Write protect this Plugin topic (if not already done)
Make sure pub/TWiki/BlackListPlugin/ is writable by the CGI user (typically nobody)
Add the hidden form field to the registration form as described in the "Registration protection settings" section (this is already in TWiki 4.0)
From TWiki 4.0 release on: Run the configure utility in your browser to enable the Plugin
Added:
> >
Make sure that non-administrators cannot edit this plugin topic. By default, this topic is write protected with an ALLOWTOPICCHANGE = TWikiAdminGroup setting.
Test if the installation was successful:
Using above form, add the IP address of one of your workstations to the BANLIST
Access TWiki from that workstation
Line: 138 to 138
Known Issues and Limitations
Wiki-spam filtering for HTML attachments works in TWiki 01-Sep-2004 and later.
Changed:
< <
With TWiki 4.0.2 on some platforms, notably Solaris, attached files are uploaded with a zero file size. This is because there is a bug in how TWiki 4.0.2 handles the beforeAttachmentSaveHandler. If affected, upgrade TWiki or apply bug fix Item2390
Scan for script eval in attachments is currently hardcoded
> >
With TWiki 4.0.2 on some platforms, notably Solaris, attached files are uploaded with a zero file size. This is because there is a bug in how TWiki 4.0.2 handles the beforeAttachmentSaveHandler. If affected, upgrade TWiki or apply bug fix Item2390
Scan for script eval() and escape() is currently hardcoded
Wiki-spam filtering for HTML attachments works in TWiki 01-Sep-2004 and later.
With TWiki 4.0.2 on some platforms, notably Solaris, attached files are uploaded with a zero file size. This is because there is a bug in how TWiki 4.0.2 handles the beforeAttachmentSaveHandler. If affected, upgrade TWiki or apply bug fix Item2390
Added:
> >
Scan for script eval in attachments is currently hardcoded
WHITELIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Line: 67 to 68
Set BLACKLISTMESSAGE = Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId0 if you got on the list by mistake.
Wiki-spam filtering settings
Changed:
< <
Filter wiki-spam on topic save based on SPAMLIST: (0 or 1)
> >
Filter wiki-spam on topic save and HTML file uploads based on SPAMLIST: (0 or 1)
Set FILTERWIKISPAM = 1
Changed:
< <
Comma separated list of Web.Topics to exclude from wiki-spam filtering:
> >
Comma separated list of Web.Topics to exclude from wiki-spam filtering on topic save:
Set SPAMEXCLUDETOPICS =
Line: 116 to 117
lib/TWiki/Plugins/BlackListPlugin.pm
Plugin Perl module
pub/TWiki/BlackListPlugin/.htaccess
Apache access control to protect pub dir
templates/oopsblacklist.tmpl
Generic oops message
Changed:
< <
Write protect this Plugin topics by removing the # hash sign from the ALLOWTOPICCHANGE setting
> >
Write protect this Plugin topic (if not already done)
Make sure pub/TWiki/BlackListPlugin/ is writable by the CGI user (typically nobody)
Changed:
< <
Add the hidden form field to the registration form as described in the "Registration protection settings" section
> >
Add the hidden form field to the registration form as described in the "Registration protection settings" section (this is already in TWiki 4.0)
From TWiki 4.0 release on: Run the configure utility in your browser to enable the Plugin
Test if the installation was successful:
Using above form, add the IP address of one of your workstations to the BANLIST
Line: 127 to 128
else, you should get an 500 Internal Server Error for other scripts
On a different workstation, remove the IP address of the test workstation from the BANLIST
Added:
> >
Known Issues and Limitations
Wiki-spam filtering for HTML attachments works in TWiki 01-Sep-2004 and later.
With TWiki 4.0.2 on some platforms, notably Solaris, attached files are uploaded with a zero file size. This is because there is a bug in how TWiki 4.0.2 handles the beforeAttachmentSaveHandler. If affected, upgrade TWiki or apply bug fix Item2390
Set WIKISPAMMESSAGE = Wiki-spam detected: "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to suspicious activities. Please contact site administrator _wremoId1 if you got on the list by mistake.
Registration protection settings
Changed:
< <
Protect registration: (0 to disable, or number of minutes to expire)
> >
Protect registration: (number of minutes to expire, 15 minutes is recommended, 0 to disable)
Set REGEXPIRE = 0
If enabled, a magic number is protecting the registration process. TWiki expects a form field with a magic number. An error message is shown if not valid or if expired. This makes it harder to register a user by a script. A hidden field needs to be added to the registration form: <input type="hidden" name="rx" value="%BLACKLISTPLUGIN{ action="magic" }%" />
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots), suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam, or saving text with wiki-spam.
