From ef85d6281fc9a265b0c31ae8c16e433e92df93eb Mon Sep 17 00:00:00 2001
From: sceox <sceox@riseup.net>
Date: Tue, 1 Sep 2020 11:58:59 -0700
Subject: [PATCH] watch the httpd access log rather than the mysql database

---
 README.md        |  6 ++----
 q2a_usercheck.sh | 27 ++++++++++++---------------
 2 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 5e0d285..7944673 100644
--- a/README.md
+++ b/README.md
@@ -6,10 +6,8 @@ stopforumspam API](https://www.stopforumspam.com/usage) and
 To deploy:
 
 * modify the configuration variables in the scripts
-* copy the scripts to /usr/local/bin
-* add a line like `0 0 * * * /usr/local/bin/q2a_usercheck.sh` to root's
-  crontab. Alternatively, you can add `q2a_usercheck.sh` to /etc/cron.daily/
-  if it exists (for example, on debian).
+* copy the scripts to `/usr/local/bin`
+* register `q2a_usercheck.sh` as a systemd unit or rc script
 
 TODO:
 * add support for pf
diff --git a/q2a_usercheck.sh b/q2a_usercheck.sh
index 84dc04f..dedc8b4 100755
--- a/q2a_usercheck.sh
+++ b/q2a_usercheck.sh
@@ -1,19 +1,16 @@
 #!/bin/sh
 
-mysql_user='q2a_user'
-mysql_pass='q2a_pass'
-mysql_db='q2a_db'
+logf='/var/log/nginx/access.log'
+cache='/tmp/forumspam_cache'
 
-tmpf=`mktemp`
-yesterday=`date -d yesterday '+%Y-%m-%d %H:%M:%S'`
+install -m 600 /dev/null $cache
 
-mysql -u $mysql_user "--password=$mysql_pass" $mysql_db -e \
-	"SELECT INET_NTOA(CONV(HEX(createip),16,10))
-	FROM qa_users WHERE created >= '$yesterday';
-	" | sed '1d' | sort | uniq > $tmpf
-
-while read ip ; do
-	/usr/local/bin/forumspam.sh "$ip"
-done < $tmpf
-
-rm $tmpf
+tail -F $logf | while read line ; do
+	case $line in (*"POST"*)
+		ip=`echo $line | awk '{print $1}'`
+		if ! grep -q $ip $cache; then
+			echo $ip >> $cache
+			/usr/local/bin/forumspam.sh "$ip"
+		fi
+	esac
+done