# CETK epic proxy checker 0.8 # unload cetk.proxycheck package cetk.proxycheck # # Required (epic dist). # load functions load data_array # # This script does not depend on the channel management script, but it or # something similar to it is probably necessary if you intend to kick/ban/kill # based on the information it returns. # # # This script is an interface to DNS and RHS block lists. It is similar to the # Blitzed Open Proxy Monitor which can be found at http://www.blitzed.org/bopm/ # # The one liner documentation is this: The input is "/proxycheck [n!u@h]", the # output is an "/on hook" hook, and you need the "host" shell command to make # it work. # # It is not strictly necessary for the input to be in n!u@h form. A hostname # will do. Anything before a @ is stripped, and you can give it more than one. # # The output of this script can be collected by an "/on hook" hook where user # supplied code can do what it wants with it. Note that it only outputs hits # rather than misses, No particularly useful examples are supplied here right # now except the following which just displays hits. # # /on -hook proxy* echo $* # # The host shell program this script was developed for can be found at the # following urls. The one that comes with (some versions of) bind is # incompatible since it doesn't have the -x switch or an equivalent. Its # output is also different, and this makes it difficult to make the script # compatible with both. # # ftp://ftp.weird.com/pub/local/host.tar.gz # http://www.weird.com/ftp/pub/local/host.tar.gz # # Great list of *BL's: http://moensted.dk/spam/ # # XXX Proper effective use issues. # # Bugs and issues: # # * The host command turned out to be a bad choice. This needs to be fixed. # * If you try to use dnsbl.dom and x.dnsbl.dom, everything starts to fail. # * It is possible to screw this script up by using spoofed hostnames. # * It is not easy to remove unwanted blocklists once they're set. # # # Settings. # @ proxy.checkersmax = 1 # # Initialise the blockers list by testing which ones respond. # defer proxycheck 2.0.0.127.opm.blitzed.org defer proxycheck 2.0.0.127.dnsbl.dronebl.org defer proxycheck 2.0.0.127.cbl.abuseat.org defer proxycheck 2.0.0.127.sbl-xbl.spamhaus.org defer proxycheck 2.0.0.127.zen.spamhaus.org defer proxycheck 2.0.0.127.all.rbl.kropka.net #defer proxycheck 2.0.0.127.ircbl.ahbl.org #defer proxycheck 2.0.0.127.dnsbl.ahbl.org defer proxycheck 2.0.0.127.dnsbl.njabl.org defer proxycheck 2.0.0.127.dnsbl.sorbs.net defer proxycheck 2.0.0.127.unconfirmed.dsbl.org #defer proxycheck 2.0.0.127.proxies.relays.monkeys.com defer proxycheck 2.0.0.127.proxy.bl.gweep.ca defer proxycheck 2.0.0.127.blackholes.easynet.nl defer proxycheck 2.0.0.127.no-more-funn.moensted.dk defer proxycheck 2.0.0.127.relays.osirusoft.com #defer proxycheck 2.0.0.127.bl.reynolds.net.au defer proxycheck 2.0.0.127.t1.bl.reynolds.net.au defer proxycheck 2.0.0.127.t2.bl.reynolds.net.au defer proxycheck 2.0.0.127.t3.bl.reynolds.net.au defer proxycheck 2.0.0.127.proxies.exsilia.net defer proxycheck . defer proxycheck 