watch the httpd access log rather than the mysql database
This commit is contained in:
sceox
parent
3fc9117bff
commit
ef85d6281f
@ -6,10 +6,8 @@ stopforumspam API](https://www.stopforumspam.com/usage) and
|
||||
To deploy:
|
||||
|
||||
* modify the configuration variables in the scripts
|
||||
* copy the scripts to /usr/local/bin
|
||||
* add a line like `0 0 * * * /usr/local/bin/q2a_usercheck.sh` to root's
|
||||
crontab. Alternatively, you can add `q2a_usercheck.sh` to /etc/cron.daily/
|
||||
if it exists (for example, on debian).
|
||||
* copy the scripts to `/usr/local/bin`
|
||||
* register `q2a_usercheck.sh` as a systemd unit or rc script
|
||||
|
||||
TODO:
|
||||
* add support for pf
|
||||
|
||||
@ -1,19 +1,16 @@
|
||||
#!/bin/sh
|
||||
|
||||
mysql_user='q2a_user'
|
||||
mysql_pass='q2a_pass'
|
||||
mysql_db='q2a_db'
|
||||
logf='/var/log/nginx/access.log'
|
||||
cache='/tmp/forumspam_cache'
|
||||
|
||||
tmpf=`mktemp`
|
||||
yesterday=`date -d yesterday '+%Y-%m-%d %H:%M:%S'`
|
||||
install -m 600 /dev/null $cache
|
||||
|
||||
mysql -u $mysql_user "--password=$mysql_pass" $mysql_db -e \
|
||||
"SELECT INET_NTOA(CONV(HEX(createip),16,10))
|
||||
FROM qa_users WHERE created >= '$yesterday';
|
||||
" | sed '1d' | sort | uniq > $tmpf
|
||||
|
||||
while read ip ; do
|
||||
tail -F $logf | while read line ; do
|
||||
case $line in (*"POST"*)
|
||||
ip=`echo $line | awk '{print $1}'`
|
||||
if ! grep -q $ip $cache; then
|
||||
echo $ip >> $cache
|
||||
/usr/local/bin/forumspam.sh "$ip"
|
||||
done < $tmpf
|
||||
|
||||
rm $tmpf
|
||||
fi
|
||||
esac
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user