q2a-antispam

Archived

This repository has been archived on 2025-03-03. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

sceox d2a65b14a6 try to do proper markdown in README

The gogs markdown parser didn't like how I did code blocks, so trying
something else.

2020-09-06 15:42:49 -07:00

forumspam.sh

run with least privilege, support pf

2020-09-06 15:20:12 -07:00

q2a_usercheck.sh

only create cache if it does not exist

2020-09-06 11:21:40 -07:00

README.md

try to do proper markdown in README

2020-09-06 15:42:49 -07:00

README.md

A simple anti-spam system for question2answer, using the stopforumspam API and system firewall (pf or ufw).

To deploy:

Modify the configuration variables in the scripts as neede.

Copy the scripts to /usr/local/bin (requires root):

 install -m 755 -o root -g bin forumspam.sh /usr/local/bin/forumspam.sh
 install -m 755 -o root -g bin q2a_usercheck.sh /usr/local/bin/q2a_usercheck.sh

Create the user the scripts will run as:
```
 useradd -s /sbin/nologin _forumspam
```
If using pf:

Create appropriate permissions for the file:

    install -m 640 -o _forumspam -g wheel /dev/null /etc/pf-forumspam.txt

Add the following to /etc/pf.conf, preferably high up in the ruleset:

    table <forumspam> persist file "/etc/pf-forumspam.txt"
    block in quick on egress from <forumspam>
    block out quick on egress to <forumspam>

Give the forumspam user restrictive sudo or doas permissions:

If using doas, add the following to /etc/doas.conf:

    permit nopass _forumspam cmd pfctl args -nf /etc/pf.conf
    permit nopass _forumspam cmd pfctl args -t forumspam -T replace -f /etc/pf-forumspam.txt

If using sudo, add to your sudo config file:

      _forumspam ALL = NOPASSWD: /usr/sbin/ufw

Note: the path to ufw may be different depending on your linux distribution.

TODO:

also check against botscout
give the scripts more sensible names