port = 4400; class = "Server"; hub; }; Connect { name = "services.mIRCxnet.org"; host = "192.168.1.12"; password = "asher"; port = 4400; class = "Server"; hub; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # If more than one server mask is present in a single crule, the rule # applies to all servers. # CRULE # { # server = "servermask"; # rule = "connectrule"; # # Setting all to yes makes the rule always apply. Otherwise it only # # applies to autoconnects. # all = yes; # }; CRULE { server = "*.US.UnderNet.org"; rule = "connected(*.US.UnderNet.org)"; }; CRULE { server = "*.EU.UnderNet.org"; rule = "connected(Amsterdam.NL.EU.*)"; }; # The following block is recommended for leaf servers: CRULE { server = "*"; rule = "directcon(*)"; }; # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*@*"; password = "$PLAIN$leetme"; name = "darksis"; class = "Opers"; rehash = yes; restart = yes; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an IPv4-only Server port that is Hidden #Port { # server = yes; # hidden = yes; # port = ipv4 4401; #}; # The following are normal client ports Port { port = 5522; }; #Port { port = 6668; }; #Port { # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6666; #}; # This is a hidden client port, listening on 168.8.21.107. #Port { # vhost = "168.8.21.107"; # hidden = yes; # port = 7000; #}; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. #Pseudo "CHANSERV" { # name = "X"; # nick = "X@channels.undernet.org"; #}; # You can also prepend text before the user's message. #Pseudo "LOGIN" { # name = "X"; # prepend = "LOGIN "; # nick = "X@channels.undernet.org"; #}; Pseudo "NickServ" { name = "AUTH"; nick = "NickServ@srvx.mIRCxnet.org"; }; Pseudo "AUTH" { name = "Q"; nick = "Q@CServe.mIRCxnet.org"; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. # IAuth { # program = "../path/to/iauth" "-n" "options go here"; # }; # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only wa to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; # "CLIENT_FLOOD"="1024"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; "WALLOPS_OPER_ONLY"="FALSE"; "NODNS"="TRUE"; "RANDOM_SEED"="<you should set one explicitly>"; "DEFAULT_LIST_PARAM"="TRUE"; "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="mIRCxNet"; "SETHOST"="TRUE"; "SETHOST_USER" = "TRUE"; "SETHOST_AUTO"="TRUE"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="users.mIRCxnet.org"; "HIDDEN_IP"="192.168.1.12"; "KILLCHASETIMELIMIT"="30"; "MAXCHANNELSPERUSER"="10"; "NICKLEN" = "12"; "AVBANLEN"="40"; "MAXBANS"="30"; "MAXSILES"="15"; "HANGONGOODLINK"="300"; "HANGONRETRYDELAY" = "10"; "CONNECTTIMEOUT" = "90"; "MAXIMUM_LINKS" = "1"; "PINGFREQUENCY" = "120"; "CONNECTFREQUENCY" = "600"; "DEFAULTMAXSENDQLENGTH" = "40000"; "GLINEMAXUSERCOUNT" = "20"; "MPATH" = "ircd.motd"; "RPATH" = "remote.motd"; "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; "IRCD_RES_TIMEOUT" = "4"; "IRCD_RES_RETRIES" = "2"; "AUTH_TIMEOUT" = "9"; "IPCHECK_CLONE_LIMIT" = "4"; "IPCHECK_CLONE_PERIOD" = "40"; "IPCHECK_CLONE_DELAY" = "600"; "CHANNELLEN" = "200"; # "CONFIG_OPERCMDS" = "FALSE"; "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. # "HIS_SNOTICES" = "TRUE"; # "HIS_SNOTICES_OPER_ONLY" = "TRUE"; # "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_a" = "TRUE"; # "HIS_STATS_c" = "TRUE"; # "HIS_STATS_d" = "TRUE"; # "HIS_STATS_e" = "TRUE"; # "HIS_STATS_f" = "TRUE"; # "HIS_STATS_g" = "TRUE"; # "HIS_STATS_i" = "TRUE"; # "HIS_STATS_j" = "TRUE"; # "HIS_STATS_J" = "TRUE"; # "HIS_STATS_k" = "TRUE"; # "HIS_STATS_l" = "TRUE"; # "HIS_STATS_L" = "TRUE"; # "HIS_STATS_m" = "TRUE"; # "HIS_STATS_M" = "TRUE"; # "HIS_STATS_o" = "TRUE"; # "HIS_STATS_p" = "TRUE"; # "HIS_STATS_q" = "TRUE"; # "HIS_STATS_r" = "TRUE"; # "HIS_STATS_R" = "TRUE"; # "HIS_STATS_t" = "TRUE"; # "HIS_STATS_T" = "TRUE"; # "HIS_STATS_u" = "FALSE"; # "HIS_STATS_U" = "TRUE"; # "HIS_STATS_v" = "TRUE"; # "HIS_STATS_w" = "TRUE"; # "HIS_STATS_x" = "TRUE"; # "HIS_STATS_y" = "TRUE"; # "HIS_STATS_z" = "TRUE"; # "HIS_STATS_IAUTH" = "TRUE"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; "HIS_MODEWHO" = "TRUE"; "HIS_BANWHO" = "TRUE"; "HIS_KILLWHO" = "TRUE"; "HIS_REWRITE" = "TRUE"; "HIS_REMOTE" = "TRUE"; "HIS_NETSPLIT" = "TRUE"; "HIS_SERVERNAME" = "*.mIRCxnet.org"; "HIS_SERVERINFO" = "The mIRCxnet Underworld"; "HIS_URLSERVERS" = "http://www.undernet.org/servers.php"; "URLREG" = "http://cservice.undernet.org/live/"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

