AntiWikiSpamPlugin

Lightweight wiki spam prevention

Stop your wiki getting spammed

This plugin attempts to reduce the instance of Wiki Spam by using the MoinMoin AntiSpamGlobalSolution regex's. Anytime it detects that a saved page contains a string in the regex list, it only refuses to save it.

It can also check new registrations to see if the email address used matches a blacklist (or whitelist).

Major premise is not to create any unnecessary load on the server and not to use excess server resources by holding connections open.

All its processing is only done on save, or on attach. (Foswiki:Extensions/BlackListPlugin does alot of processing on every topic operation, including view)

It uses a timeout on save to check if the list has changed, so if there are no saves, there is no un-needed network traffic. Alternatively the regex list can be loaded by a cron script to minimize save overhead.

To manually update the list, click here

Note that the retrieve of the MoinMoin regex list can still take some seconds which will delay topic saves when the list needs to be refreshed. For best performance:
  • Refresh the list using the rest script from a scheduled cron job
cd [foswiki-bin-directory]
./rest /AntiWikiSpamPlugin/forceUpdate
  • Set the GETLISTTIMEOUT to a very large number so that the cron job will be the only source of updates

Removing User Accounts

Normally user accounts should not be removed, as they represent the history of topic changes. In addition if the WikiName is reused, the new user "assumes" the history of the prior user. However, when dealing with spam registrations, it's generally recommended to remove the accounts. This plugin provides a REST handler that can remove user accounts from the wiki, which you can access through the following form.
  • The User will be removed from the Mapping manager if supported
  • The User will be removed from any groups
  • The User topic and any attachments are moved to the Trash Web as SuspectSpammer<WikiName><timestamp>
This function is only available to Administrators

Configuration

The configuration of this plugin is done using the http://wiki.fini.net/bin/configure tool. There are 5 settings used to control the operation and aggressiveness of the spam filter:

Setting Definition Default
{Plugins}{AntiWikiSpamPlugin}{CheckTopics} Enable to check topic text against the spam regular expressions (enabled)
{Plugins}{AntiWikiSpamPlugin}{CheckAttachments} Enable to check attachment text against the spam regular expressions (enabled)
{Plugins}{AntiWikiSpamPlugin}{CheckRegistrations} Enable to check Registrations against the white and black lists. (enabled)
{Plugins}{AntiWikiSpamPlugin}{ANTISPAMREGEXLISTURL} URL containing the public list of regular expressions used to block spam. The default list is provided by MoinMoin. http://arch.thinkmo.de/cgi-bin/spam-merge
{Plugins}{AntiWikiSpamPlugin}{LOCALANTISPAMREGEXLISTTOPIC} A topic containing a list of local regular expressions. A sample topic is provided. AntiWikiSpamLocalList
{Plugins}{AntiWikiSpamPlugin}{GETLISTTIMEOUT} Maximum age of the public regular expression list in minutes. When age is exceeded, an updated list will be fetched 60
{Plugins}{AntiWikiSpamPlugin}{BypassGroup} A Wiki group listing members who are permitted to save without any Spam checking. Note that members of the AdminGroup are always permitted to save. AntiWikiSpamBypassGroup
{Plugins}{AntiWikiSpamPlugin}{HitThreshold} Number of regex hits required to block the save. Set to -1 to simulate operation. 1
{Plugins}{AntiWikiSpamPlugin}{RegistrationWhiteList} Name of topic containing regular expressions that permit registration by matching email domains. AntiWikiSpamRegistrationWhiteList
{Plugins}{AntiWikiSpamPlugin}{RegistrationBlackList} Name of topic containing regular expressions that deny registration by matching email domains. AntiWikiSpamRegistrationBlackList

Registration

Registration is controlled by limiting the email domains that can be used by people registering to the wiki. For example, you can set up a whitelist so that only people with a corporate email address can register, or set up a blacklist to filter known email hosts that spammers use.

The lists are held in topics, usually called AntiWikiSpamRegistrationWhiteList and AntiWikiSpamRegistrationWhiteList. Sample topics are provided. Each topic is a simple list of Perl regular expressions. At least one expression in the whitelist must match the email address to permit registration. If any expression in the blacklist matches, registration will be denied.

Installation Instructions

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See http://foswiki.org/Support/ManuallyInstallingExtensions for more help.

Testing

Edit AntiWikiSpamTestTopic using the Admin user. (This topic is protected against non-admin access.) Save will be permitted, but the matching regular expressions will be logged to the foswiki error log (typically working/logs/error.log)

To cause a true failure, remove the VIEW and CHANGE restrictions to the topic and edit it using a non-admin user.

Info

Author(s): Foswiki:Main.SvenDowideit - http://fosiki.com
Copyright: © 2005-2009 SvenDowideit@fosiki.com
© 2012 George Clark
© 2012 Crawford Currie http://c-dot.co.uk
License: GPL 3 (Gnu General Public License)
Version: 1.5
Release: 1.5
Change History:  
1.5 (31 Dec 2012) Foswikitask:Item12296: BypassGroup doesn't work, also unit tests don't work on trunk.
Foswikitask:Item12323: Fails to remove user topic on Foswiki 1.1.x
1.4 (10 Aug 2012) Foswikitask:Item11679: When removing a user, remove it from any groups.
Foswikitask:Item12038: Allow checking to be disabled
1.3.1 (19 Mar 2012) Remove dialog would remove current user if entered user was not konwn to the Mapper.
1.3 (14 Mar 2012) Foswikitask:Item11644: add white/black lists for common spam sources (Foswiki:Main.CrawfordCurrie)
Foswikitask:Item11646: add remove dialog
Foswikitask:Item11593: Uninitialized variable
1.2 (25 Apr 2011) Foswikitask:Item1091 - add whitelist,
Foswikitask:Item1580 - also process comments,
Foswikitask:Item10680 - Improve local regex capability
1.1 (4 Jan 2009) updated for Foswiki v1.0
1.0 (22 Aug 2005) Initial version
Dependencies:
NameVersionDescription
SocketcpanRequired to check the DNS of registration email addresses
Home page: http://foswiki.org/bin/view/Extensions/AntiWikiSpamPlugin

Topic revision: r2 - 27 Jul 2013, AdminUser
 

This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding FiniWiki? Send feedback