Line: 14 to 18
Users on the BLACKLIST and BANLIST will have every page access delayed by one minute and will get an error message.
Added:
> >
The registration form can also be protected from improper use.
To fight Wiki-spam, the Plugin can also add a rel="nofollow" parameter to external URLs. Search engines will not follow links that have this parameter, taking away the incentive to add spam to TWiki.
Plugin Settings
Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%
WHITELIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set WHITELIST = 127.0.0.1
Line: 60 to 66
Message for users on BLACKLIST and BANLIST:
Set BLACKLISTMESSAGE = Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId2 if you got on the list by mistake.
Changed:
< <
Wiki-spam filtering settings:
> >
Wiki-spam filtering settings
Filter wiki-spam on topic save based on SPAMLIST: (0 or 1)
Set FILTERWIKISPAM = 1
Line: 86 to 92
Message for users trying to save text with wiki-spam:
Set WIKISPAMMESSAGE = Wiki-spam detected: "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to suspicious activities. Please contact site administrator _wremoId3 if you got on the list by mistake.
Changed:
< <
Nofollow link setting:
> >
Registration protection settings
Protect registration: (0 to disable, or number of minutes to expire)
Set REGEXPIRE = 0
If enabled, a magic number is protecting the registration process. TWiki expects a form field with a magic number. An error message is shown if not valid or if expired. This makes it harder to register a user by a script. A hidden field needs to be added to the registration form: <input type="hidden" name="rx" value="%BLACKLISTPLUGIN{ action="magic" }%" />
Message shown when using registration form incorrectly: (this message is deliberately vague)
Set REGMESSAGE = Registration failed, please try again.
Nofollow link setting
Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots), suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam, or saving text with wiki-spam.
Line: 43 to 43
Changed:
< <
Action: IP address 203.88.152., 203.88.155., 219.65.75.
Current list: 203.88.152., 203.88.155., 219.65.75.
Your current score: 203.88.152., 203.88.155., 219.65.75. for IP address 127.0.0.1
> >
Your current score: N/A for IP address 127.0.0.1
Message for users on BLACKLIST and BANLIST:
Set BLACKLISTMESSAGE = Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId4 if you got on the list by mistake.
Current list: 203.88.152., 203.88.155., 219.65.75.
> >
Action: wiki-spam regex pattern(s) http://.*?
Current list:
Public wiki-spam list: Big list of wiki-spam patterns, retrieved from external web site (thanks to MoinMoin's AntiSpamGlobalSolution wiki-spam list)
Line: 84 to 84
Set SPAMREGEXREFRESH = 10
Message for users trying to save text with wiki-spam:
Changed:
< <
Set WIKISPAMMESSAGE = Wiki-spam detected, "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to suspicious activities. Please contact site administrator _wremoId5 if you got on the list by mistake.
> >
Set WIKISPAMMESSAGE = Wiki-spam detected: "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to suspicious activities. Please contact site administrator _wremoId6 if you got on the list by mistake.
Nofollow link setting:
Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots) and suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam.
> >
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots), suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam, or saving text with wiki-spam.
The Plugin monitors activities by IP address and uses three IP address lists to protect the TWiki site:
WHITELIST: Manually maintained list of users who should never get on the BANLIST
BLACKLIST: Manually maintained list of malicious users
BANLIST: Automatically updated list of users with suspicious activities
Added:
> >
On topic save, text is compared to a known list of spam patterns. If wiki-spam is identified, topic save is cancelled, an error message is shown, and the IP address is put on the BANLIST. Two wiki-spam lists are used:
Local SPAMLIST: Manually maintained list of spam patterns
Public wiki-spam list: Big list of wiki-spam patterns, retrieved from external web site
Users on the BLACKLIST and BANLIST will have every page access delayed by one minute and will get an error message.
To fight Wiki-spam, the Plugin can also add a rel="nofollow" parameter to external URLs. Search engines will not follow links that have this parameter, taking away the incentive to add spam to TWiki.
Line: 16 to 20
Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%
WHITELIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set WHITELIST = 127.0.0.1
Line: 49 to 60
Message for users on BLACKLIST and BANLIST:
Set BLACKLISTMESSAGE = Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId7 if you got on the list by mistake.
