Skip to topic | Skip to bottom
Home
ephedrine diet pill [[]] index ephedrine [[]]
TWiki

edit

TWiki.BlackListPluginr1.13 - 30 Apr 2006 - 05:21 - PeterThoenytopic end
Start of topic | Skip to actions

Black List Plugin

Description

This is a simple utility to keep black sheep away from a public TWiki site. The site can be protected against excessive page access (e.g. by bad robots), suspicious activities of users, such as multiple registrations or rapid topic updates indicating Wiki:WikiSpam, or saving text with wiki-spam.

The Plugin monitors activities by IP address and uses three IP address lists to protect the TWiki site:

  • WHITELIST: Manually maintained list of users who should never get on the BANLIST
  • BLACKLIST: Manually maintained list of malicious users
  • BANLIST: Automatically updated list of users with suspicious activities

On topic save, text is compared to a known list of spam patterns. If wiki-spam is identified, topic save is cancelled, an error message is shown, and the IP address is put on the BANLIST. Two wiki-spam lists are used:

  • Local SPAMLIST: Manually maintained list of spam patterns
  • Public wiki-spam list: Big list of wiki-spam patterns, retrieved from external web site

Users on the BLACKLIST and BANLIST will have every page access delayed by one minute and will get an error message.

The registration form can also be protected from improper use.

To fight Wiki-spam, the Plugin can also add a rel="nofollow" parameter to external URLs. Search engines will not follow links that have this parameter, taking away the incentive to add spam to TWiki.

Plugin Settings

Plugin settings are stored as preferences variables. To reference a plugin setting write %<plugin>_<setting>%, i.e. %INTERWIKIPLUGIN_SHORTDESCRIPTION%

General settings

  • One line description, is shown in the TextFormattingRules topic:
    • Set SHORTDESCRIPTION = Utility to keep malicious users away from a public TWiki site

  • Debug plugin: (See output in data/debug.txt)
    • Set DEBUG = 0

  • Log access of blacklist and spam list activities: (0 or 1)
    • Set LOGACCESS = 1

WHITELIST, BLACKLIST and BANLIST settings

  • WHITELIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
    • Set WHITELIST = 127.0.0.1, 68.145.160.34

  • BLACKLIST: Comma delimited list of IP addresses; possible to use partial addresses ending in a dot
    • Set BLACKLIST = 203.88.152., 203.88.155., 219.65.75.

