A simple anti-spam system for question2answer, using the stopforumspam API and system firewall (pf or ufw).

To deploy:

1. Modify the configuration variables in the scripts as needed.

2. Copy the scripts to /usr/local/bin (requires root):

    install -m 755 -o root -g bin forumspam.sh /usr/local/bin/forumspam.sh
    install -m 755 -o root -g bin q2a_usercheck.sh /usr/local/bin/q2a_usercheck.sh
    install -m 640 -o _forumspam /dev/null /var/log/forumspam.log
   

3. Create the user the scripts will run as:

    useradd -s $(which nologin) _forumspam
   

4. Set up the firewall program

If using ufw, install it:

    apt update
    apt install ufw

If using pf:

Create appropriate permissions for the file:

    install -m 640 -o _forumspam -g wheel /dev/null /etc/pf-forumspam.txt

Add the following to /etc/pf.conf, preferably high up in the ruleset:

    table <forumspam> persist file "/etc/pf-forumspam.txt"
    block in quick on egress from <forumspam>
    block out quick on egress to <forumspam>

5. Give the _forumspam user restrictive sudo or doas permissions:

If using doas, add the following to /etc/doas.conf:

    permit nopass _forumspam cmd pfctl args -nf /etc/pf.conf
    permit nopass _forumspam cmd pfctl args -t forumspam -T replace -f /etc/pf-forumspam.txt

If using sudo, add to your sudo config file:

      _forumspam ALL = NOPASSWD: /usr/sbin/ufw

Note: the path to ufw may be different depending on your linux distribution.

6. Register the systemd unit or rc script.

systemd:

sudo cp forumspam.service /etc/systemd/system/
sudo systemctl enable forumspam
sudo systemctl start forumspam

TODO:

• also check against botscout
• give the scripts more sensible names
• also create an rc script
• support iptables
• create a Makefile
• merge the two scripts into one