Hi Harry, Sorry, but I don't have access to the code anymore for that, and it was a proprietary extension to the WikiPageProvider so it wouldn't have fit into the trunk anyway. But it was almost trivial. All I did was add a boolean 'locked' flag and interjected a check for that in the #putPageGext(WikiPage,String) method, the only method that generally gets called that's not a administrator method.
If the flag was false the method simply exited. As I mentioned I also provided a #isLocked() method that I then called in the JSPs to note that the wiki is locked. You could implement this in the AbstractFileProvider class if you only wanted it to affect those providers, but there wasn't/isn't really a provider-universal way I can think of. It was admittedly a bit of an emergency hack. Ichiro On Thu, Feb 4, 2016 at 10:02 PM, Harry Metske <harry.met...@gmail.com> wrote: > that looks a useful enhancement to me. Could you provide patches for that ? > > Another improvement I was thinking about is enhancing the SpamFilter with a > SpamFilterIPList (beside the already existing SpamFilterWordList). This > should allow you to have a wikipage listing the IP addresses (regexes) to > ban. > > regards, > Harry > > > On 3 February 2016 at 21:44, Ichiro Furusato <ichiro.furus...@gmail.com> > wrote: > > > Hi Harry, > > > > A note out of the blue perhaps, but at one point I modified one of our > > PageProviders to have a simple admin flag that if set kept pages from > > being saved. It was used in emergencies of the sort you've mentioned. > > > > It could be added to the API and provided with an additional isLocked() > > method to permit JSPs to post a notice that the wiki has been locked > > down. Given most wikis are run on a shoestring or no budget at all I > > felt this was a reasonable approach. > > > > Cheers, > > > > Ichiro > > > > On Wed, Feb 3, 2016 at 10:23 PM, Harry Metske <harry.met...@gmail.com> > > wrote: > > > > > Hi all, > > > > > > yesterday we received a lot of spam on https://jspwiki-wiki.apache.org > . > > > Hundreds of spam pages were created, and also many existing pages were > > > updated with spam. Eventually it also OOMed the JVM. > > > Spammer is coming from multiple IP addresses and used many (just > created) > > > wiki accounts, our SpamFilter does not handle this. > > > > > > We tried to stop this in an elegant way, but given our limited time we > > > have, we had to take drastic measures to stop the spammer. > > > > > > * We changed the security policy so that only Admin users can > > create/update > > > pages. > > > * We restored all pages from a backup of yesterday (2016-02-02 06:41) > > > * deleted all jspwiki userids that were created since this timestamp > > > * recycled tomcat > > > > > > We will keep this configuration for a couple of days and think about > > > further steps on how to proceed. > > > > > > If you have made page changes after the backup timestamp and you > > definitely > > > want these changes in, drop us a mail. > > > Other comments are welcome too. > > > > > > kind regards, > > > Harry > > > > > >