  • BANLIST: Automatically updated list of IP addresses based on BANLIST configuration
    • Action: IP address(es)
    • Current list: 87.103.180.19, 213.160.132.4, 66.249.65.14, 211.211.67.146, 72.30.103.144, 72.30.133.17, 72.30.110.82, 85.202.124.40, 65.55.246.49, 69.41.182.77, 85.202.125.202, 85.202.125.190, 66.249.65.104, 85.202.126.255, 70.159.21.50, 65.214.44.75, 220.119.187.155, 66.249.66.114, 216.255.189.226, 210.113.193.144, 58.239.126.102, 208.66.195.6, 81.177.14.25, 193.87.16.14, 66.249.65.34, 202.58.85.2, 63.168.93.42, 200.57.95.178, 68.142.249.10, 66.249.66.10, 208.66.195.7, 208.66.195.8, 208.66.195.5, 69.31.44.234, 64.124.85.72, 66.249.65.13, 72.30.102.209, 66.249.66.204, 208.66.195.3, 208.66.195.4, 66.249.65.232, 66.249.66.4, 66.249.65.107, 208.66.195.2, 208.66.195.11, 208.66.195.10, 208.66.195.9, 82.82.177.32, 67.108.223.130, 211.116.157.106, 68.142.249.158, 219.93.174.106, 66.249.65.78, 85.202.112.31, 66.249.65.7, 205.209.170.221, 208.104.142.177, 85.202.118.137, 128.194.135.81, 66.249.66.230, 85.202.114.190, 72.36.137.218, 66.249.66.13, 24.89.255.223, 193.93.236.18, 66.249.65.231, 70.119.72.53, 205.209.170.163, 63.216.32.70, 66.249.65.2, 66.249.65.80, 68.145.160.34, 66.249.65.67, 66.249.66.227, 65.55.212.93, 61.185.219.235, 69.46.25.83, 74.6.67.227, 74.6.71.53, 74.6.69.46, 66.249.66.237, 204.9.204.203, 66.249.65.98, 64.140.49.69, 66.249.65.180, 66.249.65.37, 66.249.66.196, 66.249.72.230, 66.249.65.3, 74.52.23.202, 71.202.241.52, 66.249.72.2, 206.83.210.59, 69.25.71.12, 66.249.65.82, 205.209.170.203, 66.249.66.78, 64.246.44.4, 70.162.78.247, 69.41.174.235, 66.249.72.8, 74.6.73.126, 74.6.70.86, 74.6.86.208, 71.168.107.138, 66.249.66.5, 74.69.105.49, 193.64.31.23, 87.81.138.44, 70.100.145.162, 213.46.105.134, 66.249.65.41, 24.203.221.239, 195.225.177.136, 66.36.228.141, 66.249.72.109, 129.241.110.172, 66.249.65.46, 66.249.66.113, 84.210.38.187, 66.249.66.162, 69.159.35.55, 72.30.177.215, 58.143.87.15, 203.165.247.144, 89.149.202.210, 65.55.208.120, 66.249.66.72, 216.195.54.53, 65.94.13.148, 74.6.68.106, 74.6.69.167, 74.6.74.221, 65.94.160.171, 66.249.66.1, 222.46.18.34, 74.15.184.134, 161.53.232.46, 62.231.243.138, 74.6.29.37, 74.6.27.10, 74.6.25.233, 74.6.26.103, 208.36.144.6, 64.1.215.164, 65.214.45.100, 66.249.70.25, 72.3.137.83, 65.55.208.122, 68.103.63.196, 69.154.214.184, 87.167.250.183, 65.55.212.75, 65.94.229.38, 69.84.207.37, 89.149.226.219, 60.190.240.76, 66.112.55.174, 81.191.159.134, 82.95.238.2, 203.121.69.28, 65.55.212.88, 66.249.70.163, 88.9.108.197, 24.94.62.119, 82.249.119.148, 84.125.90.202, 66.249.70.209, 217.230.179.193, 69.84.207.39, 69.16.237.76, 213.186.57.97, 85.69.63.217, 85.88.12.127, 209.115.108.194, 212.105.98.3, 211.224.128.135, 195.238.0.26, 81.90.160.66, 216.120.251.5, 65.55.212.77, 69.10.146.35, 72.9.101.130, 74.53.195.2, 85.178.64.176, 64.79.216.165, 195.228.156.159, 195.35.219.11, 206.190.65.134, 211.51.221.242, 72.232.203.242, 77.222.40.43, 216.16.122.1, 210.128.205.131, 207.171.203.3, 213.251.136.25, 88.191.26.88, 74.6.9.111, 211.47.65.175, 216.120.233.18, 124.32.19.19, 125.248.159.125, 64.202.126.179, 194.177.96.216, 66.249.70.194, 72.232.178.114, 85.214.18.127, 82.194.66.100, 91.143.80.12, 91.64.51.149, 68.192.9.221, 209.183.220.13, 62.204.145.244, 80.66.68.57, 84.202.172.76, 195.239.211.235, 87.17.141.13, 88.114.236.155, 89.107.66.219, 194.213.194.14, 209.250.226.210, 195.225.168.138, 66.249.67.59, 89.149.254.38, 81.169.186.5, 209.188.26.35, 195.117.237.134, 217.21.244.207, 202.4.237.216, 90.156.85.133, 62.2.150.103, 64.15.67.15, 85.214.38.224, 213.186.59.191, 64.22.83.22, 82.152.89.29, 71.168.122.164, 65.55.208.243, 205.209.188.226, 66.249.65.103, 76.65.76.124, 206.74.10.235, 67.68.4.251, 67.68.20.155, 65.94.162.212, 81.34.165.1, 66.249.73.237, 66.249.73.171, 69.94.138.80, 74.6.17.168, 74.6.18.254, 206.83.86.2, 89.248.169.90, 77.6.83.249, 205.209.158.200, 72.52.150.34, 69.64.33.149, 66.240.154.20, 67.18.231.242, 67.195.37.95, 69.84.207.147, 208.43.206.170, 74.6.22.171, 195.2.253.70, 74.6.22.168, 217.43.165.102, 66.249.67.57, 74.6.17.177, 65.98.224.6, 67.68.5.95, 94.102.60.43, 66.249.70.145

  • BANLIST configuration, comma delimited list of:
    1. Points for registration
    2. Points for each save and upload
    3. Points for view and other actions
    4. Points for view raw
    5. Threshold to add to BANLIST
    6. Measured over time (in seconds)
    • Set BANLISTCONFIG = 20, 5, 1, 20, 120, 300
    • Your current score: 3 for IP address 38.103.63.60

  • Message for users on BLACKLIST and BANLIST:
    • Set BLACKLISTMESSAGE = Your IP address 38.103.63.60 is black listed at the HarmenyTWiki web site due to excessive access or suspicious activities. Please contact site administrator mishtu@harmeny.com if you got on the list by mistake.

