Extensión:AbuseFilter

This page is a translated version of the page Extension:AbuseFilter and the translation is 36% complete.
Outdated translations are marked like this.
This extension comes with MediaWiki 1.38 and above. Thus you do not have to download it again. However, you still need to follow the other instructions provided.
Manual das extensións de MediaWiki
AbuseFilter
Estado de liberación: estable
Funcionamento User activity , Special page , API
Descrición Permite poñer restriccións específicas baseadas no comportamento sobre unha actividade wiki.
Autor(es)
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki >= 1.43.0
Cambios na base de datos Si
Composer mediawiki/abuse-filter
Táboas abuse_filter
abuse_filter_action
abuse_filter_history
abuse_filter_log
Licenza GNU General Public License 2.0 or later
Descarga
  • $wgAbuseFilterConditionLimit
  • $wgAbuseFilterRangeBlockSize
  • $wgAbuseFilterAnonBlockDuration
  • $wgAbuseFilterLogIPMaxAge
  • $wgAbuseFilterCentralDB
  • $wgAbuseFilterDefaultWarningMessage
  • $wgAbuseFilterEmergencyDisableAge
  • $wgAbuseFilterEnableBlockedExternalDomain
  • $wgAbuseFilterActionRestrictions
  • $wgAbuseFilterActions
  • $wgAbuseFilterProtectedVariables
  • $wgAbuseFilterLogIP
  • $wgAbuseFilterPrivateDetailsForceReason
  • $wgAbuseFilterEmergencyDisableCount
  • $wgAbuseFilterLogPrivateDetailsAccess
  • $wgAbuseFilterSlowFilterRuntimeLimit
  • $wgAbuseFilterEmergencyDisableThreshold
  • $wgAbuseFilterLocallyDisabledGlobalActions
  • $wgAbuseFilterBlockDuration
  • $wgAbuseFilterDefaultDisallowMessage
  • $wgAbuseFilterValidGroups
  • $wgAbuseFilterNotificationsPrivate
  • $wgAbuseFilterBlockAutopromoteDuration
  • $wgAbuseFilterIsCentral
  • $wgAbuseFilterNotifications
  • abusefilter-modify
  • abusefilter-log-detail
  • abusefilter-view
  • abusefilter-log
  • abusefilter-privatedetails
  • abusefilter-privatedetails-log
  • abusefilter-modify-restricted
  • abusefilter-revert
  • abusefilter-view-private
  • abusefilter-log-private
  • abusefilter-hidden-log
  • abusefilter-hide-log
  • abusefilter-modify-global
  • abusefilter-modify-blocked-external-domains
  • abusefilter-bypass-blocked-external-domains
  • abusefilter-access-protected-vars
  • abusefilter-protected-vars-log
Quarterly downloads 139 (Ranked 42nd)
Public wikis using 2,939 (Ranked 186th)
Traduza a extensión AbuseFilter se está dispoñible en translatewiki.net
Problemas Tarefas pendentes · Informar dun erro

AbuseFilter

2020 Coolest Tool
Award Winner

in the category
Quality


O AbuseFilter a extensión deixa privileged usuarios para pór accións específicas para ser tomado cando accións por usuarios, como edita, partido criterios seguros.

Por exemplo, un filtro podería ser creado para evitar usuarios anónimos desde engadir ligazóns externas, ou para bloquear un usuario que tira máis que 2000 caracteres.

Instalación

  • Descargue e extraia os ficheiros nun directorio chamado «AbuseFilter», dentro do seu cartafol extensions/.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter
  • Only when installing from Git, run Composer to install PHP dependencies, by issuing composer install --no-dev in the extension directory. (See task T173141 for potential complications.)
  • Engada o seguinte código ó seu $LocalSettings:
    wfLoadExtension( 'AbuseFilter' );
    
  • Execute a escritura de actualización, que creará automaticamente as táboas da base de datos que necesita esta extensión.
  • Configure as required.
  •   Feito – Vaia a Special:Version no seu wiki para verificar que a extensión se instalou correctamente.

When installing from Git, please note that this extension requires Composer .

So, after installation from Git change to the directory containing the extension e.g. "../extensions/AbuseFilter/" and run composer install --no-dev, or when updating: composer update --no-dev.

Alternatively as well as preferably add the line "extensions/AbuseFilter/composer.json" to the "composer.local.json" file in the root directory of your wiki like e.g.

{
	"extra": {
		"merge-plugin": {
			"include": [
				"extensions/AbuseFilter/composer.json"
			]
		}
	}
}

Configuración

Dereitos do usuario

Unha vez instalada a extensión, terá que configurar os dereitos de usuario en "LocalSettings.php".