download snircd version 1.4.0
https://f2h.io/8b0p3wkr9gh0

Chief Fri Nov 11, 2022 3:09 pm

Code:: # ircd.conf - configuration file for ircd version ircu2.10 # # Last Updated: 20, March 2002. # # Written by Niels <niels@undernet.org>, based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden <dbtem@yahoo.com>. # # Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support # the new flex/bison configuration parser. # # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. # # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a # connection to the Undernet IRC network. It is primarily a leaf server, # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # # The configuration format consists of a number of blocks in the format # BlockName { setting = number; setting2 = "string"; setting3 = yes; }; # Note that comments start from a #(hash) and go to the end of the line. # Whitespace(space, tab, or carriage return/linefeed) are ignored and may # be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. # It uses the blocks in reverse order. # # This means that you should start your Client blocks with the # "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can # have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. # A "server mask" is something like "*.EU.UnderNet.org", which is # matched by "Amsterdam.NL.EU.undernet.org" but not by # "Manhattan.KS.US.undernet.org". # # Please do NOT just rename the example.conf to ircd.conf and expect # it to work. # [General] # # First some information about the server. # General { # name = "servername"; # vhost = "ipv4vhost"; # vhost = "ipv6vhost"; # description = "description"; # numeric = numericnumber; # dns vhost = "ipv4vhost"; # dns vhost = "ipv6vhost"; # dns server = "ipaddress"; # dns server = "ipaddress2"; # }; # # If present, <virtual host> must contain a valid address in dotted # quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST # be the address of a physical interface on the host. This address is # used for outgoing connections if the Connect{} block does not # override it. See Port{} for listener virtual hosting. If in doubt, # leave it out -- or use "*", which has the same meaning as no vhost. # # You may specify both an IPv4 virtual host and an IPv6 virtual host, # to indicate which address should be used for outbound connections # of the respective type. # # Note that <server numeric> has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. # # The two DNS lines allow you to specify the local IP address to use # for DNS lookups ("dns vhost") and one or more DNS server addresses # to use. If the vhost is ambiguous for some reason, you may list # IPV4 and/or IPV6 between the equals sign and the address string. # The default DNS vhost is to let the operating system assign the # address, and the default DNS servers are read from /etc/resolv.conf. # In most cases, you do not need to specify either the dns vhost or # the dns server. General { name = "Basic.NanaChat.co.il"; description = "NanaChat IRC Network"; vhost = "*"; numeric = 1; }; # [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. Admin { # At most two location lines are allowed... Location = "NanaChat IRC Network"; Location = "NanaChat IRC server"; Contact = "botgi@walla.co.il"; }; # [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they # clients or servers. # # Class { # name = "<class>"; # pingfreq = time; # connectfreq = time; # maxlinks = number; # maxchans = number; # sendq = size; # recvq = size; # usermode = "+i"; # snomask = number; # autojoinchannel = "channellist"; # autojoinnotice = "autojoinnotice"; # restrict_join = yes/no; # restrict_privmsg = yes/no; # restrict_umode = yes/no; # }; # # For connection classes used on server links, maxlinks should be set # to either 0 (for hubs) or 1 (for leaf servers). Client connection # classes may use maxlinks between 0 and approximately 4,000,000,000. # maxlinks = 0 means there is no limit on the number of connections # using the class. # # <connect freq> applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # <maximum links> condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. # # <snomask> applies only to classes used for Operator blocks and is # used to specify the server notice mask an oper gets when he/she uses # /oper. See doc/snomask.txt or doc/snomask.html for details on what # this number means. # # <autojoinchannel> can be specified to automatically join users of the # class into. If <autojoinnotice> is specified then a notice is sent # to the user when automatically joined. # # <restrict_join> when enabled restricts users in the class from joining # any channel with the exception of channels specified in the # autojoinchannel class option. # # <restrict_privmsg> when enabled prevents users in the class from # sending PRIVMSG or NOTICE to other users who are not on the same # channel as the user. # # <restrict_umode> when enabled prevents users in the class from # changing their user modes. # # Recommended server classes: # All your server uplinks you are not a hub for. Class { name = "Server"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 1; sendq = 9000000; }; # All the leaf servers you hub for. Class { name = "LeafServer"; pingfreq = 1 minutes 30 seconds; connectfreq = 5 minutes; maxlinks = 0; sendq = 9000000; }; Class { name = "client"; pingfreq = 1 minutes 30 seconds; sendq = 10; recvq = 10; maxlinks = 20; maxchans = 10; usermode = "+iwx"; fakelagminimum = 0; fakelagfactor = 0; local = no; }; # Client { # username = "ident"; # host = "host"; # ip = "127.0.0.0/8"; # password = "password"; # class = "classname"; # maxlinks = 3; # }; # # Everything in a Client block is optional. If a username mask is # given, it must match the client's username from the IDENT protocol. # If a host mask is given, the client's hostname must resolve and # match the host mask. If a CIDR-style IP mask is given, the client # must have an IP matching that range. If maxlinks is given, it is # limits the number of matching clients allowed from a particular IP # address. # # Take the following class blocks only as a guide. Class { name = "Local"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 100; usermode = "+xi"; }; Class { name = "America"; pingfreq = 1 minutes 30 