Changed:
< <
Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
Set NOFOLLOWAGE = -1
> >
Wiki-spam filtering settings:
Filter wiki-spam on topic save based on SPAMLIST: (0 or 1)
Set FILTERWIKISPAM = 1
Comma separated list of Web.Topics to exclude from wiki-spam filtering:
Set SPAMEXCLUDETOPICS =
Changed:
< <
Log access of users on BLACKLIST and BANLIST: (1 or 0)
Set LOGACCESS = 1
> >
Public wiki-spam list: Big list of wiki-spam patterns, retrieved from external web site (thanks to MoinMoin's AntiSpamGlobalSolution wiki-spam list)
Cache refresh time (in minutes) for public wiki-merge pattern list:
Set SPAMLISTREFRESH = 60
Cache refresh time (in minutes) for internal wiki-spam regular expression cache:
Set SPAMREGEXREFRESH = 10
Message for users trying to save text with wiki-spam:
Set WIKISPAMMESSAGE = Wiki-spam detected, "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to suspicious activities. Please contact site administrator _wremoId8 if you got on the list by mistake.
Nofollow link setting:
Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
Set NOFOLLOWAGE = -1
Plugin Installation Instructions
Line: 69 to 101
data/TWiki/BlackListPlugin.txt,v
Plugin topic repository
lib/TWiki/Plugins/BlackListPlugin.pm
Plugin Perl module
pub/TWiki/BlackListPlugin/.htaccess
Apache access control to protect pub dir
Added:
> >
templates/oopsblacklist.tmpl
Generic oops message
Write protect this Plugin topics by removing the # hash sign from the ALLOWTOPICCHANGE setting
Make sure pub/TWiki/BlackListPlugin/ is writable by the CGI user (typically nobody)
Dakar release only: Run the configure utility in your browser to enable the Plugin
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots) and suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam.
Line: 28 to 28
BLACKLIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set BLACKLIST = 203.88.152., 203.88.155., 219.65.75.
Changed:
< <
> >
BANLIST: Automatically updated list of IP addresses based on BANLIST configuration
Changed:
< <
IP address 203.88.152., 203.88.155., 219.65.75.
> >
Action: IP address 203.88.152., 203.88.155., 219.65.75.
Current list: 203.88.152., 203.88.155., 219.65.75.
Changed:
< <
BANLIST configuration, comma delimited list of: Points for registration, points for each save and upload, points for view raw, points for other actions like view, threshold to add to BANLIST, measured over time (in seconds)
> >
BANLIST configuration, comma delimited list of:
points for registration
Points for each save and upload
Points for view raw
Points for other actions like view
Threshold to add to BANLIST
Measured over time (in seconds)
Set BANLISTCONFIG = 20, 5, 1, 20, 120, 300
Your current score: 203.88.152., 203.88.155., 219.65.75. for IP address 127.0.0.1
Message for users on BLACKLIST and BANLIST:
Changed:
< <
Set BLACKLISTMESSAGE = You are black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId9 if you got on the list by mistake. Black listed IP addresses will be submitted to major blacklist databases.
> >
Set BLACKLISTMESSAGE = Your IP address 127.0.0.1 is black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId10 if you got on the list by mistake.
Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
This is a simple utility to keep black sheeps away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots) and suspicious activities of users, like multiple registrations or rapid topic updates indicating Wiki-spam.
> >
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots) and suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam.
The Plugin monitors activities by IP address and uses three IP address lists to protect the TWiki site:
WHITELIST: Manually maintained list of users who should never get on the BANLIST
Line: 10 to 10
Users on the BLACKLIST and BANLIST will have every page access delayed by one minute and will get an error message.
Added:
> >
To fight Wiki-spam, the Plugin can also add a rel="nofollow" parameter to external URLs. Search engines will not follow links that have this parameter, taking away the incentive to add spam to TWiki.
Plugin Settings
Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%
Line: 39 to 41
Message for users on BLACKLIST and BANLIST:
Set BLACKLISTMESSAGE = You are black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId11 if you got on the list by mistake. Black listed IP addresses will be submitted to major blacklist databases.
Added:
> >
Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
Set NOFOLLOWAGE = -1
Log access of users on BLACKLIST and BANLIST: (1 or 0)
This is a simple utility to keep black sheeps away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots) and suspicious activities of users, like multiple registrations or rapid topic updates indicating Wiki-spam.
Line: 32 to 32
Current list: 203.88.152., 203.88.155., 219.65.75.
Changed:
< <
BANLIST configuration, comma delimited list of: Points for registration, points for each save and upload, points for other actions like view, threshold to add to BANLIST, measured over time (in seconds)
Set BANLISTCONFIG = 30, 5, 1, 150, 300
> >
BANLIST configuration, comma delimited list of: Points for registration, points for each save and upload, points for view raw, points for other actions like view, threshold to add to BANLIST, measured over time (in seconds)
Set BANLISTCONFIG = 20, 5, 1, 20, 120, 300
Your current score: 203.88.152., 203.88.155., 219.65.75. for IP address 127.0.0.1
This is a simple utility to keep black sheeps away from a public TWiki site. There are three lists of IP addresses:
> >
This is a simple utility to keep black sheeps away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots) and suspicious activities of users, like multiple registrations or rapid topic updates indicating Wiki-spam.
