Class SpamFilter

  • All Implemented Interfaces:
    PageFilter

    public class SpamFilter
    extends BasePageFilter
    This is Herb, the JSPWiki spamfilter that can also do choke modifications. Parameters:
    • wordlist - Page name where the spamword regexps are found. Use [{SET spamwords='regexp list separated with spaces'}] on that page. Default is "SpamFilterWordList".
    • IPlist - Page name where the IP regexps are found. Use [{SET ips='regexp list separated with spaces'}] on that page. Default is "SpamFilterIPList".
    • maxpagenamelength - Maximum page name length. Default is 100.
    • blacklist - The name of an attachment containing the list of spam patterns, one per line. Default is "SpamFilterWordList/blacklist.txt"
    • errorpage - The page to which the user is redirected. Has a special variable $msg which states the reason. Default is "RejectedMessage".
    • pagechangesinminute - How many page changes are allowed/minute. Default is 5.
    • similarchanges - How many similar page changes are allowed before the host is banned. Default is 2. (since 2.4.72)
    • bantime - How long an IP address stays on the temporary ban list (default is 60 for 60 minutes).
    • maxurls - How many URLs can be added to the page before it is considered spam (default is 5)
    • akismet-apikey - The Akismet API key (see akismet.org)
    • ignoreauthenticated - If set to "true", all authenticated users are ignored and never caught in SpamFilter
    • captcha - Sets the captcha technology to use. Current allowed values are "none" and "asirra".
    • strategy - Sets the filtering strategy to use. If set to "eager", will stop at the first probable match, and won't consider any other tests. This is the default, as it's considerably lighter. If set to "score", will go through all of the tests and calculates a score for the spam, which is then compared to a filter level value.

    Please see the default editors/plain.jsp for examples on how the SpamFilter integrates with the editor system.

    Changes by admin users are ignored in any case.

    Since:
    2.1.112
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String PROP_AKISMET_API_KEY
      The filter property name for specifying the Akismet API-key.
      static java.lang.String PROP_ALLOWED_GROUPS
      The filter property name for specifying groups allowed to bypass the spam filter.
      static java.lang.String PROP_BANTIME
      The filter property name for specifying how long a host is banned.
      static java.lang.String PROP_BLACKLIST
      The filter property name for the attachment containing the blacklist.
      static java.lang.String PROP_CAPTCHA
      The filter property name for specifying which captcha technology should be used.
      static java.lang.String PROP_ERRORPAGE
      The filter property name for the page to which you are directed if Herb rejects your edit.
      static java.lang.String PROP_FILTERSTRATEGY
      The filter property name for specifying which filter strategy should be used.
      static java.lang.String PROP_IGNORE_AUTHENTICATED
      The filter property name for specifying whether authenticated users should be ignored.
      static java.lang.String PROP_IPLIST
      The filter property name for specifying the page which contains the list of IPs to ban.
      static java.lang.String PROP_MAX_PAGENAME_LENGTH
      The filter property name for specifying the maximum page name length.
      static java.lang.String PROP_MAXURLS
      The filter property name for specifying how many URLs can any given edit contain.
      static java.lang.String PROP_PAGECHANGES
      The filter property name for specifying how many changes is any given IP address allowed to do per minute.
      static java.lang.String PROP_SIMILARCHANGES
      The filter property name for specifying how many similar changes are allowed before a host is banned.
      static java.lang.String PROP_WORDLIST
      The filter property name for specifying the page which contains the list of spamwords.
      static java.lang.String STRATEGY_EAGER
      The string specifying the "eager" strategy.
      static java.lang.String STRATEGY_SCORE
      The string specifying the "score" strategy.
    • Constructor Summary

      Constructors 
      Constructor Description
      SpamFilter()  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean checkHash​(Context context, javax.servlet.jsp.PageContext pageContext)
      This method checks if the hash value is still valid, i.e. if it exists at all.
      static java.lang.String getBotFieldName()
      Returns a static string which can be used to detect spambots which just wildly fill in all the fields.
      static java.lang.String getHashFieldName​(javax.servlet.http.HttpServletRequest request)
      Returns the name of the hash field to be used in this request.
      static java.lang.String getSpamHash​(Page page, javax.servlet.http.HttpServletRequest request)
      This method is used to calculate an unique code when submitting the page to detect edit conflicts.
      void initialize​(Engine engine, java.util.Properties properties)
      If you override this, you should call super.initialize() first.
      static java.lang.String insertInputFields​(javax.servlet.jsp.PageContext pageContext)
      This helper method adds all the input fields to your editor that the SpamFilter requires to check for spam.
      boolean isValidUserProfile​(Context context, UserProfile profile)
      Checks whether the UserProfile matches certain checks.
      java.lang.String preSave​(Context context, java.lang.String content)
      This method is called before the page has been saved to the PageProvider.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • PROP_WORDLIST

        public static final java.lang.String PROP_WORDLIST
        The filter property name for specifying the page which contains the list of spamwords. Value is "wordlist".
        See Also:
        Constant Field Values
      • PROP_IPLIST

        public static final java.lang.String PROP_IPLIST
        The filter property name for specifying the page which contains the list of IPs to ban. Value is "IPlist".
        See Also:
        Constant Field Values
      • PROP_ERRORPAGE