seconds; sendq = 80000; maxlinks = 10; }; Class { name = "Other"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 400; usermode = "+x"; }; Class { name = "Opers"; pingfreq = 1 minutes 30 seconds; sendq = 160000; maxlinks = 10; usermode = "+x"; # For connection classes intended for operator use, you can specify # privileges used when the Operator block (see below) names this # class. The local (aka globally_opered) privilege MUST be defined # by either the Class or Operator block. The following privileges # exist: # # local (or propagate, with the opposite sense) # whox (log oper's use of x flag with /WHO) # display (oper status visible to lusers) # chan_limit (can join local channels when in # MAXCHANNELSPERUSER channels) # mode_lchan (can /MODE &channel without chanops) # deop_lchan (cannot be deopped or kicked on local channels) # walk_lchan (can forcibly /JOIN &channel OVERRIDE) # show_invis (see +i users in /WHO x) # show_all_invis (see +i users in /WHO x) # unlimit_query (show more results from /WHO) # local_kill (can kill clients on this server) # rehash (can use /REHASH) # restart (can use /RESTART) # die (can use /DIE) # local_jupe (not used) # set (can use /SET) # local_gline (can set a G-line for this server only) # local_badchan (can set a Gchan for this server only) # local_jupe (can set a Jupe for this server only) # local_shun (can set a Shun for this server only) # see_chan (can see users in +s channels in /WHO) # list_chan (can see +s channels with /LIST S, or modes with /LIST M) # wide_gline (can use ! to force a wide G-line) # wide_shun (can use ! to force a wide /msg [You must be registered and logged in to see this link.] REGISTER yourNick password emailShun) # see_opers (can see opers without DISPLAY privilege) # local_opmode (can use OPMODE/CLEARMODE on local channels) # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) # kill (can kill clients on other servers) # gline (can issue G-lines to other servers) # jupe (can issue Jupes to other servers) # shun (can issue Shuns to other servers) # opmode (can use /OPMODE) # badchan (can issue Gchans to other servers) # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) # check (can use /CHECK) # whois_notice (can set user mode +W) # hide_oper (can set user mode +H) # hide_channels (can set user mode +n) # hide_idle (can set user mode +I) # admin (gets user mode +a and can set/unset it too) # xtraop (can set user mode +X) # service (can set user mode +k) # remote (can use associated operator block from a remote server) # freeform (can use /SETHOST to apply a spoofhost not configured with a Spoofhost block) # remoterehash (can use /REHASH to rehash remote servers) # remove (can use /REMOVE to remove glines and shuns by force) # local_zline (can set a Z-line for this server only) # zline (can issue Z-lines to other servers) # wide_zline (can use ! to force a wide Z-line) # # For global opers (with propagate = yes or local = no), the default # is to grant all of the above privileges EXCEPT walk_lchan, # unlimit_query, set, badchan, local_badchan, apass_opmode, # whois_notice, hide_oper, hide-channels, hide_idle, admin, xtraop, # service, remote, freeform and remove. # For local opers, the default is to grant ONLY the following # privileges: # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, # rehash, local_gline, local_jupe, local_opmode, whox, display, # force_local_opmode, local_shun and local_zline # Any privileges listed in a Class block override the defaults. propagate = no; }; # [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the # Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse # Kill block". # Client { # host = "user@host"; # ip = "user@ip"; # password = "password"; # class = "classname"; # sslfp = "sslfingerprint"; # noidenttilde = yes/no; # hidehostcomponants = number; # autojoinchannel = "mircx"; # autojoinnotice = "autojoinnotice"; # }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to <hostmask>, # and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the <IP mask ...> field, if this matches # then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections # though; in this case the <IP mask ...> field is compared with the # name of the server (thus not with any IP-number representation). The name # of the server is the one returned in the numeric 002 reply, for example: # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would # match this block: # host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. Client { class = "Local"; ip = "*@*"; maxlinks = 5; }; Client { class = "Other"; host = "*@*"; maxlinks = 5; }; # If you don't want unresolved dudes to be able to connect to your # server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. Client { host = "*@*.mibbit.com"; class = "Other"; maxlinks = 10; }; Client { host = "*@*.net"; class = "America"; maxlinks = 5; }; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other # way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... Client { host = "*@*.mibbit.com"; class = "Other"; maxlinks=10; }; Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; Client { host = "*@*.nl.net"; class = "Other"; maxlinks=2; }; # You can request a more complete listing, including the "list of standard # Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). Client { host = "*@*.london.ac.uk"; ip = "*@193.37.*"; class = "Other"; # A maxlinks of over 5 will automatically be glined by euworld on Undernet maxlinks = 5; }; # You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: # Client { # host = "*@*.swipnet.se"; # maxlinks = 1; # class = "Other"; # }; # Client { # host = "*@dial??.