#!/bin/sh

# API reference: https://www.stopforumspam.com/usage

# user configuration area - change as needed
ostype="bsd" # allowed options are bsd, linux
logf=/var/log/forumspam.log
limit=0 # number of violations allowed before blocking the ip

case "$ostype" in
    bsd)
        getroot="doas"
        fw_cmd="pfctl"
        ;;
    linux)
        getroot="sudo"
        fw_cmd="ufw"
        ;;
esac

abort() {
    echo `date` 'error:' $* >> $logf
	rm $repl
    exit 1
}
block_ip() {
    case "$fw_cmd" in
        ufw)
            if "$getroot" ufw deny from $ip >/dev/null 2>>$logf; then
                echo `date` blocked ip $ip with freq $freq >> $logf
            else
                abort "failed to block ip $ip"
            fi
            ;;
        pfctl)
            "$getroot" pfctl -nf /etc/pf.conf || abort "pf config check failed"   # Ensure proposed changes are valid before reloading table
            "$getroot" pfctl -t forumspam -T replace -f /etc/pf-forumspam.txt
            ;;
    esac
}

# we ignore all arguments except the first
ip=$1
repl=`mktemp`
curl 'http://api.stopforumspam.org/api?ip='$ip 2>/dev/null > $repl

if ! grep -q '<response success="true">' $repl; then
	abort 'error failed to query stopforumspam api'
fi
freq=`grep '<frequency>' $repl | sed 's/<frequency>//; s!</frequency>!!'`
if grep -q '<appears>yes</appears>' $repl && [ "$freq" -gt "$limit" ]; then
    block_ip "$ip"
fi
rm $repl