User rights for AbuseFilter
Dereitos Descrición Notes User groups that have this right by default
abusefilter-modify Crear ou modificar os filtros de abusos Requires the abusefilter-view right sysop
abusefilter-view Ver os filtros de abusos *
abusefilter-log Ver o rexistro de abusos *
abusefilter-log-detail Ver os detalles das entradas do rexistro de abusos Requires the abusefilter-log right sysop
abusefilter-privatedetails Ver os datos privados no rexistro de abusos Prior to 1.34 this right was named abusefilter-private - Requires the abusefilter-log-detail right
abusefilter-modify-restricted Modificar os filtros de abusos con accións restrinxidas Requires the abusefilter-modify right sysop
abusefilter-modify-global Crear ou modificar os filtros de abusos globais Requires the abusefilter-modify right
abusefilter-revert Reverter todos os cambios dun filtro de abusos dado sysop
abusefilter-view-private Ver os filtros de abusos marcados como privados Requires the abusefilter-view right (not needed if the group already has the abusefilter-modify right) sysop
abusefilter-log-private Ver as entradas no rexistro dos filtros de abusos marcados como privados Requires the abusefilter-log right (not needed if the group already has the abusefilter-modify or abusefilter-view-private rights) sysop
abusefilter-hide-log Agochar entradas no rexistro de abusos Requires the abusefilter-log right suppress
abusefilter-hidden-log Ver as entradas agochadas do rexistro de abusos Requires the abusefilter-log right suppress
abusefilter-privatedetails-log Ver o rexistro de consulta dos detalles privados do filtro de abusos Prior to 1.34 this right was named abusefilter-private-log
abusefilter-modify-blocked-external-domains Crear ou modificar os dominios externos que están bloqueados e non poden ser ligados sysop
abusefilter-bypass-blocked-external-domains Eludir os dominios externos bloqueados Requires the edit right bot
abusefilter-access-protected-vars Consultar e crear filtros que utilizan variables protexidas sysop
abusefilter-protected-vars-log Ver os rexistros relacionados co acceso aos valores das variables protexidas sysop

Por exemplo, a seguinte configuración de exemplo permitiría ós administradores facer todo o que quixeran co AbuseFilter, e a todos ver o rexistro e a configuración pública do filtro:

$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
$wgGroupPermissions['*']['abusefilter-view'] = true;
$wgGroupPermissions['*']['abusefilter-log'] = true;
$wgGroupPermissions['sysop']['abusefilter-privatedetails'] = true;
$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
$wgGroupPermissions['sysop']['abusefilter-access-protected-vars'] = true;
$wgGroupPermissions['sysop']['abusefilter-protected-vars-log'] = true;
Os filtros marcados como privados só poden ser vistos polos usuarios co permiso abusefilter-modify ou o abusefilter-view-private.
Protected filters can only be created and viewed by users with the abusefilter-access-protected-vars permission. Logs pertaining to these filters can only be viewed by users with the abusefilter-protected-vars-log permission. For more information, see Rules format .

