AntiWikiSpamPlugin

01 December 2015 - 00:32 | Version 1 |

Lightweight wiki spam prevention

Stop your wiki getting spammed

This plugin attempts to reduce the instance of Wiki Spam by using the MoinMoin AntiSpamGlobalSolution regex's. Anytime it detects that a saved page contains a string in the regex list, it only refuses to save it.

Major premise is not to create any unnecessary load on the server and not to use excess server resources by holding connections open.

All its processing is only done on save, or on attach. (Foswiki:Extensions/BlackListPlugin does a lot of processing on every topic operation, including view)

Features

The attachment scan for spam strings and some javascript exploits is extremely slow and not recommended, especially for large binary attachments. This feature is now disabled by default.

Spam signatures

This plugin can use a timeout on save to check if the spam signature list has changed, This is no longer recommended. For best performance, manually update the signatures.

To manually update the list, click
(Admin authority required!)

The retrieve of the MoinMoin regex list can still take some seconds which will delay topic saves when the list needs to be refreshed. Good network connectivity is a must. If the configured server is not reachable, then save will be delayed or fail. The recommended solution is to refresh the list using the provided rest script from a scheduled cron job, and disable $Foswiki::cfg{Plugins}{AntiWikiSpamPlugin}{AutoUpdateSignatures} (This is now the default configuration)
cd [foswiki-bin-directory]
./rest /AntiWikiSpamPlugin/forceUpdate

Here is a sample crontab entry to run the signature refresh at 10 past the hour. The ouptut is sent to a logfile.
10      *       *       *       *       cd /path/to/foswiki/bin && perl -T rest /AntiWikiSpamPlugin/forceUpdate > /path/to/foswiki/working/logs/LastSpamUpdate.log 2>&1

ALERT! Caution: Be sure to run the rest script under the control of the web server user; apache, www, etc. If run as root, the ownership of the logfiles can change, which will cause an outage for your wiki.

Registration control

Registration is controlled by limiting the email domains that can be used by people registering to the wiki. For example, you can set up a whitelist so that only people with a corporate email address can register, or set up a blacklist to filter known email hosts that spammers use.

The lists are held in topics, usually called AntiWikiSpamRegistrationWhiteList and AntiWikiSpamRegistrationWhiteList. Sample topics are provided. Each topic is a simple list of Perl regular expressions. The domain of the email address is tested against the regular expressions. If there is no match then the domain is reversed to an IP address, and it is also checked agains the list. At least one expression in the whitelist must match the email address to permit registration. If any expression in the blacklist matches, registration will be denied.

The core foswiki feature, added in Foswiki-1.1.5, provides a similar facility but only checks by email address domain. It is a simpler implementation and has lower overhead. The core filter is set as an expert parameter in the Foswiki configuration {Register}{EmailFilter}, in the "Security and Authentication" section, Registration tab. The White and Black lists provided by this extension will do a DNS lookup and can also block by IP Address of the registrant.

This extension can also track guest activity by recording the last "n" topic views in their Session. When the user registers, this list is compared to a filter of "interesting" webs and topics. If the user has insufficient interesting activity, the registration is blocked. This can be used to prevent "bot" registrations that post registration requests without visiting topics. Note that users who leave and then come back to register lose their session history and may find the registration process difficult.

Removing User Accounts

Normally user accounts should not be removed, as they represent the history of topic changes. In addition if the WikiName is reused, the new user "assumes" the history of the prior user. However, when dealing with spam registrations, it's generally recommended to remove the accounts. This plugin provides a REST handler that can remove user accounts from the wiki, which you can access through the following form. This function is only available to Administrators

This feature has been included as a core Foswiki feature in Foswiki 2.0.