*"; # maxlinks = 2; # class = "Other"; # }; # # If you are not worried about who connects, this line will allow everyone # to connect. Client { host = "*@*"; ip = "*@*"; class = "Other"; maxlinks = 10; }; # You can additionally specify either a country code or continent code # using the country or continent fields for a Client block to be matched # by. Client { country = "IL"; class = "Local"; }; # You can also specify an SSL client certificate fingerprint for a Client # block as an alternative, or addition to the password for authentication. Client { host = "*"; ip = "*"; class = "Other"; sslfp = "61D0720B27D8AED9C0A7CB788091B0D8D9A94E119D5118E574B70EECD41B3C26"; }; # You can disable the '~' prefix applied to users with no ident reply by # setting noidenttilde to 'no' (default: 'yes'). Client { host = "local"; ip = "*"; class = "Other"; noidenttilde = yes; }; # You can specify a server (and optionally a port) that a client should be advised # to reconnect to using the 'redirect' option. If a port is not specified then # 6667 is used. # # Client { # host = "*@*"; # ip = "*@*"; # class = "Other"; # redirect = "some.other.server.com" 6667; # }; # You can specify the number of host name componants to hide when using # HOST_HIDING_STYLE 2 or 3 by adding the hidehostcomponants option to a Client # block. # # Client { # host = "*@*"; # ip = "*@*"; # class = "Other"; # hidehostcomponants = 10; # }; # You can specify a list of channels to automatically join users into upon # connecting by adding the autojoinchannel option to the Client block. You # can also specify a notice to send to users when they are automatically. # Client { host = "*@*"; ip = "*@*"; class = "Other"; autojoinchannel = "#reut"; autojoinnotice = "*** Notice -- You are now being autojoined into #mIRCx Enjoy ;)"; }; # [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. # motd { # # Note: host can also be a classname. # host = "Other"; # country = "countrycode"; # continent = "continentcode"; # file = "path/to/motd/file"; # }; # # More than one host/country/continent = "mask"; entry may be present in # one block; this has the same effect as one Motd block for each host # entry, but makes it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged # to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. motd { host = "*.net"; file = "net_com.motd"; }; motd { host = "*.com"; file = "net_com.motd"; }; motd { host = "America"; file = "net_com.motd"; }; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... motd { host = "*.london.ac.uk"; file = "london.motd"; }; # [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode # change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. # UWorld { # # The servername or wildcard mask for it that this applies to. # name = "relservername"; # }; # # You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that # all of the servers have the EXACT same UWorld blocks. # # If your server starts on a bit larger network, you'll probably get # assigned one or two uplinks to which your server can connect. # If your uplink(s) also connect to other servers than yours (which is # probable), you need to define your uplink as being allowed to "hub". # See the Connect block documentation for details on how to do that. UWorld { name = "uworld.eu.undernet.org"; name = "uworld2.undernet.org"; name = "uworld.undernet.org"; name = "channels.undernet.org"; name = "channels2.undernet.org"; name = "channels3.undernet.org"; name = "channels4.undernet.org"; name = "channels5.undernet.org"; name = "channels6.undernet.org"; }; # As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and # CFV-0255, the following nicks must be juped, it is not allowed to # jupe others as well. Jupe { nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; nick = "EuWorld,UWorld,UWorld2"; nick = "login,undernet,protocol,pass,newpass,org"; nick = "StatServ,NoteServ"; nick = "ChanSvr,ChanSaver,ChanServ"; nick = "NickSvr,NickSaver,NickServ,ChanFix,HostServ,BotServ,GameServ,saslserv,operserv,HelpServ,ALIS"; nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; }; # [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # # For this purpose, the ircd understands "kill blocks". These are also # known as K-lines, by virtue of the former config file format. # Kill # { # host = "user@host"; # reason = "The reason the user will see"; # }; # It is possible to ban on the basis of the real name. # It is also possible to use a file as comment for the ban, using # file = "file": # Kill # { # realname = "realnametoban"; # file = "path/to/file/with/reason/to/show"; # }; # It is also possible to ban using either the 2 letter country code or # the 2 letter continent code provided by GeoIP using either the country # or continent fields. # Kill # { # country = "US"; # reason = "Local server for local people!"; # }; # # # The default reason is: "You are banned from this server" # Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server # that doesn't have them Killed (yet). # # With a simple comment, using quotes: #Kill { host = "*.au"; reason = "Please use a nearer server"; }; #Kill { host = "*.edu"; reason = "Please use a nearer server"; }; # You can also kill based on username. #Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; }; # The file can contain for example, a reason, a link to the # server rules and a contact address. Note the combination # of username and host in the host field. #Kill #{ # host = "*luser@unixbox.flooder.co.uk"; # file = "kline/youflooded.txt"; #}; # IP-based kill lines apply to all hosts, even if an IP address has a # properly resolving host name. #Kill #{ # host = "192.168.*"; # file = "klines/martians"; #}; # # The realname field lets you ban by realname... Kill { realname = "*sub7*"; reason = "You are infected with a Trojan"; }; # The version field lets you ban by CTCP version (requires "CTCP_VERSION" and # "CTCP_VERSIONING_KILL" to be enabled in the Features block) #Kill #{ # version = "*iroffer*"; # reason = "You are using a disallowed chat client version. Either upgrade #or get a new client."; #}; # # A Kill block can also allow authenticated users to connect even if they match # the kill block in question. This can be achieved by adding the authexempt # option to the kill block. Addition of the mark option will add a line to the # users WHOIS with the value of the mark option. #Kill #{ # host = "silly.people"; # reason = "Silly people are not allowed unless authenticated."; # authexempt = yes; # mark = "Silly Person"; #}; # # [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. # IRC servers connect to other servers forming a network with a star or # tree topology. Loops are not allowed. # In this network, two servers can be distinguished: "hub" and "leaf" # servers. Leaf servers connect to hubs; hubs connect to each other. # Of course, many servers can't be directly classified in one of these # categories. Both