But the mods I could find for phpBB that use SFS were ridiculous to install. So I asked here in these forums and viking60 basically confirmed my concerns that phpBB mods are a pain in the ass. So I went looking for a better way to deal with it. What I came up with is a script that downloads the SFS database and imports the data in to an ipset table for use in my iptables firewall script. You can add this script as a daily cron'ed job to keep it updated.
Code: Select all
#!/bin/bash
echo "Setup environment..."
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
cd /root/scripts
ipset create stopforumspam hash:net -exist
ipset flush stopforumspam
rm -R sfstmp
mkdir sfstmp
echo "Create a temporary set..."
ipset create tempset hash:net -exist
ipset flush tempset
echo "Download the current list of bad addresses..."
wget -O sfstmp/listed_ip_7.zip http://www.stopforumspam.com/downloads/listed_ip_7.zip
unzip sfstmp/listed_ip_7.zip -d sfstmp/
echo "Format the list for import to tempset..."
sed 's:^:add tempset :' sfstmp/listed_ip_7.txt > sfstmp/listed_ip_7.import
echo "Import the list in to tempset, then swap in to the stopforumspam set..."
ipset restore < sfstmp/listed_ip_7.import
ipset swap tempset stopforumspam
iptables -I FORWARD -p tcp --dport 80:443 -m set --match-set stopforumspam src -j REJECT
exit 0
Have fun and punch a spammer,
S.