Wiki source for SecurityModules


Show raw source

=====Wikka Security Modules=====

>>**see also:**
~-WikkaSpamFighting

''Where 'Related user contributions' are mentioned, this is for informational purposes, referring to them for valuable ideas or possible solutions - there is no implied guarantee that these would be included in a future version of Wikka. However, if ideas or code from these were to be used, the authors would of course be credited for their contribution.''
>>This page collects links to security-related functionality under development; this comprises both anti-spam measures and other security features. The goal is to monitor and discuss the development of what might become an improved "security" package to release with future versions of WikkaWiki.::c::
====Access Control====
''Current release: 1.1.6.0''
//The first line of defense for access control would be firewall rules; this is outside the scope of Wikka though - and hence of this page.//

===Files===
##[[Docs:HtaccessConfigInfo | .htaccess]]##
##[[AclHandlerInfo | handlers/page/acls.php]]##

===Current features===
~-site level:
~~-stop referrer spam by keyword matching on the referrer URL (##.htaccess##)
~-page level:
~~-page ownership (page owner determines ACLs; admin rights exceed rights of page owner)
~~-separate Access Control Lists (ACLs) for reading, writing and commenting a page (admin rights exceed these)

==Beta Features==
~-site level:
~~-deny access by IP address (##.htaccess##) (''version: -'')

===To do or under development===
~-utility to create/update referrer spam keywords in ##.htaccess## (possibly based on referrers to be banned - see ""<a href="SecurityModules#hn_Beta_Features_3">AdvancedReferrersHandler</a>"")
~-functionality to add/update IP addresses to ban referrers or users in ##.htaccess## (now manual only - see also ""<a href="SecurityModules#hn_To_do_or_under_development_24">Users - To do</a>"")
~-facility to ban access by IP address in Wikka itself (as an option when ##.htaccess## cannot be used)
~-for denying access by IP address, see also ""<a href="SecurityModules#hn_To_do_or_under_development_19">Content - To do</a>""

==Related user contributions==
//none//


====Referrers====
''Current release: 1.1.6.0''

===Files===
##[[ReferrersHandlerInfo | handlers/page/referrers.php]]##
##[[ReferrersHandlerInfo | handlers/page/referrers_sites.php]]##
##[[ReferrersHandlerInfo | handlers/page/delete_referrer.php]]##
##[[ReferrersHandlerInfo | handlers/page/review_blacklist.php]]##

===Current features===
~-view referrers or referrer domains for page or for site
~-blacklist a referrer domain
~-review blacklisted domains
~-delete domain from blacklist

==Beta Features==
~-AdvancedReferrersHandler (''version: 0.8'')
~~-##[[AdvancedReferrersHandler | handlers/page/referrers.php]]## - new, advanced referres handling with searching and filtering as well as an accessible form and results table (and more secure as well); obsoletes ##handlers/page/referrers_sites.php##
~~-##[[AdvancedReferrersHandler | handlers/page/review_blacklist.php]]## - review blacklisted domains, seamlessly integrated with referrers handling, more accessible and secure
~~-##[[AdvancedReferrersHandler | handlers/page/delete_referrer.php]]## - blacklist a referrer domain, more secure and better integrated with referrers handler
~-RegisterReferrerIpAddress (//to be documented// - ''version: -'')
~~-IP logging for the referrer

===To do or under development===
<<see also: HandlingReferrers<<::c::
~-show recorded IP address in referrers list and allow filtering and searching on this
~-use blacklisted domains as source to build keyword filter list in ##.htaccess##
~-use recorded IP address of referrer spammer to build IP filter list in ##.htaccess## (see also ""<a href="SecurityModules#hn_To_do_or_under_development">Access control - To do</a>"")

==Related user contributions==
//none//


====Search Engines====
''Current release: 1.1.6.0''

===Files===
##[[Docs:WikkaSystemFiles | actions/header.php]]##

===Current features===
~-""<a href="WikkaSpamFighting#hn_Dont_let_old_pages_get_indexed">Don't let old pages get indexed</a>"": old page versions, referrers listings and the sandbox all get a ##<meta name="robots" content="noindex, nofollow, noarchive" />## tag to tell Search engine robots to completely ignore the page