Wiki-spam filtering settings

  • Filter wiki-spam on topic save based on SPAMLIST: (0 or 1)
    • Set FILTERWIKISPAM = 1

  • Comma separated list of Web.Topics to exclude from wiki-spam filtering:
    • Set SPAMEXCLUDETOPICS =

  • Local SPAMLIST: Manually maintained list of spam patterns (NOTE: Must be RegularExpression patterns)
    • Action: wiki-spam regex pattern(s) http://.*?
    • Current list:

  • Cache refresh time (in minutes) for public wiki-merge pattern list:
    • Set SPAMLISTREFRESH = 60

  • Cache refresh time (in minutes) for internal wiki-spam regular expression cache:
    • Set SPAMREGEXREFRESH = 10

  • Message for users trying to save text with wiki-spam:
    • Set WIKISPAMMESSAGE = Wiki-spam detected: "%WIKISPAMWORD%" is a banned word and cannot be saved. Your IP address 38.103.63.60 is black listed at the HarmenyTWiki web site due to suspicious activities. Please contact site administrator mishtu@harmeny.com if you got on the list by mistake.

Registration protection settings

  • Protect registration: (number of minutes to expire, 15 minutes is recommended, 0 to disable)
    • Set REGEXPIRE = 15
    • If enabled, a magic number is protecting the registration process. TWiki expects a form field with a magic number. An error message is shown if not valid or if expired. This makes it harder to register a user by a script. A hidden field needs to be added to the registration form:
      <input type="hidden" name="rx" value="%BLACKLISTPLUGIN{ action="magic" }%" />

  • Message shown when using registration form incorrectly: (this message is deliberately vague)
    • Set REGMESSAGE = Registration failed, please try again.

Nofollow link setting

  • Add a rel="nofollow" parameter to external URLs. Use this is to fight Wiki-spam. Search engines will not follow the link if a URL has a nofollow parameter, such as <a href="http://spammer.com/" rel="nofollow">. Specify topic age in hours for which the nofollow parameter should appear (set it to a value that gives you enough time to remove spam); set it to -1 to add the nofollow parameter unconditionally to external URLs; or 0 to disable: (-1, 0, 1...N)
    • Set NOFOLLOWAGE = -1

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

  • Download the ZIP file from the Plugin web (see below)
  • Unzip BlackListPlugin.zip in your twiki installation directory. Content:
    File: Description:
    data/TWiki/BlackListPlugin.txt Plugin topic
    data/TWiki/BlackListPlugin.txt,v Plugin topic repository
    lib/TWiki/Plugins/BlackListPlugin.pm Plugin Perl module
    pub/TWiki/BlackListPlugin/.htaccess Apache access control to protect pub dir
    templates/oopsblacklist.tmpl Generic oops message
  • Write protect this Plugin topics by removing the # hash sign from the ALLOWTOPICCHANGE setting
  • Make sure pub/TWiki/BlackListPlugin/ is writable by the CGI user (typically nobody)
  • Add the hidden form field to the registration form as described in the "Registration protection settings" section
  • From TWiki 4.0 release on: Run the configure utility in your browser to enable the Plugin
  • Test if the installation was successful:
    1. Using above form, add the IP address of one of your workstations to the BANLIST
    2. Access TWiki from that workstation
      • if you look at a TWiki topic (with the view script) you should see the BLACKLISTMESSAGE (defined above) after a one minute timeout
      • else, you should get an 500 Internal Server Error for other scripts
    3. On a different workstation, remove the IP address of the test workstation from the BANLIST

Plugin Info

Plugin Author: TWiki:Main/PeterThoeny
Plugin Version: 29 Apr 2006 (r8745)
Change History:  
29 Apr 2006: Added %BLACKLISTPLUGIN{ action="spam_show_n" }% that shows the local spam list in a shareable format with newline separator
07 Feb 2006: TWiki Release 4.0 fix to allow registration with e-mail verification, reset password and approve
03 Jan 2006: Filter lines with space from spam list; fixed bug that inproperly filtered HTML from spam list; Dakar Release fix (end/postRenderingHandler issue)
08 Nov 2005: Doc fixes; code warning fixes; allow empty local SPAMLIST and public spam list
04 Nov 2005: Added registration protection with magic number
30 Oct 2005: Dakar Release compatibility: Work around Dakar preferencs bug
29 Oct 2005: Added wiki-spam handling to prevent topic save with wiki-spam
27 Oct 2005: For BANLIST, add/remove multiple IP addresses at once, contributed by TWiki:Main.MichaelDaum
22 Jan 2005: Added NOFOLLOWAGE handling
19 Jan 2005: Added score for "view raw" to address e-mail harvester issue
05 Apr 2004: Fixed bug in event log (requiring update of earlier Plugin versions); doc updates
04 Apr 2004: Added WHITELIST and BANLIST
21 Mar 2004: Initial version
CPAN Dependencies: none
Other Dependencies: none
Perl Version: 5.005
License: GPL (GNU General Public License)
TWiki:Plugins/Benchmark: GoodStyle 99%, FormattedSearch 99%, BlackListPlugin 97%
Plugin Home: http://TWiki.org/cgi-bin/view/Plugins/BlackListPlugin
Feedback: http://TWiki.org/cgi-bin/view/Plugins/BlackListPluginDev
Appraisal: http://TWiki.org/cgi-bin/view/Plugins/BlackListPluginAppraisal