2.0.0.127.rbl.efnet.org defer proxycheck 2.0.0.127.rbl.efnetrbl.org defer proxycheck 2.0.0.127.proxy.block.transip.nl defer proxycheck 2.0.0.127.truncate.gbudb.net defer proxycheck 2.0.0.127.rbl.triumf.ca defer proxycheck 2.0.0.127.rbl-plus.mail-abuse.org defer proxycheck 2.0.0.127.proxies.mail-abuse.org defer proxycheck 2.0.0.127.osps.dnsbl.net.au defer proxycheck 2.0.0.127.osps.dnsbl.net.au defer proxycheck 2.0.0.127.owps.dnsbl.net.au #defer proxycheck 2.0.0.127.tor.ahbl.org defer proxycheck 2.0.0.127.tor.dnsbl.sectoor.de defer proxycheck 2.0.0.127.tor-irc.dnsbl.oftc.net defer proxycheck example.net.in.dnsbl.org #defer proxycheck example.com.rhsbl.ahbl.org defer proxycheck example.tld.rhsbl.sorbs.net defer proxycheck example.tld.dsn.rfc-ignorant.org defer proxycheck example.tld.whois.rfc-ignorant.org defer proxycheck example.tld.abuse.rfc-ignorant.org defer proxycheck example.tld.ipwhois.rfc-ignorant.org defer proxycheck example.tld.bogusmx.rfc-ignorant.org defer proxycheck example.tld.postmaster.rfc-ignorant.org defer proxycheck . alias proxycheck { @ :sn = servernum() @ :sn = 0 > sn ? [_] : sn @ :pid = [hpt$sn] if (debug.proxycheck&1) {echo pt1: $*} ^exec -direct -window -name $pid -end { if (debug.proxycheck&8) {echo pt8: ed: $*} } -errorpart { if (debug.proxycheck&8) {echo pt8: ep: $*} if ([$*]=~[:! *does*not*exist*]) {@ --proxy.checks.$servernum()} } -error { if (debug.proxycheck&4) {echo pt4: $*} if ([$*]=~[:! *does*not*exist*]) {@ --proxy.checks.$servernum()} } -linepart { if (debug.proxycheck&8) {echo pt8: lp: $*} } -line { @ :pid = [hpt$servernum()] switch ($0 $1 $2) { (example.\\[tld com net org\\].% % %) { @ proxy.blrhs = uniq($proxy.blrhs $after(2 . $0)) } (% CNAME %) { setuniqitem proxyback $2 $0 } (% A 127.0.0.1) { fe ($bl.ipfix($0)) sv ip { unless (sv && ip) {continue} proxyhook 16 proxyodd $ip $sv $2 } } (% A 127.%) { @ proxy.bldns = uniq($after(4 . $0) $proxy.bldns) fe ($bl.ipfix($0)) sv ip { unless (sv && ip) {continue} proxyhook 16 proxybl $ip $sv $2 } } (% A %) { setuniqitem proxyback $2 $0 defer proxycheck $2 } (% % *) { fe ($bl.ipfix($0)) sv ip { unless (sv && ip) {continue} proxyhook 16 proxymisc $ip $sv $1- } } } if (debug.proxycheck&2) {echo pt2: $nohighlight($*)} if (proxy.checkersmax && proxy.checkersmax < proxy.checkers) { } elsif (proxy.checkersmax && proxy.checkersmax <= proxy.checkers && proxy.checks.$servernum()) { } elsif (numitems($pid)) { defer proxycheck $getndelitems($pid $jot(-1 1)) } } host -xas 3 --retry=1 fe ($unsplit(" " ${ match(. $*) ? [] : getndelitems($pid -1)} $*)) foo { @ foo = after(-1 @ @$foo), :req = [] if (proxy.checks.$sn && proxy.checkersmax && proxy.checkersmax < proxy.checkers) { setuniqitem $pid $foo } elsif (rmatch($foo 2.0.0.127.* "example.\\[tld com net org\\].*")) { @ :req = foo } elsif (foo=~[*?.*?.*?.*?] && foo!~[*.*.*.*.*] && []==strip(.0123456789 $foo)) { @ :req = replace($cut(3.0 . $foo).xxx xxx $proxy.bldns) } elsif (foo =~ [*?.?*]) { @ :req = replace(${foo}.xxx xxx $proxy.blrhs) @ push(:req $foo) } elsif (foo == [.]) { @ proxy.checks.