An anti-abuse plugin for YOURLS that implements a flagging and warning system for hazardous links.
PHP Hack HTML
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
compliance
LICENSE.md
README.md

README.md

Compliance for YOURLS

An anti-abuse plugin written for and tested with YOURLS 1.7.1

By Josh Panter Unfettered. See it in action at 0=2

Use

Compliance addresses potential link complaints from 3rd parties via a flag-list which can be updated via the admin interface or via an optional public report-page, allowing any visitor to complain about a potentially abusive URL. The URL is then marked in the admin section and all future visitors are given the option to avoid the link.

Integration

  • The Complaince abuse page is able to accept GET information to automatically fill out the complaint form from any plugin or arbitrary source. The Snapshot plugin makes use of this feature.
  • Snapshot Visual Preview plugin: If Snapshot is properly installed then Compliance will attempt to present a snapshot image of flagged websites upon interception.
  • Phishtank-2.0 anti-phishing plugin: If a previously 'safe' link fails a recheck on redirection it can be intercepted and flagged in the Compliance database.

Compliance is highly customizable. You can set the following options in the admin section of YOURLS:

  1. Nuke any flagged URL on its next redirect (Default: preserve the links)
  2. Use a custom intercept page for flagged URL redirects (Default: use the Compliance Bootstrap page)
  3. Expose flags on Admin interface or not (Default: Expose the flags)
  4. Keep or drop the Compliance sql table on plugin deactivation (Default: Drop)
  5. Flush your flag-list table and start fresh.

The default interecept and abuse report pages are both written with Bootstrap.

REQUIREMENTS

  1. A working YOURLS installation
  2. YOURLS mysql user should have CREATE TABLE grants on YOURLS database. See NOTE.

INSTALLATION

  1. Place the compliance folder in YOURLS/user/plugins
  2. Activate Compliance for Yourls in the Admin interface - sql tables should be made automatically
  3. Set options in the Compliance options page. The default options are just fine. Clicking submit on various forms will enter the default values into the sql tables, but null values all fall back to default actions as well.
  4. Link abuse.php to the pages/ directory. From YOURLS base directory:
    $ ln -s ./user/plugins/compliance/assets/abuse.php ./pages/abuse.php

NOTE: The sql table may need to be added manually using compliance.sql located in compliance/assets/.

WON'T DO:

  1. Flagged links need to be sanitized against known blacklists (ex: GSB, etc.) and deleted. This is not a part of the current release, as other plugins, such as Phishtank-2.0, can check blacklists before link submissionn and recheck them on redirects. It is highly reccomended that one of the existing blacklist plugins be used.
  2. Project Honeypot's http:BL implimented in order to prevent acces from known abusers. This very necessary feature needs to be has already been turned into it's own entity, here.

TODO:

Please see the TODO list.

CREDITS

Scripts used for inspiration and/or copypasta:

  1. YOURLS Abuse Desk
  2. YOURLS Interstitial plugin
  3. YOURLS Preview URL

===========================

Copyright (C) 2016 - 2017 Josh Panter

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.