BlackListPlugin < Plugins < TWiki

BlackListPlugin < Plugins < TWiki
Tags:
view all tags
Black List Plugin
Page contents
Description
Plugin Settings
General settings
WHITELIST, BLACKLIST and BANLIST settings
Wiki-spam filtering settings
Registration protection settings
Nofollow link setting
Don't Invite Spammers
Plugin Installation Instructions
Known Issues and Limitations
Plugin Info
Utility to keep malicious users away from a public TWiki site
Description
This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots), suspicious activities of users, such as multiple registrations or rapid topic updates indicating
Wiki:WikiSpam
, or saving text with wiki-spam.
The Plugin monitors activities by IP address and uses three IP address lists to protect the TWiki site:
WHITELIST: Manually maintained list of users who should never get on the BANLIST
BLACKLIST: Manually maintained list of malicious users
BANLIST: Automatically updated list of users with suspicious activities
On topic save, text is compared to a known list of spam patterns. If wiki-spam is identified, topic save is cancelled, an error message is shown, and the IP address is put on the BANLIST. Two wiki-spam lists are used:
Local SPAMLIST: Manually maintained list of spam patterns
Public wiki-spam list: Big list of wiki-spam patterns, retrieved from external web site
Users on the BLACKLIST and BANLIST will get an error message on every page access.
The registration form can also be protected from improper use.
To fight Wiki-spam, the Plugin can also add a
rel="nofollow"
parameter to external URLs. Search engines will not follow links that have this parameter, taking away the incentive to add spam to TWiki.
Plugin Settings
Plugin settings are stored as preferences variables. To reference a plugin setting write
%_%
, i.e.
%INTERWIKIPLUGIN_SHORTDESCRIPTION%
General settings
One line description, is shown in the
TextFormattingRules
topic:
Set SHORTDESCRIPTION = Utility to keep malicious users away from a public TWiki site
Debug plugin: (See output in
data/debug.txt
Set DEBUG = 0
Log access of blacklist and spam list activities: (0 or 1)
Set LOGACCESS = 1
Access restriction:
Set ALLOWTOPICCHANGE =
TWikiAdminGroup
Set ALLOWTOPICRENAME =
TWikiAdminGroup
WHITELIST, BLACKLIST and BANLIST settings
WHITELIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set WHITELIST = 127.0.0.1
BLACKLIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
Set BLACKLIST = 203.88.152., 203.88.155., 219.65.75.
BANLIST configuration, comma delimited list of:
Points for registration
Points for each save and upload
Points for view and other actions
Points for view raw
Threshold to add to BANLIST
Measured over time (in seconds)
Set BANLISTCONFIG = 10, 5, 1, 5, 120, 300
Your current score: 1 for IP address 72.14.201.215
Message for users on BLACKLIST and BANLIST:
Set BLACKLISTMESSAGE = Your IP address 72.14.201.215 is black listed at the TWiki web site due to excessive access or suspicious activities. Please contact site administrator
info@twikiPLEASENOSPAM.org
if you got on the list by mistake.
Wiki-spam filtering settings
Filter wiki-spam on topic save and HTML file uploads based on SPAMLIST: (0 or 1)
Set FILTERWIKISPAM = 1
Comma separated list of Web.Topics to exclude from wiki-spam filtering on topic save:
Set SPAMEXCLUDETOPICS =
Public wiki-spam list: Big list of wiki-spam patterns, retrieved from external web site (thanks to MoinMoin's
AntiSpamGlobalSolution
wiki-spam list)
Set SPAMLISTURL =
Cache refresh time (in minutes) for public wiki-merge pattern list:
Set SPAMLISTREFRESH = 60
Cache refresh time (in minutes) for internal wiki-spam regular expression cache:
Set SPAMREGEXREFRESH = 10
Message for users trying to save text with wiki-spam:
Set WIKISPAMMESSAGE = Wiki-spam detected: "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 72.14.201.215 is black listed at the TWiki web site due to suspicious activities. Please contact site administrator
info@twikiPLEASENOSPAM.org
if you got on the list by mistake.