        public static final java.lang.String PROP_ERRORPAGE
        The filter property name for the page to which you are directed if Herb rejects your edit. Value is "errorpage".
        See Also:
        Constant Field Values
      • PROP_PAGECHANGES

        public static final java.lang.String PROP_PAGECHANGES
        The filter property name for specifying how many changes is any given IP address allowed to do per minute. Value is "pagechangesinminute".
        See Also:
        Constant Field Values
      • PROP_SIMILARCHANGES

        public static final java.lang.String PROP_SIMILARCHANGES
        The filter property name for specifying how many similar changes are allowed before a host is banned. Value is "similarchanges".
        See Also:
        Constant Field Values
      • PROP_BANTIME

        public static final java.lang.String PROP_BANTIME
        The filter property name for specifying how long a host is banned. Value is "bantime".
        See Also:
        Constant Field Values
      • PROP_BLACKLIST

        public static final java.lang.String PROP_BLACKLIST
        The filter property name for the attachment containing the blacklist. Value is "blacklist".
        See Also:
        Constant Field Values
      • PROP_MAXURLS

        public static final java.lang.String PROP_MAXURLS
        The filter property name for specifying how many URLs can any given edit contain. Value is "maxurls"
        See Also:
        Constant Field Values
      • PROP_IGNORE_AUTHENTICATED

        public static final java.lang.String PROP_IGNORE_AUTHENTICATED
        The filter property name for specifying whether authenticated users should be ignored. Value is "ignoreauthenticated".
        See Also:
        Constant Field Values
      • PROP_ALLOWED_GROUPS

        public static final java.lang.String PROP_ALLOWED_GROUPS
        The filter property name for specifying groups allowed to bypass the spam filter. Value is "jspwiki.filters.spamfilter.allowedgroups".
        See Also:
        Constant Field Values
      • PROP_CAPTCHA

        public static final java.lang.String PROP_CAPTCHA
        The filter property name for specifying which captcha technology should be used. Value is "captcha".
        See Also:
        Constant Field Values
      • PROP_FILTERSTRATEGY

        public static final java.lang.String PROP_FILTERSTRATEGY
        The filter property name for specifying which filter strategy should be used. Value is "strategy".
        See Also:
        Constant Field Values
    • Method Detail

      • initialize

        public void initialize​(Engine engine,
                               java.util.Properties properties)
        If you override this, you should call super.initialize() first. Is called whenever the a new PageFilter is instantiated and reset.
        Specified by:
        initialize in interface PageFilter
        Overrides:
        initialize in class BasePageFilter
        Parameters:
        engine - The Engine which owns this PageFilter
        properties - The properties ripped from filters.xml.
      • preSave

        public java.lang.String preSave​(Context context,
                                        java.lang.String content)
                                 throws RedirectException
        This method is called before the page has been saved to the PageProvider.
        Parameters:
        context - The WikiContext
        content - The wikimarkup that the user just wanted to save.
        Returns:
        The modified wikimarkup. Default implementation returns the markup as received.
        Throws:
        RedirectException
      • getBotFieldName

        public static java.lang.String getBotFieldName()
        Returns a static string which can be used to detect spambots which just wildly fill in all the fields.
        Returns:
        A string
      • isValidUserProfile

        public boolean isValidUserProfile​(Context context,
                                          UserProfile profile)
        Checks whether the UserProfile matches certain checks.
        Parameters:
        profile - The profile to check
        context - The WikiContext
        Returns:
        False, if this userprofile is suspect and should not be allowed to be added.
        Since:
        2.6.1
      • getSpamHash

        public static java.lang.String getSpamHash​(Page page,
                                                   javax.servlet.http.HttpServletRequest request)
        This method is used to calculate an unique code when submitting the page to detect edit conflicts. It currently incorporates the last-modified date of the page, and the IP address of the submitter.
        Parameters:
        page - The WikiPage under edit
        request - The HTTP Request
        Returns:
        A hash value for this page and session
        Since:
        2.6
      • getHashFieldName

        public static java.lang.String getHashFieldName​(javax.servlet.http.HttpServletRequest request)
        Returns the name of the hash field to be used in this request. The value is unique per session, and once the session has expired, you cannot edit anymore.
        Parameters:
        request - The page request
        Returns:
        The name to be used in the hash field
        Since:
        2.6
      • checkHash

        public static boolean checkHash​(Context context,
                                        javax.servlet.jsp.PageContext pageContext)
                                 throws java.io.IOException
        This method checks if the hash value is still valid, i.e. if it exists at all. This can occur in two cases: either this is a spam bot which is not adaptive, or it is someone who has been editing one page for too long, and their session has expired.

        This method puts a redirect to the http response field to page "SessionExpired" and logs the incident in the spam log (it may or may not be spam, but it's rather likely that it is).

        Parameters:
        context - The WikiContext
        pageContext - The JSP PageContext.
        Returns:
        True, if hash is okay. False, if hash is not okay, and you need to redirect.
        Throws:
        java.io.IOException - If redirection fails
        Since:
        2.6
      • insertInputFields

        public static java.lang.String insertInputFields​(javax.servlet.jsp.PageContext pageContext)
        This helper method adds all the input fields to your editor that the SpamFilter requires to check for spam. This must be in your editor form if you intend to use the SpamFilter.
        Parameters:
        pageContext - The PageContext
        Returns:
        A HTML string which contains input fields for the SpamFilter.