AntiSpam Tool Application

Last modified by Vincent Massol on 2024/01/01 00:13

cogVarious tools to help fight spam
Developed by

Vincent Massol

Active Installs15
2 Votes
LicenseGNU Lesser General Public License 2.1

XWiki 6.4+

Installable with the Extension Manager


Help fighting spam by locating and removing spam pages (Spam Cleaning) and preventing new spam from being added to the wiki (Spam Checking).

Spam Cleaning


  • Show latest events from the Event Stream
  • Ability to find and delete revisions from pages containing a given keyword + all authors + all pages from these authors + Event Stream from these authors
  • Ability to find and delete revisions from pages authored by a given user
  • Ability to run the Spam Checker on each matching page to verify if the page would pass or not the Spam Checker (see below for more information on the Spam Checker)
  • Checks all revisions of the matching pages found and removes all revisions authored by one the authors found during the search. If no revisions remain, then delete the page.
  • 1.8+ Ability to filter and delete Event Stream events
  • 1.8+ Ability to delete inactive users
  • 1.9+ Protected users are never considered spammers and are not cleaned or deleted. A protected user is a user belonging to a known user or a known group or an Admin of the wiki or an admin of a page with spam.

To use the Spam Cleaner, click on the "AntiSpam" icon in the Applications Panel:


Home page:


Searching for a spam keyword:


Testing if the found pages match defined spam keywords (this allows you to tune your Keywords page before cleaning the page):


Confirm deletion of pages:




Spam Checking


  • Check for spam content when saving pages. A page is considered as spam in the following conditions:
    • It contains one of the defined spam keywords/sentences blacklist. See below.
    • The IP of the user making the change is contained in a blacklist of IPs.
  • When a page update is found to contain spam the following happens:
    • Cancels saving the page if it contains spam and display an error.
    • The XWiki user is made inactive
    • The IP of the user is added to a list of banned IPs, thus preventing any further edits from that user
    • The disabled user is added to a list of disabled users
  • Ability to exclude some spaces from being checked for spam
  • 1.6+ Logs of all spam checks that led to capturing some spam user are logged in AntiSpam.Logs

The configuration data and banned IPs and banned users can be accessed from the home page of the application:


And here's what happens when a matching spam keyword is found when saving a page (in the future we'll improve the L&F):


Event Stream

It's possible to filter out the following in the Event Stream:

  • 1.8+ Known users (users from the known users list, users belonging to known group, global Admins and wiki Admins)
  • 1.8+ User profile pages
  • 1.9+ Playground wikis (currently hardcoded to playground and xclams. In the future, this will be merged with the Excludes list using regexes)
  • 1.9+ Antispam pages (currently any last space named AntiSpam)
  • 1.9+ Non create events (i.e. display only create events to more easily locate new spam pages)
  • 1.9+ Specific wikis by adding wikis=(comma-separated list of wiki ids) to the URL query string. This is experimental at the moment and may be replaced by another mechanism in the future.

1.8+ Events can also be deleted one by one.


1.9+ It's also possible to skip events by specifying an offset by adding offset=(value) to the URL query string. This is experimental at the moment and may be replaced by another mechanism in the future.

Inactive Users

It's possible to remove inactive users. An inactive user is a user matching the following criteria:

  • 1.8+ Protected users cannot be considered inactive.
  • 1.8+ Its profile page has not been modified for the past 30 days. This allows to exclude users who created their profile page in the past 30 days.
  • 1.11+ There's no event coming from the user, outside of events for the user profile page. Be careful that if events were deleted/cleaned, a user who was active in the past may be considered inactive because of this.
    • 1.8+ It used to be: There's no event coming from the user, ever (since the events were recorded). Be careful that if events were deleted/cleaned, a user who was active in the past may be considered inactive because of this.
  • 1.8+ The profile page doesn't contain any xobject of type XWiki.OIDC.ConsentClass which are added when a user logs on a software authenticating against xwiki. The reason is that we could imagine a user creating a user account on this wiki just to benefit from the authentication, while not doing anything on the wiki.
  • 1.12+ The profile page doesn't contain any xobject of type XWiki.WatchListClass or XWiki.Notifications.Code.NotificationPreferenceClass. This is an effort to limit considering users who have created an account only to follow some pages as inactive users. Note that it's not perfect and it's still possible to delete users in this use case, under some conditions.
  • 1.11+ Wiki owners cannot be considered inactive.
  • 1.12+ Profiles with avatars are also considered inactive.
    • 1.8+ It used to be: Profiles with avatars cannot be considered inactive.
  • 1.12+ You can control how many inactive users to list. The default is 50 but this can be overridden by passing ?limit=<number> in the URL query string.




The following pages can be edited and provide configuration features:

  • AntiSpam.Keywords: Keywords/sentences that should be considered as spam content.
  • AntiSpam.Excludes: List of full references of spaces to excludes during spam checking.
  • 1.8+ AntiSpam.KnownUsers: List of full references of known users to prevent from cleaning and to be able to filter out in the event stream.
  • 1.8+ AntiSpam.KnownGroups: List of full references of known groups. All the users in these groups not be cleaned and can be filtered out in the event stream.

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager). Note that installing Extensions when being offline is currently not supported and you'd need to use some complex manual method.

You can also use the following manual method, which is useful if this extension cannot be installed with the Extension Manager or if you're using an old version of XWiki that doesn't have the Extension Manager:

  1. Log in the wiki with a user having Administration rights
  2. Go to the Administration page and select the Import category
  3. Follow the on-screen instructions to upload the downloaded XAR
  4. Click on the uploaded XAR and follow the instructions
  5. You'll also need to install all dependent Extensions that are not already installed in your wiki

Release Notes


















Dependencies for this extension (org.xwiki.contrib:application-antispam-ui 1.12):


Get Connected