StopForumSpam with iptables

Tips and Tricks for Networking

Moderator: jkerr82508

User avatar
Snorkasaurus
Berserk
Posts: 587
Joined: 30 Dec 2013, 19:19
Contact:

StopForumSpam with iptables

Postby Snorkasaurus » 09 Aug 2014, 18:13

So I used to have a web site running Wordpress, that I used for posting rants (mostly computer related and political/social). Anyways, I got really tired of the relentless attacks on my Wordpress installation and eventually migrated all of my data to an internal-only web site that I can still refer to. Not having a public place to rant bothered me, so I setup some phpBB forums... this time with a focus on my desire to leave regular society and live as self sufficiently as I can. I had seen a number of references to SFS here in these forums and thought that it might be nice to implement an automated facility for blocking punks with the SFS database.

But the mods I could find for phpBB that use SFS were ridiculous to install. So I asked here in these forums and viking60 basically confirmed my concerns that phpBB mods are a pain in the ass. So I went looking for a better way to deal with it. What I came up with is a script that downloads the SFS database and imports the data in to an ipset table for use in my iptables firewall script. You can add this script as a daily cron'ed job to keep it updated.

Code: Select all

#!/bin/bash
echo "Setup environment..."
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
cd /root/scripts
ipset create stopforumspam hash:net -exist
ipset flush stopforumspam
rm -R sfstmp
mkdir sfstmp
echo "Create a temporary set..."
ipset create tempset hash:net -exist
ipset flush tempset
echo "Download the current list of bad addresses..."
wget -O sfstmp/listed_ip_7.zip http://www.stopforumspam.com/downloads/listed_ip_7.zip
unzip sfstmp/listed_ip_7.zip -d sfstmp/
echo "Format the list for import to tempset..."
sed 's:^:add tempset :' sfstmp/listed_ip_7.txt > sfstmp/listed_ip_7.import
echo "Import the list in to tempset, then swap in to the stopforumspam set..."
ipset restore < sfstmp/listed_ip_7.import
ipset swap tempset stopforumspam
iptables -I FORWARD -p tcp --dport 80:443 -m set --match-set stopforumspam src -j REJECT
exit 0
The format may not be as pretty as some better-written scripts, but it functions (and I like having "echo" statements so if there are any problems I can see which step is failing). Anyways, it should be noted that you could run this more than daily, but there are limits on how frequently they will let you (see details on download page linked above). Finally I should also mention that in my case I am using the FORWARD chain of iptables because I am running this on my firewall box - if you were running this directly on your web server you would likely use the INPUT chain.

Have fun and punch a spammer,
S.

User avatar
viking60
Über-Berserk
Posts: 9279
Joined: 14 Mar 2010, 16:34

Re: StopForumSpam with iptables

Postby viking60 » 09 Aug 2014, 21:04

:s Thanks great stuff but it requires access and control over the server that not all phpbb users have.
You have inspired me though +1 I have changed the registration procedure from the traditional captcha to a simple question that must be answered.

I have heard that this might end robot registrations. I do suspect that countries like India have enough people to do it manually though...
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
Snorkasaurus
Berserk
Posts: 587
Joined: 30 Dec 2013, 19:19
Contact:

Re: StopForumSpam with iptables

Postby Snorkasaurus » 10 Aug 2014, 13:56

viking60 wrote::s Thanks great stuff but it requires access and control over the server that not all phpbb users have.
Yes, that would certainly be for a self-hosted situation.

viking60 wrote:You have inspired me though +1 I have changed the registration procedure from the traditional captcha to a simple question that must be answered.
I found that spammers were still able to register accounts if the answers to some of your questions were plain numbers, so you might want to ensure that your "answers" are a word of some kind. The down side is that it means all registrants must speak the same language.

S.

User avatar
viking60
Über-Berserk
Posts: 9279
Joined: 14 Mar 2010, 16:34

Re: StopForumSpam with iptables

Postby viking60 » 10 Aug 2014, 15:48

Now you have to enter the middle number of a range and instead of the "unreadable" captcha; there is a question that has to be answered in English.
That is kind of a language that you should be somewhat familiar with here.

The last one requires a text answer.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
Snorkasaurus
Berserk
Posts: 587
Joined: 30 Dec 2013, 19:19
Contact:

Re: StopForumSpam with iptables

Postby Snorkasaurus » 10 Aug 2014, 16:03

Booyeah! :berserk2

Hopefully that will help to hold back the ocean of junk! :-)
S.


Return to “Networking”