Parameters

Nome da variable Valor predeterminado Descrición
$wgAbuseFilterActions
[
    'throttle' => true,
    'warn' => true,
    'disallow' => true,
    'blockautopromote' => true,
    'block' => true,
    'rangeblock' => false,
    'degroup' => false,
    'tag' => true
]
As posibles accións que se poden facer cos filtros antiabusos Cando engadindo unha acción nova, control se é restrinxido en $wgAbuseFilterRestrictions e, se é, non esquece para engadir o abusefilter-modificar-restrinxido correcto aos grupos de usuario apropiados.
$wgAbuseFilterConditionLimit
1000
Número máximo de 'condicións' que se pode utilizar cada vez que os filtros se executan contra un cambio. (Filtros máis complexos requiren máis 'condicións').
$wgAbuseFilterValidGroups
[
    'default'
]
A lista de "filtros" de grupos pode ser dividida a. Por default hai só un agrupa. Other extensions may add other groups.
$wgAbuseFilterEmergencyDisableThreshold
[
    'default' => 0.05
]
Desactivar un filtro se coincide con máis de dúas edicións, constituíndo máis do 5% das accións que foron verificadas contra o grupo de filtros no período "observado" (como moito, un día), a non ser que o filtro fose cambiado nos últimos 86400 segundos (un día) See emergency throttling.
$wgAbuseFilterEmergencyDisableCount
[
    'default' => 2
]
$wgAbuseFilterEmergencyDisableAge
[
    'default' => 86400
]
$wgAbuseFilterActionRestrictions
[
	"throttle" => false,
	"warn" => false,
	"disallow" => false,
	"blockautopromote" => true,
	"block" => true,
	"rangeblock" => true,
	"degroup" => true,
	"tag" => false
]
Os usuarios deben ter o dereito "abusefilter-modify-restricted" (abusefilter-modificar rextrinxido) e o "abusefilter-modify" (abusefilter-modificar) para poder crear ou cambiar os filtros que realizan esas accións
$wgAbuseFilterNotifications
false
Permite configurar a extensión para enviar notificacións a Special:RecentChanges ou UDP. Opcións dispoñibles: rc, udp, rcandudp
For sending changes to abuse filters to Special:RecentChanges, use unset($wgLogRestrictions['abusefilter']);.
$wgAbuseFilterNotificationsPrivate
false
Permitir notificacións para filtros privados.
$wgAbuseFilterCentralDB
null
MW 1.41+ Nome da base de datos onde se almacenarán os filtros globais antiabuso (soportado só na última versión de desenrolo). Requires CentralAuth installed otherwise global filters will break on a wikifarm.
$wgAbuseFilterIsCentral
false
MW 1.41+ Establecer esta variable como verdadeira para a wiki onde se almacenan os filtros globais antiabuso (soportado só na última versión de desenrolo) Requires CentralAuth installed otherwise global filters will break on a wikifarm.
$wgAbuseFilterLocallyDisabledGlobalActions
[
	"throttle" => false,
	"warn" => false,
	"disallow" => false,
	"blockautopromote" => false,
	"block" => false,
	"rangeblock" => false,
	"degroup" => false,
	"tag" => false
]
Non permitir filtros centralizados que realicen accións que bloqueen localmente, quite de grupos ou elimine permisos.
$wgAbuseFilterBlockDuration
'indefinite'
Duración dos bloqueos feitos polo filtro antiabuso
Cando de 1.31.0-wmf.25 duracións de bloque poden ser especificadas para cada filtro só e override esta variábel. Esta variábel é só utilizado cando habilitando o bloque para preselect un default duración.
$wgAbuseFilterAnonBlockDuration
null
A duración dos bloqueos creados polo AbuseFilter para usuarios anónimos. Usarase o valor de $wgAbuseFilterBlockDuration se non se establece.
Cando de 1.31.0-wmf.25 duracións de bloque poden ser especificadas para cada filtro só e override esta variábel. Esta variábel é só utilizado cando habilitando o bloque para preselect un default duración.
$wgAbuseFilterBlockAutopromoteDuration
5
Duration, in days, for which users' autopromotion is blocked by filters.
$wgAbuseFilterDefaultWarningMessage
[
    'default' => 'abusefilter-warning'
]
Mensaxes de aviso por defecto, por grupo de filtros
$wgAbuseFilterDefaultDisallowMessage
[
    'default' => 'abusefilter-disallowed'
]
Default disallow messages, per filter group
$wgAbuseFilterLogIP
true
Whether to include IP in the abuse_filter_log
$wgAbuseFilterLogIPMaxAge
3 * 30 * 24 * 3600
Idade usada como corte cando se purga o rexistro de direccións IP vellas. Por defecto é de 3 meses. Usado polo script de mantenemento purgeOldLogIPData.php.
$wgAbuseFilterProfileActionsCap
10000
Número de acción que determina cando a reset profiling stats.
$wgAbuseFilterLogPrivateDetailsAccess
false
Whether accessing private information from a filter log entry is logged.
$wgAbuseFilterPrivateDetailsForceReason
false
Whether users are forced to provide a reason for accessing private information from a filter log entry.
$wgAbuseFilterSlowFilterRuntimeLimit
500
Runtime in milliseconds before a filter is considered slow.
$wgAbuseFilterRangeBlockSize
[
    'IPv4' => '16',
    'IPv6' => '19',
]
Size of the range blocked by 'rangeblock' action.
$wgAbuseFilterProtectedVariables
[ "user_unnamed_ip" ]
Array of variables that are be considered protected (limited access) and require the abusefilter-access-protected-vars right to use/view.

Emergency throttling

AbuseFilter comes with a feature that automatically throttles (disables) filters that have been edited recently and match a certain threshold of the latest actions.

This is done to prevent harmful edits on the filters to block every user that performs an action on the wiki or similar.