a fixed and a rule-based decision making system for # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # # The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. # Connect { # name = "servername"; # host = "hostnameORip"; # vhost = "localIP"; # password = "passwd"; # port = portno; # class = "classname"; # maxhops = 2; # hub = "*.eu.undernet.org"; # autoconnect = no; # sslfp = "sslfingerprint"; # }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also # the port used when the server attempts to auto-connect to the remote # server. (See Class blocks for more informationa about auto-connects). # You may tell ircu to not automatically connect to a server by adding # "autoconnect = no;"; the default is to autoconnect. # # If the vhost field is present, the server will use that IP as the # local end of connections that it initiates to this server. This # overrides the vhost value from the General block. # # If the sslfp field is present the remote server must be connected via # SSL using an SSL certificate with the SHA256 fingerprint specified to # be allowed to use the Connect block. # # The maxhops field causes an SQUIT if a hub tries to introduce # servers farther away than that; the element 'leaf;' is an alias for # 'maxhops = 0;'. The hub field limits the names of servers that may # be introduced by a hub; the element 'hub;' is an alias for # 'hub = "*";'. # # Our primary uplink. Connect { name = "cservice.mIRCxNet.Services"; host = "192.168.1.13"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "X3.NanaChat.Services"; host = "192.168.1.14"; password = "123456"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "srvx.mIRCxNet.ISRAEL.Services"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; #Connect { # name = "php.WebGamesNet.net"; # host = "192.168.1.17"; # password = "asher"; # port = 4400; # class = "Server"; # hub = "*"; #}; Connect { name = "PHP.Services.WebGamesNet.net"; host = "192.168.1.14"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; Connect { name = "services.mIRCxNet.Services"; host = "192.168.1.13"; password = "asher"; port = 4400; class = "Server"; hub = "*"; }; # [crule] # # For an advanced, real-time rule-based routing decision making system # you can use crule blocks. For more information, see doc/readme.crules. # If more than one server mask is present in a single crule, the rule # applies to all servers. # CRULE # { # server = "servermask"; # rule = "connectrule"; # # Setting all to yes makes the rule always apply. Otherwise it only # # applies to autoconnects. # all = yes; # }; CRULE { server = "*.US.UnderNet.org"; rule = "connected(*.US.UnderNet.org)"; }; CRULE { server = "*.EU.UnderNet.org"; rule = "connected(Amsterdam.NL.EU.*)"; }; # The following block is recommended for leaf servers: CRULE { server = "*"; rule = "directcon(*)"; }; # [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the # server break or (try to) establish a connection with another server, # and to "kill" users off IRC. # I can write many pages about this; I will restrict myself to saying that # if you want to appoint somebody as IRC Operator on your server, that # person should be aware of his/her responsibilities, and that you, being # the admin, will be held accountable for their actions. # # There are two sorts of IRC Operators: "local" and "global". Local opers # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. # # More than one host = "mask"; entry may be present in one block; this # has the same effect as one Operator block for each host entry, but # makes it easier to update operator nicks, passwords, classes, and # privileges. # # Operator { # host = "host/IP mask"; # name = "opername"; # password = "encryptedpass"; # class = "classname"; # sslfp = "sslfingerprint"; # snomask = number; # autojoinchannel = "channellist"; # autojoinnotice = "autjoinnotice"; # # You can also set any operator privilege; see the Class block # # documentation for details. A privilege defined for a single # # Operator will override the privilege settings for the Class # # and the default setting. # }; # # By default, the password is hashed using the system's native crypt() # function. Other password mechanisms are available; the umkpasswd # utility from the ircd directory can hash passwords using those # mechanisms. If you use a password format that is NOT generated by # umkpasswd, ircu will not recognize the oper's password. # # If sslfp is present the user must be connected via SSL from a client # setup to use an SSL client certificate with the SHA256 fingerprint # specified. # # snomask is used to specify the server notice mask an oper gets when # he/she uses /oper. See doc/snomask.txt or doc/snomask.html for # details on what this number means. # # autjoinchannel allows you to specify channels the user is automatically # joined into when he/she uses /oper. Additionally you can specify a # notice to be sent to the user by using autojoinnotice. # # All privileges are shown with their default values; if you wish to # override defaults, you should set only those privileges for the # operator. Listing defaulted privileges just makes things harder to # find. Operator { local = no; host = "*@*.cs.vu.nl"; password = "VRKLKuGKn0jLt"; name = "Niels"; class = "Local"; }; Operator { host = "*@*"; password = "$PLAIN$leetmo"; name = "darksis"; local = no; whox = yes; display = yes; chan_limit = yes; mode_lchan = yes; deop_lchan = yes; walk_lchan = yes; show_invis = yes; show_all_invis = yes; unlimit_query = yes; local_kill = yes; rehash = yes; restart = yes; die = yes; local_jupe = yes; set = yes; local_gline = yes; local_badchan = yes; local_shun = yes; see_chan = yes; list_chan = yes; wide_gline = yes; wide_shun = yes; see_opers = yes; local_opmode = yes; force_local_opmode = yes; kill = yes; gline = yes; jupe = yes; shun = yes; opmode = yes; badchan = yes; force_opmode = yes; apass_opmode = yes; check = yes; whois_notice = yes; admin = yes; remote = yes; freeform = yes; remoterehash = yes; remove = yes; local_zline = yes; zline = yes; wide_zline = yes; service = yes; xtraop = yes; hide_oper = yes; hide_channels = yes; hide_idle = yes; class = "Opers"; }; # Note that the <connection class> is optional, but leaving it away # puts the opers in class "default", which