Deploying mosparo

Introduction

mosparo (modern spam protection) is a privacy-focused spam protection system that filters form submissions without requiring users to solve CAPTCHAs. Unlike traditional spam filters that rely on user interaction or third-party services, mosparo analyzes form data invisibly and blocks spam before it reaches your inbox.

Built with PHP and designed for self-hosting, mosparo gives you complete control over your spam protection infrastructure. No data is sent to external services, making it an ideal choice for privacy-conscious organizations and GDPR compliance.

Key highlights of mosparo:

Invisible Protection: No CAPTCHAs or puzzles for users to solve
Privacy-First Design: All processing happens on your server with no external data sharing
Multi-Project Support: Manage spam protection for multiple websites from a single instance
Rule-Based Filtering: Create custom rules to block specific patterns and behaviors
Real-Time Statistics: Monitor spam attempts and protection effectiveness
API Integration: Easy integration with any form through REST API
Plugin Ecosystem: Official plugins for WordPress, Drupal, TYPO3, and more
Honeypot Fields: Additional invisible fields to catch automated bots
IP Blocking: Automatic blocking of repeat offenders
Localization: Available in multiple languages
Open Source: Licensed under MIT with full transparency

This guide walks through deploying mosparo on Klutch.sh using Docker, configuring the spam protection rules, and integrating with your web forms.

Why Deploy mosparo on Klutch.sh

Deploying mosparo on Klutch.sh provides several advantages for spam protection:

Always-On Protection: Your spam filter remains active 24/7, protecting forms across all your websites without downtime.

Simplified Deployment: Klutch.sh automatically detects your Dockerfile and builds mosparo without complex server configuration.

Persistent Storage: Attach persistent volumes for your database and configuration. Your rules and statistics survive container restarts.

HTTPS by Default: Klutch.sh provides automatic SSL certificates, essential for secure API communication between your forms and mosparo.

GitHub Integration: Connect your configuration repository directly from GitHub. Updates trigger automatic redeployments.

Scalable Resources: Allocate CPU and memory based on your traffic and number of protected forms.

Custom Domains: Assign a custom domain to your mosparo instance for professional integration.

Environment Variable Management: Securely store database credentials and secrets without exposing them in your repository.

Prerequisites

Before deploying mosparo on Klutch.sh, ensure you have:

A Klutch.sh account
A GitHub account with a repository for your configuration
Basic familiarity with Docker and containerization concepts
A MySQL/MariaDB or PostgreSQL database (can be deployed on Klutch.sh)
Web forms that need spam protection
(Optional) A custom domain for your mosparo instance

Understanding mosparo Architecture

mosparo consists of several components working together:

PHP Backend: The core application handling form validation, rule processing, and API requests.

Database: MySQL/MariaDB or PostgreSQL storing projects, rules, and submission statistics.

Frontend Verification: JavaScript that integrates with your forms to submit data for validation.

Admin Dashboard: Web interface for managing projects, rules, and viewing statistics.

REST API: Endpoints for form submission verification and integration.

Preparing Your Repository

Create a GitHub repository with your mosparo configuration.

Repository Structure

mosparo-deploy/
├── Dockerfile
├── .env.example
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in your repository root:

FROM mosparo/mosparo:latest

# Set environment variables
ENV MOSPARO_ENABLE_WEBSERVER=1
ENV TRUSTED_PROXIES=REMOTE_ADDR

# Database configuration (set via Klutch.sh environment variables)
ENV DATABASE_HOST=${DATABASE_HOST}
ENV DATABASE_PORT=${DATABASE_PORT:-3306}
ENV DATABASE_NAME=${DATABASE_NAME}
ENV DATABASE_USER=${DATABASE_USER}
ENV DATABASE_PASSWORD=${DATABASE_PASSWORD}

# Create data directories
RUN mkdir -p /var/www/html/var

# Expose web interface port
EXPOSE 80

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost/ || exit 1

Creating the .dockerignore File

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env
.env.local

Environment Variables Reference

Variable	Required	Default	Description
`DATABASE_HOST`	Yes	-	Database server hostname
`DATABASE_PORT`	No	3306	Database server port
`DATABASE_NAME`	Yes	-	Name of the mosparo database
`DATABASE_USER`	Yes	-	Database username
`DATABASE_PASSWORD`	Yes	-	Database password
`TRUSTED_PROXIES`	No	REMOTE_ADDR	Trusted proxy configuration

Deploying mosparo on Klutch.sh

Set Up a Database

Before deploying mosparo, provision a MySQL/MariaDB or PostgreSQL database. You can use Klutch.sh’s database services or an external provider.