The condition to disable the filter depend on those variables:

  • $wgAbuseFilterEmergencyDisableThreshold - Percent of matches over the total amount of actions in the observed period.
  • $wgAbuseFilterEmergencyDisableCount - Count of matches of the filter in the observed period.
  • $wgAbuseFilterEmergencyDisableAge - Age of the filter to take it into account. If the last edit of the filter is older than this number of seconds, the filter won't be throttled, unless it's already throttled.

Throttled filters can be identified in the list of filters (Special:AbuseFilter) with the state Activado, Alta taxa de coincidencias. Throttling happens silently, and there's no way to see when a filter got throttled, except when Extension:Echo is installed, then a notification is sent to the user who was last to modify the filter.

When a filter gets throttled, it doesn't perform any dangerous action (actions usually restricted to special rights like blocking the user, or removing it from groups, controlled by $wgAbuseFilterActionRestrictions), and only "safe" actions are allowed (the ones that can warn or prevent the ongoing action). Throttled filters don't get enabled automatically. To disable the throttling, you need to edit the filter. Note that you need to actually change something from the filter: changing something from the filter's notes is sufficient.

Note that editing the filter updates its age, and can cause it to be disabled if it reaches again the conditions to be throttled in a short period since the last edit, leading to a unusable filter if your wiki has more abuse edits than legitimate ones.

Creando e xestionando filtros

Unha vez instalada a extensión, os filtros poden ser creados/probados/cambiados/borrados e pode accederse ós rexistros desde a páxina de xestión de filtros de abuso Special:AbuseFilter.

  • To import filters from Wikipedia: When you have installed the extension, go to w:Special:AbuseFilter, choose a filter (say w:Special:AbuseFilter/3), then click "Export this filter to another wiki", copy the text, go to "Special:AbuseFilter/import" on your wiki, paste the text.

API

O filtro antiabuso engade dous módulos API, un para detalles dos filtros antiabuso ("abuseFilter") e outro para o rexistro de abuso, posto que é independiente doutros rexistros MediaWiki ("AbuseLog"). Non é posible crear ou modificar os filtros antiabusos usando a API.

list = abusefilters

Lista de información sobre os filtros

Parámetros
  • abfstartid - O identificador de filtro desde onde iniciar a enumeración
  • abfendid - O identificador de filtro onde deter a enumeración
  • abfdir - A dirección na que se enumera (máis vello, máis novos)
  • abfshow - Mostrar só os filtros que cumpran con este criterio (enabled|!enabled|deleted|!deleted|private|!private)
  • abflimit - Número máximo de filtros a listar
  • abfprop - *abfprop: Propiedades mostrar (id|description|pattern|actions|hits|comments|lasteditor|lastedittime|status|private)

Cando os filtros son privados, algunha sdas propiedades especificadas con abfprop faltarán a menos que vostede teña os dereitos de usuario axeitados.

Exemplos
Lista de filtros antiabuso non-privados
Result
{
    "batchcomplete": "",
    "continue": {
        "abfstartid": 18,
        "continue": "-||"
    },
    "query": {
        "abusefilters": [
            {
                "id": 1,
                "hits": 41430
            },
            {
                "id": 3,
                "hits": 957485
            },
            {
                "id": 5,
                "hits": 5931
            },
            {
                "id": 6,
                "hits": 19
            },
            {
                "id": 8,
                "hits": 7
            },
            {
                "id": 9,
                "hits": 41354
            },
            {
                "id": 11,
                "hits": 132971
            },
            {
                "id": 12,
                "hits": 139693
            },
            {
                "id": 14,
                "hits": 63
            },
            {
                "id": 15,
                "hits": 15
            }
        ]
    }
}

list = abuselog

Lista de casos onde as accións activan un filtro abuso

Parámetros
  • aflstart - A data e hora dende onde comezar a enumeración
  • aflend - A data e hora dende onde rematar a enumeración
  • afldir - A dirección na que se enumera (máis vellos, máis novos)
  • afluser - Mostrar só as entradas onde se intentou a acción por un determinado usuario ou a través da súa IP.
  • afltitle - Mostrar só as entradas onde as accións involucran unha páxina dada.
  • aflfilter - Mostrar só as entradas que activan un filtro cun ID dado
  • afllimit - Número máximo de entradas a listar
  • aflprop - Propiedades mostrar: (ids|filter|user|ip|title|action|details|result|timestamp|hidden|revid|wiki)
Exemplo
Lista de casos onde se activou o filtro antiabusos en resposta a accións do usuario "SineBot"
Result
{
    "batchcomplete": "",
    "continue": {
        "aflstart": "2018-03-06T02:34:18Z",
        "continue": "-||"
    },
    "query": {
        "abuselog": [
            {
                "id": 27219261,
                "filter_id": "1073"
            },
            {
                "id": 26938051,
                "filter_id": ""
            },
            {
                "id": 23388942,
                "filter_id": "1"
            },
            {
                "id": 22044912,
                "filter_id": ""
            },
            {
                "id": 22032235,
                "filter_id": ""
            },
            {
                "id": 22032196,
                "filter_id": ""
            },
            {
                "id": 21983882,
                "filter_id": ""
            },
            {
                "id": 20594818,
                "filter_id": "904"
            },
            {
                "id": 20593489,
                "filter_id": "904"
            },
            {
                "id": 20590442,
                "filter_id": "904"
            }
        ]
    }
}

