Feature Proposal: comment plugin

Motivation

very easy and simple twiki spam countermeasure

Description

I simply count the number of occurrences of the string "http" in a new post for the comment plugin. if this count exceeds 5 (currently hard coded, but this would be very easy to customize or generalize, e.g., using a site-wide twiki preferences variable), then the new post is cruely ignored.

thanks for considering this "feature" request...

-- DanielDeCock - 11 Oct 2005

Impact and Available Solutions

Note: Patch is attached as https://twiki.org/p/pub/Codev/CommentPlugin/twiki-foo-bar-patch.diff. The patch is against the TWikiAlphaRelease of 15 Feb 2004.

Documentation

If necessary, user documentation of new features introduced by this proposal.

Examples

Example uses of features introduced by proposal.

Implementation

I use the diff below.

Note that line 254 refers to a suggestion I posted earlier to escape out all the % signs in new posts, as they introduce a security risk, e.g., by including whatever file one would like...

=====================================

diff -bruN ~/twiki/sav/lib/TWiki/Plugins/CommentPlugin/Comment.pm ~/lib/TWiki/Plugins/CommentPlugin/Comment.pm

--- /home/twiki/sav/lib/TWiki/Plugins/CommentPlugin/Comment.pm 2004-10-27 00:17:14.000000000 +0200

+++ /home/twiki/lib/TWiki/Plugins/CommentPlugin/Comment.pm 2005-10-11 08:20:50.000000000 +0200

@@ -254,12 +254,16 @@

my @t = gmtime();

my $now = sprintf( "%02d:%02d:%02d", $t[2], $t[1], $t[0] );

$output =~ s/%TIME%/$now/go;

+ $output =~ s/%/%/go;

my $bloody_hell = TWiki::Func::readTopicText( $web, $topic, undef, 1 );

my $premeta = "";

my $postmeta = "";

my $inpost = 0;

my $text = "";

+ my $count = 0;

+ $count++ while $output =~ /http/g;

+ if ( $count < 5 ) {

foreach my $line ( split( /\n/, $bloody_hell )) {

if( $line =~ /^(%META:[^{]+{[^}]*}%)/ ) {

if ( $inpost) {

@@ -272,6 +276,7 @@

$inpost = 1;

}

}

+ }

if ( $position eq "TOP" ) {

$text = "$output$text";

=====================================

Discussion:

see also http://svn.twiki.org/svn/twiki/branches/DEVELOP/twikiplugins/AntiWikiSpamPlugin/data/TWiki/AntiWikiSpamPlugin.txt

which is currently only written for DakarRelease

-- SvenDowideit - 11 Oct 2005

I have already seen many wiki spam in the previous months, and they typically consist of (too) many references to "http"... I believe "my" suggestion would have prevented the insertion of all of the spams that have been injected into my pages...

-- DanielDeCock - 11 Oct 2005

yes, is the original experience of the other wiki's and blogging systems too, but once the restrictions such as yours get put in place, the attacks change to accomodate. This is why Thomas of MoinMoin started this more complex initiative

-- SvenDowideit - 11 Oct 2005

It's always a good idea to fight spam. However I think this is more generally handled by things like BlackListPlugin. I'd rather not bloat the Comment plugin.

CC