The Plugin monitors activities by IP address and uses three IP address lists to protect the TWiki site:
WHITELIST: Manually maintained list of users who should never get on the BANLIST
BLACKLIST: Manually maintained list of malicious users
BANLIST: Automatically updated list of users with suspicious activities
Line: 22 to 24
Set WHITELIST = 127.0.0.1
BLACKLIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Changed:
< <
Set BLACKLIST = 203.88.152., 219.65.75.
> >
Set BLACKLIST = 203.88.152., 203.88.155., 219.65.75.
Line: 35 to 37
Your current score: 203.88.152., 203.88.155., 219.65.75. for IP address 127.0.0.1
Message for users on BLACKLIST and BANLIST:
Changed:
< <
Set BLACKLISTMESSAGE = You are black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact _wremoId12 if you got on the list by mistake. Black listed IP addresses will be submitted to major blacklist databases.
> >
Set BLACKLISTMESSAGE = You are black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact site administrator _wremoId13 if you got on the list by mistake. Black listed IP addresses will be submitted to major blacklist databases.
Log access of users on BLACKLIST and BANLIST: (1 or 0)
Set LOGACCESS = 1
Line: 54 to 56
data/TWiki/BlackListPlugin.txt,v
Plugin topic repository
lib/TWiki/Plugins/BlackListPlugin.pm
Plugin Perl module
Test if the installation was successful:
Changed:
< <
Add the IP address of a PC to BLACKLIST and access TWiki from that PC. After a one minute timeout, you should see the message "You are black listed at AVR32 Linux" if accessing the view script; or an 500 Internal Server Error for other scripts.
> >
Using above form, add the IP address of one of your workstations to the BANLIST
Access TWiki from that workstation
if you look at a TWiki topic (with the view script) you should see the BLACKLISTMESSAGE (defined above) after a one minute timeout
else, you should get an 500 Internal Server Error for other scripts
On a different workstation, remove the IP address of the test workstation from the BANLIST
Known Issues
The BANLIST does not work until you add and remove an IP address using above form
This is a simple utility to keep black sheeps away from a public TWiki site. Add the IP address of a malicious user to the BLACKLIST setting. Users on that list will have every page access delayed by one minute and will get an error message.
> >
This is a simple utility to keep black sheeps away from a public TWiki site. There are three lists of IP addresses:
WHITELIST: Manually maintained list of users who should never get on the BANLIST
BLACKLIST: Manually maintained list of malicious users
BANLIST: Automatically updated list of users with suspicious activities
Users on the BLACKLIST and BANLIST will have every page access delayed by one minute and will get an error message.
Plugin Settings
Line: 13 to 18
Debug plugin: (See output in data/debug.txt)
Set DEBUG = 0
Changed:
< <
Blacklist: (Comma delimited list of IP addresses, partial addresses OK)
Set BLACKLIST = 203.88.152, 219.65.75
> >
WHITELIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set WHITELIST = 127.0.0.1
BLACKLIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set BLACKLIST = 203.88.152., 219.65.75.
BANLIST configuration, comma delimited list of: Points for registration, points for each save and upload, points for other actions like view, threshold to add to BANLIST, measured over time (in seconds)
Set BANLISTCONFIG = 30, 5, 1, 150, 300
Your current score: 203.88.152., 203.88.155., 219.65.75. for IP address 127.0.0.1
Message for users on BLACKLIST and BANLIST:
Set BLACKLISTMESSAGE = You are black listed at the AVR32 Linux web site due to excessive access or suspicious activities. Please contact _wremoId14 if you got on the list by mistake. Black listed IP addresses will be submitted to major blacklist databases.
Changed:
< <
Log access of users on blacklist to data/debug.txt: (1 or 0)
> >
Log access of users on BLACKLIST and BANLIST: (1 or 0)
This is a simple utility to keep black sheeps away from a public TWiki site. Add the IP address of a malicious user to the BLACKLIST setting. Users on that list will have every page access delayed by one minute and will get an error message.
Plugin Settings
Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%
Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.
Download the ZIP file from the Plugin web (see below)
Unzip BlackListPlugin.zip in your twiki installation directory. Content:
Add the IP address of a PC to BLACKLIST and access TWiki from that PC. After a one minute timeout, you should see the message "You are black listed at AVR32 Linux" if accessing the view script; or an 500 Internal Server Error for other scripts.
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.