Registration protection settings
Protect registration: (number of minutes to expire, 15 minutes is recommended, 0 to disable)
Set REGEXPIRE = 0
If enabled, a magic number is protecting the registration process. TWiki expects a form field with a magic number. An error message is shown if not valid or if expired. This makes it harder to register a user by a script. A hidden field needs to be added to the registration form:

Regular expression list of WikiWords that are banned from registering:
Set REGWIKINAMEBANLIST = [A-Z]+[a-z]*[0-9]+[A-Z][A-Za-z]*, [A-Z]+[a-z0-9]+[A-Z]+[A-Za-z]*[0-9]+
Regular expression list of e-mails that are banned from registering:
Set REGEMAILBANLIST = \@binkmail.com, \@guerrillamail\.(biz|com), \@hidemyass\.com, \@mailinator\.com, \@safetymail.info, \@snkmail.com, \@[\w\.-]*trash[\w\.-]*\.
Message shown when registering with outdated magic number or with banned content: (this message is deliberately vague)
Set REGMESSAGE = Registration not possible, please try again.
Nofollow link setting
Add a
rel="nofollow"
parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as

. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
Set NOFOLLOWAGE = -1
Don't Invite Spammers
Spammers search for sites with known spam signatures. Don't use this page as an invitation for spammers by telling search engines NOT to index this page:
Set HTTP_EQUIV_ON_VIEW =
Plugin Installation Instructions
Note:
You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.
Download the ZIP file from the Plugin web (see below)
Unzip
BlackListPlugin.zip
in your twiki installation directory. Content:
File:
Description:
data/TWiki/BlackListPlugin.txt
Plugin topic
data/TWiki/BlackListPlugin.txt,v
Plugin topic repository
lib/TWiki/Plugins/BlackListPlugin.pm
Plugin Perl module
pub/TWiki/BlackListPlugin/.htaccess
Apache access control to protect pub dir
templates/oopsblacklist.tmpl
Generic oops message
Make sure
pub/TWiki/BlackListPlugin/
is writable by the CGI user (typically
nobody
Run the configure utility in your browser to enable the Plugin
Make sure that non-administrators cannot edit this plugin topic. By default, this topic is write protected with an
ALLOWTOPICCHANGE = TWikiAdminGroup
setting.
Test if the installation was successful:
Using above form, add the IP address of one of your workstations to the BANLIST
Access TWiki from that workstation
if you look at a TWiki topic (with the view script) you should see the BLACKLISTMESSAGE (defined above) after a one minute timeout
else, you should get an 500 Internal Server Error for other scripts
On a different workstation, remove the IP address of the test workstation from the BANLIST
Known Issues and Limitations
Scan for script eval() and escape() is currently hard-coded
Plugin Info
Plugin Author:
TWiki:Main.PeterThoeny
Copyright:
TWiki.org
TWiki:TWiki.TWikiContributor
Plugin Version:
2013-03-22
Change History:
2013-03-22:
TWikibug:Item7151
: Add new throwaway e-mail addresses
2013-03-08:
TWikibug:Item7151
: Add new throwaway e-mail addresses
2013-02-28:
TWikibug:Item7154
: Add REGWIKINAMEBANLIST and REGEMAILBANLIST to protect TWiki from bogus registrations; remove 60 min sleep time on ban
2013-02-17:
TWikibug:Item7154
: Use noindex meta tag on this plugin page because we do not want to invite spammers who search for known spam signatures
2011-07-10:
TWikibug:Item6725
: Change global package variables from "use vars" to "our"
2010-07-10:
TWikibug:Item6519
- fix for empty oops messages in TWiki-4.x; fix for redirect to oops not working in TWiki-5.0
29 Mar 2007:
Doc fixes; change view=raw penalty from 20 to 5
