/* * [OPTIONAL] Non-Core Modules * * The following blocks are used to load all non-core modules, including 3rd-party modules. * Modules can be prevented from loading by commenting out the line, other modules can be added by * adding a module block. These modules will be loaded prior to Services connecting to your network. */ /* * help * * Provides commands generic/help * * Is a generic help command that can be used with any client. */ module { name = "help" } /* * m_dnsbl * * Allows configurable DNS blacklists to check connecting users against. If a user * is found on the blacklist they will be immediately banned. This is a crucial module * to prevent bot attacks. */ module { name = "m_dnsbl" } m_dnsbl { /* * If set, Services will check clients against the DNSBLs when services connect to its uplink. * This is not recommended, and on large networks will open a very large amount of DNS queries. * Whilst services are not drastically affected by this, your nameserver/DNSBL might care. */ check_on_connect = no /* * If set, Services will check clients when coming back from a netsplit. This can cause a large number * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL * might care. */ check_on_netburst = no /* * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots. */ add_to_akill = yes } blacklist { /* Name of the blacklist */ name = "rbl.efnetrbl.org" /* How long to set the ban for */ time = 4h /* Reason for akill. * %n is the nick of the user * %u is the ident/username of the user * %g is the realname of the user * %h is the hostname of the user * %i is the IP of the user * %r is the reason (configured below). Will be nothing if not configured. * %N is the network name set in networkinfo:networkname */ reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info" /* Replies to ban and their reason. If this is totally ommited all replies get banned */ 1 = "Open Proxy" /* Don't ban for result 2 or 3 */ #2 = "spamtrap666" #3 = "spamtrap50" 4 = "TOR" 5 = "Drones / Flooding" } blacklist { name = "dnsbl.dronebl.org" time = 4h reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N" } /* * m_helpchan * * Gives users who are op in the specified help channel usermode +h (helpop). */ #module { name = "m_helpchan" } m_helpchan { helpchannel = "#help" } /* * m_httpd * * Allows services to serve web pages. By itself, this module does nothing useful. * * Note that using this will allow users to get the IP of your services. * To prevent this we recommend using a reverse proxy or a tunnel. */ #module { name = "m_httpd" } httpd { /* Name of this service */ name = "httpd/main" /* IP to listen on */ ip = "0.0.0.0" /* Port to listen on */ port = 8080 /* Time before connections to this server are timed out */ timeout = 30 /* If you are using a reverse proxy that sends one of the * extforward_headers set below, set this to its IP. * This allows services to obtain the real IP of users by * reading the forwarded-for HTTP header. */ #extforward_ip = "192.168.0.255" /* The header to look for. These probably work as is. */ extforward_header = "X-Forwarded-For Forwarded-For" } /* * m_ldap * * This module allows other modules to use LDAP. By itself, this module does nothing useful. */ #module { name = "m_ldap" } ldap { server = "ldap://127.0.0.1" port = 389 /* * Admin credentials used for performing searches and adding users. */ admin_binddn = "cn=Manager,dc=anope,dc=org" admin_password = "secret" } /* * m_ldap_authentication * * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use * LDAP to authenticate users. Requires m_ldap. */ #module { name = "m_ldap_authentication" } m_ldap_authentication { /* * The distinguished name used for searching for users's accounts. */ basedn = "ou=users,dc=anope,dc=org" /* * The search filter used to look up users's accounts. * %account is replaced with the user's account * %object_class is replaced with the object_class configured below. */ search_filter = "(&(uid=%account)(objectClass=%object_class))" /* * The object class used by LDAP to store user account information. * Used for adding new users to LDAP if disable_ns_register is false */ object_class = "anopeUser" /* * The attribute value used for account names. */ username_attribute = "uid" /* * The attribute value used for email addresses. * This directive is optional. */ email_attribute = "email" /* * The attribute value used for passwords. * Used when registering new accounts in LDAP. */ password_attribute = "userPassword" /* * Enable to have this module disable /nickserv register. */ disable_ns_register = false /* * The reason to give the users who try to /ns register if * disable_ns_register is enabled. */ #disable_reason = "To register on this network visit http://some.misconfigured.site/register" } /* * m_ldap_oper * * This module dynamically ties users to Anope opertypes when they identify * via LDAP group membership. Requires m_ldap. * * Note that this doesn't give the user privileges on the IRCd, only in Services. */ #module { name = "m_ldap_oper" } m_ldap_oper { /* * An optional binddn to use when searching for groups. * %a is replaced with the account name of the user. */ #binddn = "cn=Manager,dc=anope,dc=org" /* * An optional password to bind with. */ #password = "secret" /* * The base DN where the groups are. */ basedn = "ou=groups,dc=anope,dc=org" /* * The filter to use when searching for users. * %a is replaced with the account name of the user. */ filter = "(member=uid=%a,ou=users,dc=anope,dc=org)" /* * The attribute of the group that is the name of the opertype. * The cn attribute