StopForumSpam with iptables
Posted: 09 Aug 2014, 18:13
So I used to have a web site running Wordpress, that I used for posting rants (mostly computer related and political/social). Anyways, I got really tired of the relentless attacks on my Wordpress installation and eventually migrated all of my data to an internal-only web site that I can still refer to. Not having a public place to rant bothered me, so I setup some phpBB forums... this time with a focus on my desire to leave regular society and live as self sufficiently as I can. I had seen a number of references to SFS here in these forums and thought that it might be nice to implement an automated facility for blocking punks with the SFS database.
But the mods I could find for phpBB that use SFS were ridiculous to install. So I asked here in these forums and viking60 basically confirmed my concerns that phpBB mods are a pain in the ass. So I went looking for a better way to deal with it. What I came up with is a script that downloads the SFS database and imports the data in to an ipset table for use in my iptables firewall script. You can add this script as a daily cron'ed job to keep it updated.
The format may not be as pretty as some better-written scripts, but it functions (and I like having "echo" statements so if there are any problems I can see which step is failing). Anyways, it should be noted that you could run this more than daily, but there are limits on how frequently they will let you (see details on download page linked above). Finally I should also mention that in my case I am using the FORWARD chain of iptables because I am running this on my firewall box - if you were running this directly on your web server you would likely use the INPUT chain.
Have fun and punch a spammer,
S.
But the mods I could find for phpBB that use SFS were ridiculous to install. So I asked here in these forums and viking60 basically confirmed my concerns that phpBB mods are a pain in the ass. So I went looking for a better way to deal with it. What I came up with is a script that downloads the SFS database and imports the data in to an ipset table for use in my iptables firewall script. You can add this script as a daily cron'ed job to keep it updated.
Code: Select all
#!/bin/bash
echo "Setup environment..."
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
cd /root/scripts
ipset create stopforumspam hash:net -exist
ipset flush stopforumspam
rm -R sfstmp
mkdir sfstmp
echo "Create a temporary set..."
ipset create tempset hash:net -exist
ipset flush tempset
echo "Download the current list of bad addresses..."
wget -O sfstmp/listed_ip_7.zip http://www.stopforumspam.com/downloads/listed_ip_7.zip
unzip sfstmp/listed_ip_7.zip -d sfstmp/
echo "Format the list for import to tempset..."
sed 's:^:add tempset :' sfstmp/listed_ip_7.txt > sfstmp/listed_ip_7.import
echo "Import the list in to tempset, then swap in to the stopforumspam set..."
ipset restore < sfstmp/listed_ip_7.import
ipset swap tempset stopforumspam
iptables -I FORWARD -p tcp --dport 80:443 -m set --match-set stopforumspam src -j REJECT
exit 0
Have fun and punch a spammer,
S.
Thanks great stuff but it requires access and control over the server that not all phpbb users have.
I have changed the registration procedure from the traditional captcha to a simple question that must be answered.