18 Mar 2007:
Scan for evil script eval() and escape() in topic text and attachments; support for TWiki 4.2 (using new
TWiki::Func::getExternalResource
28 Dec 2006:
Fixed bug where EXCLUDELIST pattern was removing only part of a wiki-spam pattern
27 Dec 2006:
Support for TWiki 4.1
01 Jul 2006:
Added EXCLUDELIST; scan for evil script eval in attachments; scan also .js and .css attachments; fixed writeLog error on Cairo
02 Jun 2006:
Added wiki-spam filtering for HTML attachments to combat
TWiki:Codev.HtmlAttachmentSpam
29 Apr 2006:
Added
%BLACKLISTPLUGIN{ action="spam_show_n" }%
that shows the local spam list in a shareable format with newline separator
07 Feb 2006:
TWiki Release 4.0 fix to allow registration with e-mail verification, reset password and approve
03 Jan 2006:
Filter lines with space from spam list; fixed bug that inproperly filtered HTML from spam list; Dakar Release fix (end/postRenderingHandler issue)
08 Nov 2005:
Doc fixes; code warning fixes; allow empty local SPAMLIST and public spam list
04 Nov 2005:
Added registration protection with magic number
30 Oct 2005:
Dakar Release compatibility: Work around Dakar preferencs bug
29 Oct 2005:
Added wiki-spam filtering to prevent topic save with wiki-spam
27 Oct 2005:
For BANLIST, add/remove multiple IP addresses at once, contributed by
TWiki:Main.MichaelDaum
22 Jan 2005:
Added NOFOLLOWAGE handling
19 Jan 2005:
Added score for "view raw" to address e-mail harvester issue
05 Apr 2004:
Fixed bug in event log (requiring update of earlier Plugin versions); doc updates
04 Apr 2004:
Added WHITELIST and BANLIST
21 Mar 2004:
Initial version
CPAN
Dependencies:
none
Other Dependencies:
none
Perl Version:
5.005
License:
GPL (
GNU General Public License
TWiki:Plugins/Benchmark
GoodStyle
99%,
FormattedSearch
99%,
BlackListPlugin
97%
Plugin Home:
Feedback:
Appraisal:
Related Topics:
TWikiPreferences
TWikiPlugins
TWiki:Codev.WikiSpam
PackageForm
TopicClassification
PluginPackage
TestedOnTWiki
6.1, 6.0, 5.1, 5.0, 4.3, 4.2, 4.1, 4.0.0, 01 Sep 2004
TestedOnOS
OsLinux
OsSolaris
ShouldRunOnOS
AnyOS
InstalledOnTWikiOrg
Yes
DemoUrl
DevelopedInSVN
Yes
ModificationPolicy
PleaseFeelFreeToModify
RelatedTopics
WikiSpam
VisualConfirmPlugin
Attachments
Attachments
Topic attachments
Attachment
History
Action
Size
Date
Who
Comment
md5
BlackListPlugin.md5
r11
r10
r9
r8
r7
manage
0.2 K
2013-03-22 - 22:05
PeterThoeny
tgz
BlackListPlugin.tgz
r11
r10
r9
r8
r7
manage
13.5 K
2013-03-22 - 22:05
PeterThoeny
zip
BlackListPlugin.zip
r31
r30
r29
r28
r27
manage
16.3 K
2013-03-22 - 22:05
PeterThoeny
ext
BlackListPlugin_installer
r2
r1
manage
3.4 K
2013-03-22 - 22:05
PeterThoeny
dit
ttach
Watch
rint version
istory
: r47
r46
r45
r44
r43
acklinks
aw View
Ra
edit
ore topic actions
Topic revision: r47 - 2018-07-17
PeterThoeny
Blog web
Codev web
Main web
Plugins web
Sandbox web
Support web
TWiki web
TWiki01 web
TWiki02 web
TWiki03 web
TWiki04 web
TWiki04x01 web
TWiki04x02 web
TWiki04x03 web
TWiki05x00 web
TWiki05x01 web
TWiki06x00 web
TWiki06x01 web
WikiWed web
Plugins Web
Index
Search extensions
Search by tags
Changes
Notifications
RSS Feed
Statistics
Preferences
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Community
Readme first!
Rate extensions!
Add-Ons
Development topics
Idea topics
Plugins
Development topics
Idea topics
Skins
Development topics
Idea topics
Code Contribs
Development topics
Idea topics
Account
Register User
dit
ttach
Ideas, requests, problems regarding TWiki?
Send feedback
. Ask community in the
support forum
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.