should match a known opertype in the config. */ opertype_attribute = "cn" } /* * m_mysql * * This module allows other modules to use MySQL. */ #module { name = "m_mysql" } mysql { /* The name of this service */ name = "mysql/main" database = "anope" server = "127.0.0.1" username = "anope" password = "mypassword" port = 3306 } /* * m_proxyscan * * This module allows you to scan connecting clients for open proxies. * Note that using this will allow users to get the IP of your services. * * Currently the two supported proxy types are HTTP and SOCKS5. * * The proxy scanner works by attempting to connect to clients when they * connect to the network, and if they have a proxy running instruct it to connect * back to services. If services are able to connect through the proxy to itself * then it knows it is an insecure proxy, and will ban it. */ #module { name = "m_proxyscan" } m_proxyscan { /* * The target IP services tells the proxy to connect back to. This must be a publicly * avaiable IP that remote proxies can connect to. */ #target_ip = "127.0.0.1" /* * The port services tells the proxy to connect to. */ target_port = 7226 /* * The listen IP services listen on for incoming connections from suspected proxies. * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT). */ #listen_ip = "127.0.0.1" /* * The port services should listen on for incoming connections from suspected proxies. * This most likely will be the same as target_port. */ listen_port = 7226 /* * An optional notice sent to clients upon connect. */ #connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately" /* * Who the notice should be sent from. */ #connect_source = "OperServ" /* * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots. */ add_to_akill = yes /* * How long before connections should be timed out. */ timeout = 5 } /* * A proxyscan block (must have m_proxyscan loaded). * You may have multiple proxyscan blocks. */ proxyscan { /* The type of proxy to check for. A comma separated list is allowed */ type = "HTTP" /* The ports to check */ port = "80,8080" /* How long to set the ban for */ time = 4h /* * The reason to ban the user for. * %h is replaced with the type of proxy found. * %i is replaced with the IP of proxy found. * %p is replaced with the port. */ reason = "You have an open proxy running on your host (%t:%i:%p)" } /* * m_sqlite * * This module allows other modules to use SQLite. */ #module { name = "m_sqlite" } sqlite { /* The name of this service */ name = "sqlite/main" /* The database name, it will be created if it does not exist. */ database = "anope.db" } /* * m_regex_pcre * * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library. */ module { name = "m_regex_pcre" } /* * m_regex_posix * * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions. * This is likely the only regex module you will not need extra libraries for. */ #module { name = "m_regex_posix" } /* * m_regex_tre * * Provides the regex engine regex/tre, which uses the TRE regex library. */ #module { name = "m_regex_tre" } /* * m_rewrite * * Allows rewriting commands sent to clients. */ #module { name = "m_rewrite" } rewrite { /* The client to apply this rewrite to. */ client = "ChanServ" /* Source message to match. A $ can be used to match anything. */ source_message = "CLEAR $ USERS" /* * Message to rewrite the source message to. A $ followed by a number, eg $0, gets * replaced by the number-th word from the source_message, starting from 0. */ target_message = "CLEARUSERS $1" } /* * m_ssl * * This module uses SSL to connect to the uplink server(s) */ module { name = "m_ssl" } ssl { /* * An optional certificate and key for m_ssl to give to the uplink. * * You can generate your own certificate and key pair by using: * * openssl genrsa -out anope.key 2048 * openssl req -new -x509 -key anope.key -out anope.crt -days 1095 */ cert = "data/anope.crt" key = "data/anope.key" } /* * m_statusupdate * * This module automatically updates users status on channels when the * channel's access list is modified. */ module { name = "m_statusupdate" } /* * m_xmlrpc * * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope. * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries. */ #module { name = "m_xmlrpc" } m_xmlrpc { /* IP to listen on */ bindip = "127.0.0.1" /* Port to listen on */ port = 26673 /* Enable for IPv6 */ ipv6 = no /* If enabled, requires m_ssl to be loaded */ ssl = no /* IPs allowed to connect (separate with spaces), this should be secured. We also recommend you firewall this * with an outside program to increase security. */ allowed = "127.0.0.0/24" } /* * m_xmlrpc_main * * Adds the main XMLRPC core functions. * Requires m_xmlrpc. */ #module { name = "m_xmlrpc_main" } /* * ns_maxemail * * Limits how many times the same email address may be used in Anope * to register accounts. */ module { name = "ns_maxemail" } ns_maxemail { /* * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left * commented, there will be no limit enforced when registering new accounts or using * /msg NickServ SET EMAIL. */ #maxemails = 1 } /* * webcpanel * * This module creates a web configuration panel that allows users and operators to perform any task * as they could over IRC. If you are using the default configuration you should be able to access * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on. * * This module requires m_httpd. */ #module { name = "webcpanel" } webcpanel { /* Web server to use */ server = "httpd/main"; /* Template to use */ template = "default"; /* Page title */ title = "Anope IRC Services"; }