usually only accepts one # connection at a time. If you want users to Oper up more then once per # block, then use a connection class that allows more then one connection, # for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or # your previous connection classes. If the defined connection class is # Local for the operator block, then your new connection class is Local. # [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. # IANA says we should use port 194, but that requires us to run as root, # so we don't do that. # # # Port { # port = [ipv4] [ipv6] number; # mask = "ipmask"; # # Use this to control the interface you bind to. # vhost = [ipv4] [ipv6] "virtualhostip"; # # You can specify both virtual host and port number in one entry. # vhost = [ipv4] [ipv6] "virtualhostip" number; # # Setting to yes makes this server only. # server = yes; # # Setting to yes makes the port "hidden" from stats. # hidden = yes; # # Setting to yes makes the port accept SSL encrypted connections. # ssl = yes; # }; # # The port and vhost lines allow you to specify one or both of "ipv4" # and "ipv6" as address families to use for the port. The default is # to listen on both IPv4 and IPv6. # # The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting # to specify anything other than numbers, dots and stars [0-9.*] will result # in the port allowing connections from anyone. # # The interface setting allows multiply homed hosts to specify which # interface to use on a port by port basis, if an interface is not specified # the default interface will be used. The interface MUST be the complete # IP address for a real hardware interface on the machine running ircd. # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # Port { server = yes; port = 4400; }; # This is an SSL port. Port { ssl = yes; port = 6650; }; # This is an IPv4-only Server port that is Hidden Port { server = yes; hidden = yes; port = ipv4 6668; }; # The following are normal client ports Port { port = 6668; }; #Port { port = 7776; }; #Port { port = 4872; }; #Port { # # This only accepts clients with IPs like 192.168.*. # mask = "192.168.*"; # port = 6668; #}; # # This is a hidden client port, listening on 168.8.21.107. #Port { # vhost = "192.168.1.13"; # hidden = no; # port = 6667; #}; # More than one vhost may be present in a single Port block; in this case, # we recommend listing the port number on the vhost line for clarity. #Port { # vhost = "172.16.0.1" 6667; # vhost = "172.16.3.1" 6668; # hidden = no; #}; # # [Spoofhost] # # Spoofhost "*" { # pass = "aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW"; # host = "*"; # autoapply = yes; # ismask = yes; # }; # <spoof host> An ident@hostname or hostname to be spoofed # <password> A password for this spoof host. Used if SETHOST_USER is enabled. # <hostmask> A hostmask for matching against users that are to be auto # spoofed or to restrict access to a spoof host. # <autoapply> Either yes or no, yes indicates that the Spoofhost should be # automatically applied to a user. If set to yes, <pass> is # ignored when automatically applying the host. # <ismask> Either yes or no, yes indicates that <spoof host> is a wild # card mask (includes * or ?) to match against the supplied spoof # host. A yes also sets <autoapply> to no. # # NOTE: When using ismask steps should be taken to ensure only users you trust # can make use of a Spoofhost block using the option. The reason for this # is because of the nature of ismask, users who can use a Spoofhost block # with ismask enabled can make use of a wild card mask to change their # host name and evade channel bans. # # Spoofhost "testsline.AfterNET.Org" { pass = #"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW"; host = "*"; }; # # This is how to define Spoofhosts when having freeform turned off. # Spoofhost "testsline2.AfterNET.Org" { username = "x"; host = "nohost"; }; # Quarantine blocks disallow operators from using OPMODE and CLEARMODE # on certain channels. Opers with the force_opmode (for local # channels, force_local_opmode) privilege may override the quarantine # by prefixing the channel name with an exclamation point ('!'). # Wildcards are NOT supported; the channel name must match exactly. Quarantine { "#shells" = "Thou shalt not support the h4><0rz"; "&kiddies" = "They can take care of themselves"; }; # This is a server-implemented alias to send a message to a service. # The string after Pseudo is the command name; the name entry inside # is the service name, used for error messages. More than one nick # entry can be provided; the last one listed has highest priority. Pseudo "CHANSERV" { name = "CHANSERV"; nick = "AuthServ@srvx.mIRCxNet.ISRAEL.Services"; }; # You can also prepend text before the user's message. Pseudo "cmd" { name = "CHANSERV"; prepend = "service"; nick = "AuthServ@srvx.mIRCxNet.ISRAEL.Services"; }; # You can also specify the default text to send if the user does not # supply some text. Pseudo "AUTHSERV" { name = "AUTH"; nick = "AuthServ@srvx.mIRCxNet.ISRAEL.Services"; }; Pseudo "AUTH" { name = "authserv"; nick = "AuthServ@srvx.mIRCxNet.ISRAEL.Services"; prepend = "AUTH"; }; # You can ask a separate server whether to allow users to connect. # Uncomment this ONLY if you have an iauth helper program. IAuth { program = "/usr/bin/perl" "/home/mircx/nefarious2/tools/iauthd.pl" "-v" "-d" "-c" "/home/mircx/lib/ircd.conf"; }; #IAUTH POLICY RTAWUwFr #IAUTH CACHETIMEOUT 21600 #IAUTH DNSTIMEOUT 5 #IAUTH BLOCKMSG Sorry! Your connection to AfterNET has been rejected because of your internet address's poor reputation. You may try an authenticated login using Login-On-Connect (LOC) instead. See http://afternet.org/rbl for more information. #IAUTH DNSBL server=dnsbl.sorbs.net index=2,3,4,5,6,7,9 mark=sorbs block=anonymous #IAUTH DNSBL server=dnsbl.dronebl.org index=2,3,5,6,7,8,9,10,13,14,15 mark=dronebl block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=4 mark=tor block=anonymous #IAUTH DNSBL server=rbl.efnetrbl.org index=1,2,3,5 mark=efnetrbl block=anonymous #IAUTH DNSBL server=dnsbl-2.uceprotect.net index=2 mark=uce-2 #IAUTH DNSBL server=6667.173.122.134.230.173.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=80.