====== Blacklisting ======

The internet isn't the place it used to be anymore. Everything good gets corrupted and so it is with Wikis. [[meatball>WikiSpam]], like Spam in blogs and email, is on the rise. If you use [[DokuWiki]] in your Intranet this is no problem for you. But if you intend to use it on the open Internet you may want to blacklist some known Spam words.

For using a blacklist in DokuWiki enable the ''$conf['usewordblock'] = 1;'' option in ''conf/local.php'' (by default it is set to 1) and edit the ''conf/wordblock.local.conf'' file. You can have a look inside the file ''conf/wordblock.conf'' for a list of existing word blocks. The file contains [[wp>Regular Expressions]] (Perl compatible) if any of these match saving is disallowed.

IP based blocking can be done using Apache's [[http://httpd.apache.org/docs/mod/mod_access.html#deny|deny from]] directives or the [[plugin:ipban]] plugin.

To understand why a certain text was banned for spam, you can use the [[plugin:whyspam]] plugin to analyze the text.

===== Blacklist Sources =====

Updating the blacklist from a public source through a daily cronjob is recommended, here is a list of sources you can use to do so.

==== Chongqed ====

The blacklist maintained by the folks at [[http://chongqed.org/|chongqed.org]] seems no longer to be available

  $> wget http://blacklist.chongqed.org/ -O conf/wordblock.conf

==== Wikipedia ====

The nice people at Wikipedia maintain a [[wpmeta>Spam_blacklist|similar blacklist]]. You can use the following command for updating your blacklist from this source:

  $> curl http://meta.wikimedia.org/wiki/Spam_blacklist?action=raw |grep -v '<pre>' > conf/wordblock.conf
===== Logging of blocked Attacks =====

This small change makes it possible to log blocked attacks in \DATA\meta\wordblock.log and can also be used for block lists debugging.\\
But need a modification of a original DokuWiki file.


**File:**
\inc\common.php

**Search Line:**
<code php>
function checkwordblock($text=''){
[...]
   if(count($re) && preg_match('#('.join('|',$re).')#si',$text,$matches)) {
      // prepare event data
      $data['matches'] = $matches;
      $data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR'];
[...]
</code>

**Change it to:**
<code php>
function checkwordblock($text=''){
[...]
    if(count($re) && preg_match('#('.join('|',$re).')#si',$text,$matches)) {
       // prepare event data       
       io_saveFile($conf['metadir'].'/wordblock.log', strftime($conf['dformat'])."\t".$matches[0]."\t".$ID.$_SERVER['REMOTE_USER']."\t".$_SERVER['REMOTE_ADDR'].":".$_SERVER['SERVER_PORT']."\t".gethostbyaddr($_SERVER['REMOTE_ADDR'])."\t".$_SERVER['HTTP_USER_AGENT']."\n", true);
      
      $data['matches'] = $matches;
      $data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR'];
[...]
</code>