cogVarious tools to help fight spam
Developed by

Vincent Massol

Active Installs31
2 Votes
LicenseGNU Lesser General Public License 2.1

XWiki 6.4+

Installable with the Extension Manager


Help fighting spam by locating and removing spam pages (Spam Cleaning) and preventing new spam from being added to the wiki (Spam Checking).

Spam Cleaning


  • Show latest events from the Event Stream
  • Ability to find and delete revisions from pages containing a given keyword + all authors + all pages from these authors + Event Stream from these authors
  • Ability to find and delete revisions from pages authored by a given user
  • Ability to run the Spam Checker on each matching page to verify if the page would pass or not the Spam Checker (see below for more information on the Spam Checker)
  • Checks all revisions of the matching pages found and removes all revisions authored by one the authors found during the search. If no revisions remain, then delete the page.
  • Ability to filter and delete Event Stream events Since 1.8
  • Ability to delete inactive users Since 1.8

To use the Spam Cleaner, click on the "AntiSpam" icon in the Applications Panel:


Home page:


Searching for a spam keyword:


Testing if the found pages match defined spam keywords (this allows you to tune your Keywords page before cleaning the page):


Confirm deletion of pages:




Spam Checking


  • Check for spam content when saving pages. A page is considered as spam in the following conditions:
    • It contains one of the defined spam keywords/sentences blacklist. See below.
    • The IP of the user making the change is contained in a blacklist of IPs.
  • When a page update is found to contain spam the following happens:
    • XWiki 7.4.1+ Cancels saving the page if it contains spam and display an error.
    • The XWiki user is made inactive
    • The IP of the user is added to a list of banned IPs, thus preventing any further edits from that user
    • The disabled user is added to a list of disabled users
  • Ability to exclude some spaces from being checked for spam
  • Since 1.6 Logs of all spam checks that led to capturing some spam user are logged in AntiSpam.Logs

The configuration data and banned IPs and banned users can be accessed from the home page of the application:


And here's what happens when a matching spam keyword is found when saving a page (in the future we'll improve the L&F):


Event Stream

Since 1.8It's possible to filter events from the event stream (filter known users + filter out user profile pages) + delete events.


Inactive Users

Since 1.8It's possible to remove inactive users. An inactive user is a user matching the following criteria:

  • Its profile page has not been modified for the past 30 days. This allows to exclude users who created their profile page in the past 30 days.
  • There's no event coming from the user, ever (since the events were recorded). Be careful that if events were deleted/cleaned, a user who was active in the past may be considered inactive because of this.
  • The profile page doesn't contain any xobject of type XWiki.OIDC.ConsentClass which are added when a user logs on a software authenticating against xwiki. The reason is that we could imagine a user creating a user account on this wiki just to benefit from the authentication, while not doing anything on the wiki.




The following pages can be edited and provide configuration features:

  • AntiSpam.Keywords: Keywords/sentences that should be considered as spam content.
  • AntiSpam.Excludes: List of full references of spaces to excludes during spam checking.
  • AntiSpam.KnownUsers: List of full references of known users to prevent from cleaning and to be able to filter out in the event stream. Since 1.8
  • AntiSpam.KnownGroups: List of full references of known groups. All the users in these groups not be cleaned and can be filtered out in the event stream. Since 1.8

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager). Note that installing Extensions when being offline is currently not supported and you'd need to use some complex manual method.

You can also use the following manual method, which is useful if this extension cannot be installed with the Extension Manager or if you're using an old version of XWiki that doesn't have the Extension Manager:

  1. Log in the wiki with a user having Administration rights
  2. Go to the Administration page and select the Import category
  3. Follow the on-screen instructions to upload the downloaded XAR
  4. Click on the uploaded XAR and follow the instructions
  5. You'll also need to install all dependent Extensions that are not already installed in your wiki

Release Notes














Dependencies for this extension (org.xwiki.contrib:application-antispam-ui 1.8):


Get Connected