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous #IAUTH DNSBL server=443.204.128.107.97.ip-port.exitlist.torproject.org index=2 mark=tor block=anonymous # [Forwards] # These blocks will enable the server to forward any messages which # are prefixed and specific with a b:line. This will allow users to # use the services without the services being in channel. # # Forwards { # "<prefix>" = "<services server>"; # }; # # Forwards { # "!" = "channels.undernet.org"; # "?" = "channels.undernet.org"; # "." = "channels.undernet.org"; # }; # # Any channel messages prefixed with a ? ! or a . would be sent to # channels.undernet.org in the above examples. # [WebIRC] # These blocks allow you to run a WEBIRC client on your website without # having to set clone exceptions for your websites hostname on your IRCd. # WEBIRC will send a WEBIRC command along with the clients hostname, ip and # WEBIRC password. # # WebIRC { # host = "user@host"; # password = "password"; # ident = "fakeident"; # userident = yes/no; # ignoreident = yes/no; # stripsslfp = yes/no; # description = "description"; # }; # # The host and password fields take the same formats as in the Client block. # The host field is matched against the host mask of the client attempting # to use the WEBIRC command. The ident field is optional and if specified # is used as if it were the reply from the users identd. The ignoreident # option causes any identd reply already received to be ignored. The # userident option uses the USER user name as if it were an identd reply if # none was received or if ignoreident is set to yes. The description field is # a short line of text to be added to the user's WHOIS to mark them as a # WEBIRC user. If the client issuing the WEBIRC command uses an SSL client # certificate then stripsslfp should be set to yes. # # Example: #WebIRC { # host = "*@192.168.1.14"; # password = "$PLAIN$kg533n6xVI"; # }; # WebIRC { # description = "mibbit"; # host = "*@64.62.228.82"; # ident = "fakeident"; # userident = yes; # ignoreident = yes; # pass = "$PLAIN$asher"; # description = "http://www.mibbit.com"; # }; # WebIRC { # host = "*"; # password = "123456"; # ident = "*"; # userident = yes; # ignoreident = yes; # stripsslfp = yes; # description = "description"; # }; WebIRC { host = "*@207.192.75.252"; password = "WEBIRC"; description = "Mibbit"; }; WebIRC { host = "*@78.129.202.38"; password = "WEBIRC"; description = "Mibbit"; }; WebIRC { host = "*@109.169.29.95"; password = "WEBIRC"; description = "Mibbit"; }; # [Except] # These blocks allow you to exempt matching clients from various # restrictions or checks. # # Except { # host = "user@host"; # shun = yes/no; # kline = yes/no; # gline = yes/no; # ident = yes/no; # rdns = yes/no; # ipcheck = yes/no; # targetlimit = yes/no; # }; # # The host field is used to specify a user@host mask to select clients to # apply the exemptions to. For some exemption types such as ipcheck, ident and # rdns, you can only specify a mask of *@<ip> or *@<cidr> as neither ident nor # rDNS checks have been performed when exceptions have been checked. The kline # type exempts users from Kill blocks in ircd.conf that the client matches. # The gline and shun types exempt matching clients from glines and shuns # respectively. The ident and rdns types stop the IRCd from performing ident # and reverse DNS lookups for matching clients. The ipcheck type exempts # matching clients from connection throttling and IP limits. The targetlimit # type exempts matching clients from the message target limits. # [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the # configuration file. Features let you configure these at runtime. # You only need one feature block in which you use # "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; # # The entire purpose of F:lines are so that you do not have to recompile # the IRCD everytime you want to change a feature. All of the features # are listed below, and at the bottom is how to set logging. # # A Special Thanks to Kev for writing the documentation of F:lines. It can # be found at doc/readme.features and the logging documentation can be # found at doc/readme.log. The defaults used by the Undernet network are # below. # features { # These log features are the only way to get certain error messages # (such as when the server dies from being out of memory). For more # explanation of how they work, see doc/readme.log. "LOG" = "SYSTEM" "FILE" "ircd.log"; "LOG" = "SYSTEM" "LEVEL" "CRIT"; # "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>"; # "RELIABLE_CLOCK"="FALSE"; # "BUFFERPOOL"="27000000"; # "HAS_FERGUSON_FLUSHER"="FALSE"; "CLIENT_FLOOD"="1024"; # "SERVER_PORT"="4400"; # "NODEFAULTMOTD"="TRUE"; # "MOTD_BANNER"="TRUE"; # "KILL_IPMISMATCH"="FALSE"; # "IDLE_FROM_MSG"="TRUE"; "HUB"="TRUE"; "WALLOPS_OPER_ONLY"="TRUE"; # "NODNS"="FALSE"; # "RANDOM_SEED"="<you should set one explicitly>"; # "DEFAULT_LIST_PARAM"=""; # "NICKNAMEHISTORYLENGTH"="800"; "NETWORK"="NanaChat"; "HOST_HIDING"="TRUE"; "HIDDEN_HOST"="Basic.NanaChat.co.il"; "HIDDEN_IP"="192.168.1.14"; # "KILLCHASETIMELIMIT"="30"; "MAXCHANNELSPERUSER"="10"; # "NICKLEN" = "12"; # "AVBANLEN"="40"; # "MAXBANS"="50"; # "MAXSILES"="15"; "HANGONGOODLINK"="300"; # "HANGONRETRYDELAY" = "10"; "CONNECTTIMEOUT" = "90"; # "MAXIMUM_LINKS" = "1"; "PINGFREQUENCY" = "120"; # "CONNECTFREQUENCY" = "600"; "DEFAULTMAXSENDQLENGTH" = "1000"; # "GLINEMAXUSERCOUNT" = "20"; "MPATH" = "ircd.motd"; # "RPATH" = "remote.motd"; "PPATH" = "ircd.pid"; # "TOS_SERVER" = "0x08"; # "TOS_CLIENT" = "0x08"; # "POLLS_PER_LOOP" = "200"; # "IRCD_RES_TIMEOUT" = "4"; # "IRCD_RES_RETRIES" = "2"; "AUTH_TIMEOUT" = "9"; "IPCHECK_CLONE_LIMIT" = "3"; "IPCHECK_CLONE_PERIOD" = "40"; "IPCHECK_CLONE_DELAY" = "600"; # "CHANNELLEN" = "200"; # "CONFIG_OPERCMDS" = "TRUE"; "OPLEVELS" = "TRUE"; # "ZANNELS" = "TRUE"; # "LOCAL_CHANNELS" = "TRUE"; # "ANNOUNCE_INVITES" = "FALSE"; # These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) # behavior to hide most network topology from