Class SpamFilter

All Implemented Interfaces:
PageFilter

public class SpamFilter extends BasePageFilter
This is Herb, the JSPWiki spamfilter that can also do choke modifications. Parameters:
  • wordlist - Page name where the spamword regexps are found. Use [{SET spamwords='regexp list separated with spaces'}] on that page. Default is "SpamFilterWordList".
  • IPlist - Page name where the IP regexps are found. Use [{SET ips='regexp list separated with spaces'}] on that page. Default is "SpamFilterIPList".
  • maxpagenamelength - Maximum page name length. Default is 100.
  • blacklist - The name of an attachment containing the list of spam patterns, one per line. Default is "SpamFilterWordList/blacklist.txt"
  • errorpage - The page to which the user is redirected. Has a special variable $msg which states the reason. Default is "RejectedMessage".
  • pagechangesinminute - How many page changes are allowed/minute. Default is 5.
  • similarchanges - How many similar page changes are allowed before the host is banned. Default is 2. (since 2.4.72)
  • bantime - How long an IP address stays on the temporary ban list (default is 60 for 60 minutes).
  • maxurls - How many URLs can be added to the page before it is considered spam (default is 5)
  • akismet-apikey - The Akismet API key (see akismet.org)
  • ignoreauthenticated - If set to "true", all authenticated users are ignored and never caught in SpamFilter
  • captcha - Sets the captcha technology to use. Current allowed values are "none" and "asirra".
  • strategy - Sets the filtering strategy to use. If set to "eager", will stop at the first probable match, and won't consider any other tests. This is the default, as it's considerably lighter. If set to "score", will go through all of the tests and calculates a score for the spam, which is then compared to a filter level value.

Please see the default editors/plain.jsp for examples on how the SpamFilter integrates with the editor system.

Changes by admin users are ignored in any case.

Since:
2.1.112
  • Field Details

  • Constructor Details

  • Method Details

    • initialize

      public void initialize(Engine engine, Properties properties)
      Specified by:
      initialize in interface PageFilter
      Overrides:
      initialize in class BasePageFilter
    • preSave

      public String preSave(Context context, String content) throws RedirectException
      Throws:
      RedirectException
    • getBotFieldName

      public static String getBotFieldName()
      Returns a static string which can be used to detect spambots which just wildly fill in all the fields.
      Returns:
      A string
    • isValidUserProfile

      public boolean isValidUserProfile(Context context, UserProfile profile)
      Checks whether the UserProfile matches certain checks.
      Parameters:
      profile - The profile to check
      context - The WikiContext
      Returns:
      False, if this userprofile is suspect and should not be allowed to be added.
      Since:
      2.6.1
    • getSpamHash

      public static String getSpamHash(Page page, javax.servlet.http.HttpServletRequest request)
      This method is used to calculate an unique code when submitting the page to detect edit conflicts. It currently incorporates the last-modified date of the page, and the IP address of the submitter.
      Parameters:
      page - The WikiPage under edit
      request - The HTTP Request
      Returns:
      A hash value for this page and session
      Since:
      2.6
    • getHashFieldName

      public static String getHashFieldName(javax.servlet.http.HttpServletRequest request)
      Returns the name of the hash field to be used in this request. The value is unique per session, and once the session has expired, you cannot edit anymore.
      Parameters:
      request - The page request
      Returns:
      The name to be used in the hash field
      Since:
      2.6
    • checkHash

      public static boolean checkHash(Context context, javax.servlet.jsp.PageContext pageContext) throws IOException
      This method checks if the hash value is still valid, i.e. if it exists at all. This can occur in two cases: either this is a spam bot which is not adaptive, or it is someone who has been editing one page for too long, and their session has expired.

      This method puts a redirect to the http response field to page "SessionExpired" and logs the incident in the spam log (it may or may not be spam, but it's rather likely that it is).

      Parameters:
      context - The WikiContext
      pageContext - The JSP PageContext.
      Returns:
      True, if hash is okay. False, if hash is not okay, and you need to redirect.
      Throws:
      IOException - If redirection fails
      Since:
      2.6
    • insertInputFields

      public static String insertInputFields(javax.servlet.jsp.PageContext pageContext)
      This helper method adds all the input fields to your editor that the SpamFilter requires to check for spam. This must be in your editor form if you intend to use the SpamFilter.
      Parameters:
      pageContext - The PageContext
      Returns:
      A HTML string which contains input fields for the SpamFilter.