Compliance for YOURLS
An anti-abuse plugin written for and tested with YOURLS 1.7.1
Compliance addresses potential link complaints from 3rd parties via a flag-list which can be updated via the admin interface or via an optional public report-page, allowing any visitor to complain about a potentially abusive URL. The URL is then marked in the admin section and all future visitors are given the option to avoid the link.
- The Complaince abuse page is able to accept GET information to automatically fill out the complaint form from any plugin or arbitrary source. The Snapshot plugin makes use of this feature.
- Snapshot Visual Preview plugin: If Snapshot is properly installed then Compliance will attempt to present a snapshot image of flagged websites upon interception.
- Phishtank-2.0 anti-phishing plugin: If a previously 'safe' link fails a recheck on redirection it can be intercepted and flagged in the Compliance database.
Compliance is highly customizable. You can set the following options in the admin section of YOURLS:
- Nuke any flagged URL on its next redirect (Default: preserve the links)
- Use a custom intercept page for flagged URL redirects (Default: use the Compliance Bootstrap page)
- Expose flags on Admin interface or not (Default: Expose the flags)
- Keep or drop the Compliance sql table on plugin deactivation (Default: Drop)
- Flush your flag-list table and start fresh.
The default interecept and abuse report pages are both written with Bootstrap.
- A working YOURLS installation
- YOURLS mysql user should have CREATE TABLE grants on YOURLS database. See NOTE.
- Place the compliance folder in YOURLS/user/plugins
- Activate Compliance for Yourls in the Admin interface - sql tables should be made automatically
- Set options in the Compliance options page. The default options are just fine. Clicking submit on various forms will enter the default values into the sql tables, but null values all fall back to default actions as well.
- Link abuse.php to the pages/ directory. From YOURLS base directory:
$ ln -s ./user/plugins/compliance/assets/abuse.php ./pages/abuse.php
NOTE: The sql table may need to be added manually using compliance.sql located in compliance/assets/.
- Flagged links need to be sanitized against known blacklists (ex: GSB, etc.) and deleted. This is not a part of the current release, as other plugins, such as Phishtank-2.0, can check blacklists before link submissionn and recheck them on redirects. It is highly reccomended that one of the existing blacklist plugins be used.
- Project Honeypot's http:BL implimented in order to prevent acces from known abusers. This very necessary feature
needs to behas already been turned into it's own entity, here.
Please see the TODO list.
Scripts used for inspiration and/or copypasta:
Copyright (C) 2016 - 2017 Josh Panter This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.