users. "HIS_SNOTICES" = "TRUE"; "HIS_SNOTICES_OPER_ONLY" = "TRUE"; "HIS_DEBUG_OPER_ONLY" = "TRUE"; # "HIS_WALLOPS" = "TRUE"; # "HIS_MAP" = "TRUE"; # "HIS_LINKS" = "TRUE"; # "HIS_TRACE" = "TRUE"; # "HIS_STATS_a" = "TRUE"; # "HIS_STATS_c" = "TRUE"; # "HIS_STATS_d" = "TRUE"; # "HIS_STATS_e" = "TRUE"; # "HIS_STATS_f" = "TRUE"; # "HIS_STATS_g" = "TRUE"; # "HIS_STATS_i" = "TRUE"; # "HIS_STATS_j" = "TRUE"; # "HIS_STATS_J" = "TRUE"; # "HIS_STATS_k" = "TRUE"; # "HIS_STATS_l" = "TRUE"; # "HIS_STATS_L" = "TRUE"; # "HIS_STATS_m" = "TRUE"; # "HIS_STATS_M" = "TRUE"; # "HIS_STATS_o" = "TRUE"; # "HIS_STATS_p" = "TRUE"; # "HIS_STATS_q" = "TRUE"; # "HIS_STATS_r" = "TRUE"; # "HIS_STATS_R" = "TRUE"; # "HIS_STATS_S" = "TRUE"; # "HIS_STATS_t" = "TRUE"; # "HIS_STATS_T" = "TRUE"; # "HIS_STATS_u" = "FALSE"; # "HIS_STATS_U" = "TRUE"; # "HIS_STATS_v" = "TRUE"; # "HIS_STATS_w" = "TRUE"; # "HIS_STATS_x" = "TRUE"; # "HIS_STATS_y" = "TRUE"; # "HIS_STATS_z" = "TRUE"; "HIS_STATS_IAUTH" = "TRUE"; # "HIS_WHOIS_SERVERNAME" = "TRUE"; # "HIS_WHOIS_IDLETIME" = "TRUE"; # "HIS_WHOIS_LOCALCHAN" = "TRUE"; # "HIS_WHO_SERVERNAME" = "TRUE"; # "HIS_WHO_HOPCOUNT" = "TRUE"; "HIS_MODEWHO" = "TRUE"; # "HIS_BANWHO" = "TRUE"; # "HIS_KILLWHO" = "TRUE"; # "HIS_REWRITE" = "TRUE"; # "HIS_REMOTE" = "TRUE"; # "HIS_NETSPLIT" = "TRUE"; "HIS_SERVERNAME" = "*.NanaChat.co.il"; "HIS_SERVERINFO" = "The NanaChat Underworld"; # "HIS_URLSERVERS" = "http://www.undernet.org/servers.php"; # "URLREG" = "http://cservice.undernet.org/live/"; "CHECK" = "TRUE"; # "CHECK_EXTENDED" = "TRUE"; # "MAX_CHECK_OUTPUT" = "1000"; "OPER_WHOIS_PARANOIA" = "TRUE"; "OPER_HIDE" = "TRUE"; # "AUTOCHANMODES" = "TRUE"; # "AUTOCHANMODES_LIST" = ""; "UHNAMES" = "TRUE"; # "RESTARTPASS" = ""; "CONNEXIT_NOTICES" = "TRUE"; # "DIEPASS" = ""; # "HIS_STATS_W" = "TRUE"; "WHOIS_OPER" = "is an IRC Operator"; "WHOIS_SERVICE" = "is a Network Service"; # "TARGET_LIMITING" = "TRUE"; "OPER_XTRAOP" = "TRUE"; "OPERMOTD" = "TRUE"; "RULES" = "TRUE"; # "DISABLE_SHUNS" = FALSE"; # "SHUNMAXUSERCOUNT" = "20"; "HIS_SHUN_REASON" = "TRUE"; "HIS_GLINE_REASON" = "TRUE"; # "NOIDENT" = "FALSE"; "EXTENDED_ACCOUNTS" = "FALSE"; # "LOGIN_ON_CONNECT" = "FALSE"; "LOC_SENDHOST" = "TRUE"; "LOC_SENDSSLFP" = "TRUE"; "LOC_DEFAULT_SERVICE" = "AuthServ"; # "LOC_TIMEOUT" = 3; # "STRICTUSERNAME" = "FALSE"; # "APASS_CANSEND" = "FALSE"; # "HOST_IN_TOPIC" = "TRUE"; # "HIS_STATS_s" = "TRUE"; "SETHOST" = "TRUE"; # "SASL_AUTOHIDEHOST" = "TRUE"; # "FLEXIBLEKEYS" = "FALSE"; # "HIS_STATS_E" = "TRUE"; # "SASL_SERVER" = "*"; # "LISTDELAY" = 15; # "ALLOW_OPLEVEL_CHANGE" = "FALSE"; # "NETWORK_REHASH" = "TRUE"; # "LIST_SHOWMODES_OPERONLY" = "TRUE"; # "LIST_PRIVATE_CHANNELS" = ""; # "MAXWATCHS" = "128"; # "HIS_STATS_Z" = "TRUE"; # "SASL_TIMEOUT" = "8"; # "NOMULTITARGETS" = "FALSE"; # "HIS_IRCOPS" = "TRUE"; # "HIS_IRCOPS_SERVERS" = "TRUE"; # "CHMODE_a" = "TRUE"; # "CHMODE_c" = "TRUE"; # "CHMODE_e_CHMODEEXCEPTION" = "TRUE"; # "CHMODE_C" = "TRUE"; # "CHMODE_L" = "TRUE"; # "CHMODE_M" = "TRUE"; # "CHMODE_N" = "TRUE"; # "CHMODE_O" = "TRUE"; # "CHMODE_Q" = "TRUE"; # "CHMODE_S" = "TRUE"; # "CHMODE_T" = "TRUE"; # "CHMODE_Z" = "TRUE"; # "HALFOPS" = "FALSE"; # "EXCEPTS" = "FALSE"; # "MAXEXCEPTS" = 45; # "AVEXCEPTLEN" = 40; # "CHMODE_e_CHMODEEXCEPTION" = "TRUE"; # "HALFOP_DEHALFOP_SELF" = "FALSE"; # "CHMODE_Z_STRICT" = "TRUE"; # "MAX_BOUNCE" = "5"; # "EXTBANS" = "TRUE"; # "EXTBAN_j_MAXDEPTH" = "1"; # "EXTBAN_j_MAXPERCHAN" = "2"; # "EXTBAN_a" = "TRUE"; # "EXTBAN_c" = "TRUE"; # "EXTBAN_j" = "TRUE"; # "EXTBAN_n" = "TRUE"; # "EXTBAN_q" = "TRUE"; # "EXTBAN_r" = "TRUE"; # "EXTBAN_m" = "TRUE"; # "EXTBAN_M" = "TRUE"; "OMPATH" = "ircd.opermotd"; "EPATH" = "ircd.rules"; "HIDDEN_HOST_QUIT" = "TRUE"; "HIDDEN_HOST_SET_MESSAGE" = "Registered"; "HIDDEN_HOST_UNSET_MESSAGE" = "UnRegistered"; # "ALLOWRMX" = "FALSE"; "OPERHOST_HIDING" = "TRUE"; "HIDDEN_OPERHOST" = "NanaChat.Network"; "HOST_HIDING_STYLE" = "3"; "HOST_HIDING_PREFIX" = "NanaChat"; "HOST_HIDING_KEY1" = "aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW"; "HOST_HIDING_KEY2" = "sdfjkLJKHlkjdkfjsdklfjlkjKLJ"; "HOST_HIDING_KEY3" = "KJklJSDFLkjLKDFJSLKjlKJFlkjS"; "HOST_HIDING_COMPONENTS" = "1"; "CTCP_VERSIONING" = "TRUE"; "CTCP_VERSIONING_KILL" = "TRUE"; # "CTCP_VERSIONING_CHAN" = "TRUE"; # "CTCP_VERSIONING_CHANNAME" = "#TheOps"; # "CTCP_VERSIONING_USEMSG" = "TRUE"; "CTCP_VERSIONING_NOTICE" = "*** Checking your client version"; "GEOIP_ENABLE" = "TRUE"; "GEOIP_FILE" = "GeoIP.dat"; "GEOIP_IPV6_FILE" = "GeoIPv6.dat"; "MMDB_FILE" = "GeoLite2-Country.mmdb"; "SSL_CERTFILE" = "ircd.pem"; "SSL_KEYFILE" = "ircd.pem"; # "SSL_CACERTFILE" = "18:4F:EC:EB:E8:27:A5:F8:E4:80:30:70:F6:C9:F1:E1:85:F9:F1:4B"; # "SSL_VERIFYCERT" = "TRUE"; # "SSL_NOSELFSIGNED" = "TRUE"; "SSL_NOSSLV3" = "TRUE"; # "SSL_REQUIRECLIENTCERT" = "TRUE"; # "DISABLE_ZLINES" = "FALSE"; # "HIS_ZLINE_REASON" = "FALSE"; # "ZLINEMAXUSERCOUNT" = "20"; # "CAP_multi_prefix" = "TRUE"; # "CAP_userhost_in_names" = "TRUE"; # "CAP_extended_join" = "TRUE"; # "CAP_away_notify" = "TRUE"; # "CAP_account_notify" = "TRUE"; # "CAP_sasl" = "TRUE"; # "CAP_tls" = "TRUE"; #IAUTHD <directive> <arguments>"; }; # Well, you have now reached the end of this sample configuration # file. If you have any questions, feel free to mail # <coder-com@undernet.org>. If you are interested in linking your # server to the Undernet IRC network visit # http://www.routing-com.undernet.org/, and if there are any # problems then contact <routing-com@undernet.org> asking for # information. Upgrades of the Undernet ircd can be found on # http://coder-com.undernet.org/. # # For the rest: Good Luck! # # -- Niels.

config fix by mIRCx

Chief Sat Jul 15, 2023 9:51 pm

the best version inspircd-2.0.29 with good config with a new modules all modules
one there a module is Private privacy protection against pedophilia
the name is userpm
for download
https://f2h.io/l5mq4n1d171r
enjoy

Sponsored content

mIRCx IRC Network Config

bopm.conf For uneralircd4

hybrid open proxy monitor for unrealircd 4

update Config UnrealIRCd-4.0.15

download ircu2 2.10.13.alpha.0

Re: mIRCx IRC Network Config

new config inspircd-2.0.24 && atheme-services 7.2.8

iauthd.pl +ircd.conf ircu2.10.12.pk-WGN5 fix By BMT

ircu2.10.12.pk-WGN5 +iauth.pl protection from proxy conf 2

sockcheck.conf for srvx irc

ircu2.10.12.pk-WGN5 +iauth.pl protection from proxy conf 3

ircu2.10.12.pk-WGN5 +iauth.pl protection from proxy conf 4

sockcheck.conf5 for srvx irc

snircd.ircd.config

nefarious2 +srvx 1.4 config

inspircd config and all modules

Re: mIRCx IRC Network Config

Mon	Tue	Wed	Thu	Fri	Sat	Sun
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30