==Beta Features==
//none//

===To do or under development===
~-(optionally) add the //rel="nofollow"// special attribute to external links so (cooperating) search engine bots will not count these as incoming links for the referred-to page
~-whitelisting of 'good' domains which will not get this attribute
~-facility to maintain such a whitelist (admin-only page or plain text file)

==Related user contributions==
~-""<a href="WikkaSpamFighting#hn_Refining_Redirection_nofollow_modification_for_links">Refining Redirection / nofollow modification for links</a>"" (IanAndolina)


====Email spambots and email spam====
''Current release: //none//''

===Files===
//none//

===Current features===
//none//

==Beta Features==
//none//

===To do or under development===
~-the BadBehavior plugin can stop known spambots or detect them by observed behavior
~-where an email address or email link must be displayed, make sure the email address is obfuscated (as strongly as possible)

==Related user contributions==
~-apply ""<a href="WikkaSpamFighting#hn_Adding_Random_Tokens_for_Form_Submissions">random tokens</a>"" to the FeedbackAction form (in ##[[FeedbackAction | actions/feedback.php]]##) so a user must at least be "present" on the site (and have accepted a cookie to establish a session) in order to be able to send feedback (IanAndolina)


====Content====
''Current version: //none//''

===Files===
//none//

===Current features===
//none//

==Beta Features==
~-[[UrlThrottling | URLThrottling]] (//to be documented//) (''version: -'')
~~-##[[EditHandler | handlers/page/edit.php]]##--- limits the number of (new) URLs that can be added to a page; if there are more (new) links than the set limit the user gets a friendly warning but the edit is not accepted.
~~-##[[AddCommentHandler | handlers/page/addcomment.php]]##--- limits the number of (new) URLs that can be included in a page comment; if there are more (new) links than the set limit the user gets a friendly warning but the edit is not accepted.

===To do or under development===
~-make the limits for URLThrottling configurable via the configuration file (currently hard-coded)
~-record User name or IP address of people exceeding the URLThrottling limit
~-(maybe) make the applied limits a random value within a range so a spammer cannot easily find the actual limit by trial and error
~-extra column 'userip' in ##pages## table
~-extra column 'userip' in ##comments## table
~-log IP address used for every page edit (see also ""<a href="SecurityModules#hn_To_do_or_under_development">Access control - To do </a>"")
~-log IP address for every comment added (see also ""<a href="SecurityModules#hn_To_do_or_under_development">Access control - To do </a>"")

==Related user contributions==
~-DeleteSpamAction (MovieLady) (//needs some refinement//)
~-""<a href="WikkaSpamFighting#hn_Spam_Block_for_Saving_pages">Spam Block for Saving pages</a>"" (IanAndolina) (//should be extended with a facility to maintain the blacklist//)


====Users====
''Current release: //none//''

===Files===
//none//

===Current features===
//none//

==Beta Features==
~-RegisterUserIpAddress (//to be documented//) (''version: -''):--- IP logging at user registration in ##[[UserSettings | actions/usersettings.php]]## using extra column in ##users## table.---Although it's rare, it does happen that people sign up for an account just to be able to put spam on ACL-protected pages. Although banning the user access by username would be preferable to banning by IP address, it remains possible the same person signs up for a new account. By logging IP address at registration, as well as for each page edit and comment addition (see ""<a href="SecurityModules#hn_To_do_or_under_development_19">Content - To do</a>"") IP banning becomes possible as a last-resort option to ban spamming registered users (especially if the same IP address is used to register after banning and this "new" user spams again using the same IP address).

===To do or under development===
~-extra column "status" in ##users## table ('active|disabled|banned')
~-functionality to ban user by name
~-functionality to add/update IP addresses to ban user by IP in ##.htaccess## (now manual only - see also ""<a href="SecurityModules#hn_To_do_or_under_development">Access control - To do</a>"" and ""<a href="SecurityModules#hn_To_do_or_under_development_19">Content - To do</a>"")

==Related user contributions==
//none//


----
CategoryDevelopmentSecurity CategoryDevelopmentAntiSpam
CategoryDevelopmentArchitecture CategoryDevelopmentActions CategoryDevelopmentHandlers
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki