AnarchyPlanet/q2a-antispam
Archived
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2025-03-03. You can view files and clone it, but cannot push or open issues or pull requests.
master
q2a-antispam/README.md

69 lines
2.0 KiB
Markdown
Raw Permalink Blame History

A simple anti-spam system for
[question2answer](https://www.question2answer.org/qa/), using [the
stopforumspam API](https://www.stopforumspam.com/usage) and system firewall
([pf](https://www.openbsd.org/faq/pf/filter.html) or
[ufw](https://launchpad.net/ufw)).
To deploy:
1. Modify the configuration variables in the scripts as needed.
2. Copy the scripts to `/usr/local/bin` (requires root):
install -m 755 -o root -g bin forumspam.sh /usr/local/bin/forumspam.sh
install -m 755 -o root -g bin q2a_usercheck.sh /usr/local/bin/q2a_usercheck.sh
install -m 640 -o _forumspam /dev/null /var/log/forumspam.log
3. Create the user the scripts will run as:
useradd -s $(which nologin) _forumspam
4. Set up the firewall program
If using `ufw`, install it:
apt update
apt install ufw
If using `pf`:
Create appropriate permissions for the file:
install -m 640 -o _forumspam -g wheel /dev/null /etc/pf-forumspam.txt
Add the following to `/etc/pf.conf`, preferably high up in the ruleset:
table <forumspam> persist file "/etc/pf-forumspam.txt"
block in quick on egress from <forumspam>
block out quick on egress to <forumspam>
5. Give the `_forumspam` user restrictive sudo or doas permissions:
If using doas, add the following to `/etc/doas.conf`:
permit nopass _forumspam cmd pfctl args -nf /etc/pf.conf
permit nopass _forumspam cmd pfctl args -t forumspam -T replace -f /etc/pf-forumspam.txt
If using sudo, add to your sudo config file:
_forumspam ALL = NOPASSWD: /usr/sbin/ufw
Note: the path to `ufw` may be different depending on your linux distribution.
6. Register the systemd unit or rc script.
systemd:
sudo cp forumspam.service /etc/systemd/system/
sudo systemctl enable forumspam
sudo systemctl start forumspam
TODO:
* also check against [botscout](http://botscout.com/api.htm)
* give the scripts more sensible names
* also create an rc script
* support `iptables`
* create a Makefile
* merge the two scripts into one
Reference in New Issue View Git Blame Copy Permalink