that looks a useful enhancement to me. Could you provide patches for that ?
Another improvement I was thinking about is enhancing the SpamFilter with a SpamFilterIPList (beside the already existing SpamFilterWordList). This should allow you to have a wikipage listing the IP addresses (regexes) to ban. regards, Harry On 3 February 2016 at 21:44, Ichiro Furusato <ichiro.furus...@gmail.com> wrote: > Hi Harry, > > A note out of the blue perhaps, but at one point I modified one of our > PageProviders to have a simple admin flag that if set kept pages from > being saved. It was used in emergencies of the sort you've mentioned. > > It could be added to the API and provided with an additional isLocked() > method to permit JSPs to post a notice that the wiki has been locked > down. Given most wikis are run on a shoestring or no budget at all I > felt this was a reasonable approach. > > Cheers, > > Ichiro > > On Wed, Feb 3, 2016 at 10:23 PM, Harry Metske <harry.met...@gmail.com> > wrote: > > > Hi all, > > > > yesterday we received a lot of spam on https://jspwiki-wiki.apache.org. > > Hundreds of spam pages were created, and also many existing pages were > > updated with spam. Eventually it also OOMed the JVM. > > Spammer is coming from multiple IP addresses and used many (just created) > > wiki accounts, our SpamFilter does not handle this. > > > > We tried to stop this in an elegant way, but given our limited time we > > have, we had to take drastic measures to stop the spammer. > > > > * We changed the security policy so that only Admin users can > create/update > > pages. > > * We restored all pages from a backup of yesterday (2016-02-02 06:41) > > * deleted all jspwiki userids that were created since this timestamp > > * recycled tomcat > > > > We will keep this configuration for a couple of days and think about > > further steps on how to proceed. > > > > If you have made page changes after the backup timestamp and you > definitely > > want these changes in, drop us a mail. > > Other comments are welcome too. > > > > kind regards, > > Harry > > >