$sn = 0 @ proxy.checkers++ wait %$pid -cmd { @ --proxy.checkers < 0 ? (proxy.checkers = 0) : [] if (numitems($pid)) { defer proxycheck $getndelitems($pid $jot(-3 3)) } } ^exec -error { if ([$0] =~ [2.0.0.127.\\\[$proxy.bldns\\\]]) { @ proxy.bldns = remw($after(4 . $0) $proxy.bldns) } elsif ([$0] =~ [example.\\\[tld com net org\\\].\\\[$proxy.blrhs\\\]]) { @ proxy.blrhs = remw($after(2 . $0) $proxy.blrhs) } elsif (debug.proxycheck&4) { echo PT4: $* } } -errorpart { if (debug.proxycheck&8) {echo PT8: ep: $*} } %$pid ^exec -closein %$pid ^exec -name hostpt${proxy.checkerpid++} %$pid } fe ($req) foo { ^exec -in %$pid $foo :!. if (++proxy.checks.$sn > 99) { proxycheck . proxycheck } } } } # alias bl.ipfix (args) { fe args arg { fe ($proxy.bldns $proxy.blrhs) bl { if (match(*.$bl $arg)) { @ :ct = count(. .$bl) @ arg = unsplit(. $revw($split(. $arg))) @ arg = ["$before($ct . $arg)" "$after($ct . $arg)"] break } } } return $args } alias bl.ipfix (args) { @ :bldns = proxy.bldns @ :blrhs = proxy.blrhs fe bldns bl { @ :ct = count(. .$bl) @ :bl = pattern(*.$bl $args) fe bl arg { @ arg = unsplit(. $revw($split(. $arg))) @ arg = ["$before($ct . $arg)" "$after($ct . $arg)"] } } fe blrhs bl { @ :ct = count(. .$bl) @ :bl = pattern(*.$bl $args) fe bl arg { @ arg = ["$unsplit(. $revw($split(. $after(-$ct . $arg))))" "$before(-$ct . $arg)"] } } return $bldns $blrhs } # alias proxyhook (max,hook,ad,args) { hook $hook $ad $args fe ($getmaskitems(proxyback $ad *)) ip host { if (0 > --max) {return} proxyhook $max $hook $host $args } } alias proxywatch (args) { fe ($args) arg { on #-join - "$arg" { if ([$0] == servernick()) { ^who $1 -line { setuniqitem hpt$servernum() $4 } -end { proxycheck $getndelitems(hpt$servernum() $jot(-3 3)) } } else { ^proxycheck $userhost() } } } } # These are a different system and work in a different way. # alias.e bl.srv.bopm bl.type.dns opm.blitzed.org alias.e bl.srv.dsbl1 bl.type.dns list.dsbl.org alias.e bl.srv.dsbl2 bl.type.dns multihop.dsbl.org alias.e bl.srv.dsbl3 bl.type.dns unconfirmed.dsbl.org alias.e bl.srv.reynolds bl.type.dns bl.reynolds.net.au alias.e bl.srv.reynolds1 bl.type.dns t1.bl.reynolds.net.au alias.e bl.srv.reynolds2 bl.type.dns t2.bl.reynolds.net.au alias.e bl.srv.reynolds3 bl.type.dns t3.bl.reynolds.net.au alias.e bl.srv.sorbs bl.type.dns dnsbl.sorbs.net alias.e bl.srv.njabl bl.type.dns dnsbl.njabl.org alias.t bl.type.dns (host,args) { if (functioncall()) { fe args arg { @ arg = nametoip($after(-1 @ @$arg)) @ arg = arg ? nametoip($cut(3.0 . $arg).$host) : [?] @ arg = arg ? arg : 0 } } else { fe args arg { @ :foo = bl.type.dns($host $arg) echo $host$chr(9)$foo$chr(9)$arg @ :arg = foo } } return $args } alias hexuid (args) { @ :hex = jotc(09afAF) @ :unk = userhost(,) fe args arg { @ :arg = ischannel($arg) ? chanusers($arg) : arg } fe args arg { @ :arg = unk == userhost($arg) ? arg : userhost($arg) @ :arg = before(@ $arg@) } fe args arg { @ :arg = pass($hex $arg) unless (8 == strlen($arg)) { @ :arg = [] continue } @ :arg = 0 + [0x$arg] @ :arg = longtoip($arg) #@ :arg = convert($arg) } if (functioncall()) { return $args } else { echo $args } }