Configuration

The configuration of this plugin is done using the https://manual.jointcommission.org/bin/configure tool:
Setting Definition Default
{Plugins}{AntiWikiSpamPlugin}{CheckTopics} Enable to check topic text against the spam regular expressions (enabled)
{Plugins}{AntiWikiSpamPlugin}{CheckAttachments} Enable to check attachment text against the spam regular expressions (disabled)
{Plugins}{AntiWikiSpamPlugin}{CheckRegistrations} Enable to check Registrations against the white and black lists. (enabled)
{Plugins}{AntiWikiSpamPlugin}{AutoUpdateSignatures} Enable to auto-download spam signatures. (disabled)
{Plugins}{AntiWikiSpamPlugin}{ANTISPAMREGEXLISTURL} URL containing the public list of regular expressions used to block spam. The default list is provided by MoinMoin. http://arch.thinkmo.de/cgi-bin/spam-merge
{Plugins}{AntiWikiSpamPlugin}{LOCALANTISPAMREGEXLISTTOPIC} A topic containing a list of local regular expressions. A sample topic is provided. System.AntiWikiSpamLocalList
{Plugins}{AntiWikiSpamPlugin}{GETLISTTIMEOUT} Maximum age of the public regular expression list in minutes. When age is exceeded, an updated list will be fetched 60
{Plugins}{AntiWikiSpamPlugin}{BypassGroup} A Wiki group listing members who are permitted to save without any Spam checking. Note that members of the Main.AdminGroup are always permitted to save. AntiWikiSpamBypassGroup
{Plugins}{AntiWikiSpamPlugin}{HitThreshold} Number of regex hits required to block the save. Set to -1 to simulate operation. 1
{Plugins}{AntiWikiSpamPlugin}{RegistrationWhiteList} Name of topic containing regular expressions that permit registration by matching email domains. System.AntiWikiSpamRegistrationWhiteList
{Plugins}{AntiWikiSpamPlugin}{RegistrationBlackList} Name of topic containing regular expressions that deny registration by matching email domains. System.AntiWikiSpamRegistrationBlackList
{Plugins}{AntiWikiSpamPlugin}{MeaningfulWebs} Regular expression, matches webnames that are deemed "interesting" for registration purposes. '.*'
{Plugins}{AntiWikiSpamPlugin}{IgnoredTopics} Topics that will not be counted toward the "meaningful" threshold '^(UserRegistration|WikiUsers|Web.*)$'
{Plugins}{AntiWikiSpamPlugin}{MeaningfulCount} Count of topic views needed to open up registration. Set to 0 to disable the check. 0

Installation Instructions

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See http://foswiki.org/Support/ManuallyInstallingExtensions for more help.

Testing

Edit AntiWikiSpamTestTopic using the Admin user. (This topic is protected against non-admin access.) Save will be permitted, but the matching regular expressions will be logged to the foswiki error log (typically working/logs/error.log)

To cause a true failure, remove the VIEW and CHANGE restrictions to the topic and edit it using a non-admin user.

Info

Change History:
1.93 (30 Nov 2015) Foswikitask:Item13878: Change from case-insensitive regex for better performance.
1.92 (08 Jul 2015) Foswikitask:Item13296: Document, and disable access profiling by default.
1.91 (11 Mar 2015) Foswikitask:Item13296: Add oops template for better error messages.
1.9 (16 Dec 2014) Foswikitask:Item13145: Add some access profiling, Foswikitask:Item13047: Typo in DEPENDENCIES
1.8 (28 Apr 2014) Foswikitask:Item12874: Crash due to undefined array reference
1.7 (25 Apr 2014) Typo in documentation
1.6 (25 Apr 2014) Foswikitask:Item12349, Foswikitask:Item12629: Download of signatures brings down performance
Foswikitask:Item12410, Foswikitask:Item12634: Attachment upload fails as checking them exceeds backend resources
Foswikitask:Item12411: rest validates the CSRF signature even if validation disabled in core.
Foswikitask:Item12699: Removing a user should also remove any cgisess files to kill current sessions.
1.5 (31 Dec 2012) Foswikitask:Item12296: BypassGroup doesn't work, also unit tests don't work on trunk.
Foswikitask:Item12323: Fails to remove user topic on Foswiki 1.1.x
1.4 (10 Aug 2012) Foswikitask:Item11679: When removing a user, remove it from any groups.
Foswikitask:Item12038: Allow checking to be disabled
1.3.1 (19 Mar 2012) Remove dialog would remove current user if entered user was not known to the Mapper.
1.3 (14 Mar 2012) Foswikitask:Item11644: add white/black lists for common spam sources (Foswiki:Main.CrawfordCurrie)
Foswikitask:Item11646: add remove dialog
Foswikitask:Item11593: Uninitialized variable
1.2 (25 Apr 2011) Foswikitask:Item1091 - add whitelist,
Foswikitask:Item1580 - also process comments,
Foswikitask:Item10680 - Improve local regex capability
1.1 (4 Jan 2009) updated for Foswiki v1.0
1.0 (22 Aug 2005) Initial version
Dependencies: None
Home page: http://foswiki.org/bin/view/Extensions/AntiWikiSpamPlugin