Related Topics: TWikiPreferences, TWikiPlugins, Google wiki spam directory

-- TWiki:Main/PeterThoeny - 29 Apr 2006
to top

End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.13 | > | r1.12 | > | r1.11 | Total page history | Backlinks
You are here: TWiki > BlackListPlugin

to top

Copyright © 1999-2008 by the contributing authors. play online slots online slots slot machine free slot online slot play slot slot game free slot game free online slot free slot machine slot car antique slot machine play free slot progressive slot play free slot machine free slot no download video slot free slot machine game slim slot slot machine game online slot machine bonus slot free online slot game sim slot play slot machine play free slot game slot machine secret video slot machine free video slot machine play online slots online slots slot machine free slot online slot play slot slot game free slot game free online slot free slot machine slot car antique slot machine play free slot progressive slot play free slot machine free slot no download video slot free slot machine game slim slot slot machine game online slot machine bonus slot free online slot game sim slot play slot machine play free slot game slot machine secret video slot machine free video slot machine play online poker free online poker online poker strip poker poker chips party poker play poker video poker poker game free poker poker room internet poker online poker game free online poker texas holdem poker online poker rooms sex chat online sex chat free sex chat sex chat rooms live sex chat free sex chat rooms live sex cam chat free live sex chat sex video chat online dating services dating services dating site online dating internet dating free dating adult dating online dating service free online dating free dating site dating web site gay dating adult dating services online asian dating sex dating lesbian dating dating personals free dating services swingers adult swingers swinger club swingers sex swinger party mature swingers swinger story buy vibrator onlinr rabbit vibrator dildo vibrator anal vibrator vibrator orgasm clitoral vibrator sex toys sex vibrator sex toy vibrator lesbian vibrator escort services escort services male escort gay escort las vegas escort female escort toronto escort sexy lingerie sexy plus size lingerie sexy lingerie model womens sexy lingerie hot sexy lingerie sexy lingerie pic sex toy adult sex toy homemade sex toy sex toy party sex toy for man woman sex toy gay sex toy anal sex toy play online poker online poker strip poker poker chips party poker play poker video poker poker game free poker poker room internet poker online poker game free online poker texas holdem poker online poker rooms swingers adult swingers swinger club swingers sex swinger party mature swingers swinger story play online slots online slots slot machine free slot online slot play slot slot game free slot game free online slot free slot machine slot car antique slot machine play free slot progressive slot play free slot machine free slot no download video slot free slot machine game slim slot slot machine game online slot machine bonus slot free online slot game sim slot play slot machine play free slot game slot machine secret video slot machine free video slot machine vibrator rabbit vibrator dildo vibrator anal vibrator vibrator orgasm clitoral vibrator sex toys sex vibrator sex toy vibrator lesbian vibrator adult swingers swinger club swingers sex swinger party mature swingers swinger story amateur swingers swinger pic vibrator rabbit vibrator dildo vibrator anal vibrator vibrator orgasm clitoral vibrator sex toys sex vibrator sex toy vibrator lesbian vibrator play online slots slot machine free slot online slot play slot slot game free slot game free online slot free slot machine slot car antique slot machine play free slot progressive slot play free slot machine free slot no download video slot free slot machine game slim slot slot machine game online slot machine bonus slot free online slot game sim slot play slot machine play free slot game slot machine secret video slot machine free video slot machine play online poker online poker strip poker poker chips party poker play poker play video poker poker game play free poker poker room internet poker online poker game free online poker texas holdem poker online poker rooms texas hold em poker play online poker play holdem poker online free poker game party poker bonus free strip poker online video poker play online slots online slots slot machine free slot online slot play slot slot game free slot game free online slot free slot machine slot car antique slot machine play free slot progressive slot play free slot machine free slot no download video slot free slot machine game slim slot slot machine game online slot machine bonus slot free online slot game sim slot play slot machine play free slot game slot machine secret video slot machine free video slot machine