Comments (13)
miwob
commented on June 29, 2024
2
TLS support has just been incorporated via a204d74 by @Adam-. It currently depends on OpenSSL/LibreSSL and is for now considered experimental.
from hopm.
genius3000
commented on June 29, 2024
1
Just to note it here (I'm sure many have thought of this already), an interim solution is to use a SSH tunnel from your HOPM server to the IRCd server and connect via non-ssl localhost there. It at least keeps the remote connection secure. I'd also recommend looking into autossh to simplify the setup.
from hopm.
genius3000
commented on June 29, 2024
1
I'll reference my current setup as an example: autossh started (via a startup script for multiple things) by crontab at boot and a separate sshkey for this purpose.
autossh -M <port> -f -L 6667:<remote IP>:6667 -N user@host
Then connect HOPM to localhost:6667 and it will SSH tunnel to the remote server, then to the non-ssl IRCd port. P.S. You can specify a local bind IP before the local port if needed.
from hopm.
Adam-
commented on June 29, 2024
1
TLS support has been added to master.
from hopm.
Adam-
commented on June 29, 2024
👍
from hopm.
weylin
commented on June 29, 2024
+1
from hopm.
Arkadietz
commented on June 29, 2024
+1
from hopm.
KeiroD
commented on June 29, 2024
+1.
This is becoming a bit of an issue for me, personally as I maintain an instance for DarkMyst.
from hopm.
KeiroD
commented on June 29, 2024
@genius3000 That's actually not a bad idea. I have mine just connecting locally atm to reduce the possibility of someone trying to sniff the data over the wire remotely, so that's partially mitigated.
But I'll be checking this particular setup out. Got any tips for getting hopm to connect via SSH tunnel?
from hopm.
duckspike
commented on June 29, 2024
Is there perhaps an update to be shared on this? We'd very much enjoy being able to have HOPM connect to an SSL port without any hacky workarounds.
from hopm.
Lord255
commented on June 29, 2024
unreal v4.2.0 release note:
Future versions (heads up):
We intend to change the default plaintext oper policy from warn to deny later this year. This will deny /OPER when issued from a non-SSL connection. For security, IRC Operators should really use SSL/TLS when connecting to an IRC server!
one more reason to implement (i know, the bot could connect via localhost, so it does count as secure, but still)
from hopm.
TehPeGaSuS
commented on June 29, 2024
This is an old thread, but I'd like to mention one little thing.
The most used IRCd, like InspIRCd and UnrealIRCd do have native support for DNSBL. IMHO, I see no point of using HOPM with those.
For the rest of the IRCd, they should keep the pace and implement native support for this feature as it's really very useful/helpful.
But, that's my 2 cents 🤷♂️
Cheers
from hopm.
Lord255
commented on June 29, 2024
This is an old thread, but I'd like to mention one little thing.
The most used IRCd, like InspIRCd and UnrealIRCd do have native support for DNSBL. IMHO, I see no point of using HOPM with those.
For the rest of the IRCd, they should keep the pace and implement native support for this feature as it's really very useful/helpful.
But, that's my 2 cents 🤷♂️Cheers
just one more thing: anope supports dnsbl as well. (most used services. :))
https://github.com/anope/anope/blob/8f7f4b1593c8fde6144cfd785d589d0c8ef325e8/data/modules.example.conf#L82-L179
from hopm.
Related Issues (20)
- Doesn't seem to be catching definitely known open proxies? HOT 2
- Add more default telnet logins
- compatibility with unrealircd v4.2.0 (?) HOT 1
- Permission denied on creating log file causes hopm to exit silently HOT 1
- Negotiation failed on verified and working proxy HOT 1
- DNSBL -> Lookup result for (18.81.33.39.rbl.efnetrbl.org) 0.0.0.0 (error: 3) HOT 2
- Please consider adding fallback to WolfSSL support for TLS
- HOPM scan ports HOT 1
- unrealircd + Hopm HOT 1
- setting up hopm HOT 1
- On a postive DNSBL lookup, fetch the reason from the DNSBL and use that in the gline/zline reason.
- Different levels of action based on different match strings (for e.g. non-open proxies)
- No longer builds on OpenBSD HOT 2
- HOPM doesn't respect 'tls_hostname_verification' setting HOT 3
- On successful scan hit, execute custom command HOT 1
- Support for using wildcards "*" to create masks in the "target_string" value when scanning ports HOT 2
- Add new protocol names "FTP" and "SMTP"
- connregex, IPv6 and UnrealIRCd
- TLS certificate CN scanning
- Ability to run custom scripts
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hopm.