Possible errors

  • Some users might experience that creating new filters or modifying old filters fail and the user just gets redirected to the original page. If the Wiki is using SSL certificates, this error could possibly be because of the $wgServer value, which might be using "http://" instead of "https://". An indication of this error will be, the browser giving https warning for Special:AbuseFilter pages. (Topic:T23dyyih0ofjada5)

Integration with other extensions

You can integrate AbuseFilter with other extension in various ways.

Adding variables for filtering

It is possible to add new variables, to be used in abuse filters. A list of examples is available . To do that, you should:

  • Add a handler for the AbuseFilter-builder hook. To add a variable, you should use $builder['vars']['variable_name'] = 'i18n-key';, where variable_name is the name of the variable, and i18n-key is the fragment of an i18n key. The full key will be abusefilter-edit-builder-vars-{$your_key}.
  • Add the i18n messages you chose at the previous point.
  • Choose a hook handler where the variable will be computed. Depending on your use case, you could:
    • Implement the AbuseFilter-generateTitleVars hook; this is specifically thought for page-related variables;
    • Implement the AbuseFilter-generateUserVars hook; this is specifically thought for user-related variables;
    • Implement the AbuseFilter-generateGenericVars hook; this is for variables not bound to a specific page or user;
    • Implement the AbuseFilterAlterVariables hook; this is a bit more flexible than the other hooks, but it has a downside: your variable will not be available when examining past RecentChanges entries. If you want to implement that feature (and it's recommended to do so), you should use one of the hooks listed above, and use its third parameter ($RCRow).
  • Inside the hook handler, there are two ways to add a variable:
    • The "direct" way is calling $vars->setVar( 'var_name', var_value );. This is ideal only when the value is easy and quick to compute: the value is computed even if no active filter will use it.
    • The "lazy" way is calling $vars->setLazyLoadVar( 'var_name', 'method_name', $params );. Here, 'method_name' is a (unique) identifier that will be used to compute the variable (it's recommended to prefix it with the name of your extension). To register the method, you should add a handler for the AbuseFilter-computeVariable hook; therein, you should check if the $method passed matches your 'method_name', and if so, compute the variable. Lastly, $params is an array of parameters that you'll need to compute the variable; these are passed to the computeVariable hook handler. For an example of this, you can check out CentralAuth's global_user_groups.

Adding custom actions

You can add custom action handlers, so that each filter may perform further actions. To do that, you choose a name for the action ('my-action' from now on), and then:

  • Create a class named e.g. MyAction, that should extend \MediaWiki\Extension\AbuseFilter\Consequence, which can also implement HookAborterConsequence or ConsequencesDisablerConsequence
  • Add a subscriber to the AbuseFilterCustomActions hook; the subscriber should provide a callback as documented in the hook documentation, that returns an instance of the class created above, for instance:
class MyAction extends \MediaWiki\Extension\AbuseFilter\Consequence {
    public function run() {
        throw new \Exception( 'Write me' );
    }
}
public function onAbuseFilterCustomActions( &$actions ) {
    $actions[] = function ( \MediaWiki\Extension\AbuseFilter\Consequence\Parameters $params, array $rawParams ) : MyConsequence {
        return new MyAction( $params, $rawParams );
    };
}

Then you should add the following i18n messages; you can replace 'my_action' with e.g. 'block' to see what the messages are for:

  • 'abusefilter-edit-action-${my_action}'
  • 'abusefilter-action-${my_action}'

Adding rule groups

You can also add extra rule groups, which can be used to group existing abuse filters. Note that, at the moment, each filter can only be in a single group (T116642). Currently, the only known consumer of this feature is Extension:StructuredDiscussions . To do that, you should:

  • Append the name of the group to $wgAbuseFilterValidGroups.
  • Add some code to run the filters with your group. Note that AbuseFilter won't do that on its own. To do that, you should construct an AbuseFilterRunner object, passing in the name of your group.

Véxase tamén