Push Your Repository to GitHub

Initialize and push your repository with the Dockerfile and configuration.

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project called “mosparo” or similar.

Create a New App

Within your project, create a new app and connect your GitHub repository containing the mosparo Dockerfile.

Configure HTTP Traffic

In the deployment settings:

Select HTTP as the traffic type
Set the internal port to 80

Set Environment Variables

Configure the following environment variables:

Variable	Value
`DATABASE_HOST`	Your database hostname
`DATABASE_PORT`	`3306` (or your database port)
`DATABASE_NAME`	`mosparo`
`DATABASE_USER`	Your database username
`DATABASE_PASSWORD`	Your database password
`TRUSTED_PROXIES`	`REMOTE_ADDR`

Attach Persistent Volumes

Add the following volumes:

Mount Path	Recommended Size	Purpose
`/var/www/html/var`	5 GB	Application cache and generated files
`/var/www/html/public/resources`	1 GB	Uploaded resources

Deploy Your Application

Click Deploy to start the build process. Klutch.sh will build and start your mosparo instance.

Access mosparo

Once deployment completes, access your mosparo instance at https://your-app-name.klutch.sh to run the setup wizard.

Initial Configuration

Running the Setup Wizard

When you first access mosparo, the setup wizard will guide you through:

Database Connection: Verify the database connection (should be pre-configured via environment variables)
Administrator Account: Create your admin user with a strong password
Initial Project: Set up your first spam protection project

Creating Your First Project

After setup, create a project for each website you want to protect:

Log in to the mosparo dashboard
Click Create Project
Enter a name and the allowed domains for your website
Configure the protection settings
Note the Public Key and Secret Key for integration

Configuring Protection Rules

mosparo uses multiple layers of protection:

Minimum Time: Require a minimum time between form load and submission to catch fast bots.

Honeypot Fields: Invisible fields that bots fill out but humans don’t see.

Word Blocklist: Block submissions containing specific spam keywords.

URL Limits: Limit the number of URLs allowed in submissions.

IP Rules: Block or allow specific IP addresses or ranges.

Integrating mosparo with Your Forms

JavaScript Integration

Add the mosparo script to your form page:

<script src="https://your-mosparo-instance.klutch.sh/build/mosparo-frontend.js"></script>
<script>
    var mosparo = new mosparo('form-id', 'https://your-mosparo-instance.klutch.sh', 'your-public-key');
</script>

PHP Backend Verification

Verify submissions on your server:

$client = new \Mosparo\ApiClient\Client(
    'https://your-mosparo-instance.klutch.sh',
    'your-public-key',
    'your-secret-key'
);

$result = $client->verifySubmission($_POST);

if ($result->isValid()) {
    // Process the form submission
}

CMS Plugins

mosparo provides official plugins for popular CMS platforms:

WordPress
Drupal
TYPO3
Joomla
Contao
Concrete CMS

Monitoring and Statistics

Viewing Submission Statistics

The mosparo dashboard provides real-time statistics:

Total submissions received
Spam attempts blocked
Valid submissions passed
Rule effectiveness metrics

Analyzing Spam Patterns

Review blocked submissions to identify patterns and refine your rules. Look for:

Common spam keywords
Suspicious IP ranges
Unusual submission times
Repeated attack patterns

Troubleshooting

Forms Not Validating

Verify the domain is added to your project’s allowed domains
Check that both public and secret keys are correct
Ensure JavaScript is loading without errors
Verify the API endpoint is accessible

High False Positive Rate

Review and adjust minimum submission time
Check word blocklist for overly broad terms
Consider adjusting honeypot sensitivity
Review IP blocking rules

Database Connection Errors

Verify database credentials in environment variables
Ensure the database server is accessible
Check that the database exists and user has permissions

Performance Issues

Consider upgrading Klutch.sh resources for high-traffic sites
Enable caching for static resources
Review and optimize complex rules

Additional Resources

Conclusion

Deploying mosparo on Klutch.sh gives you a powerful, privacy-focused spam protection system that protects your web forms without annoying CAPTCHAs. With automatic HTTPS, persistent storage, and easy integration, you can protect multiple websites from a single mosparo instance.

The combination of invisible protection, customizable rules, and real-time statistics makes mosparo an excellent choice for organizations that value both user experience and privacy. By self-hosting on Klutch.sh, you maintain complete control over your spam protection infrastructure while ensuring reliable, always-on protection for your forms.