MediaWiki

Extension:Antispam

Translate this page
Languages:
MediaWiki extensions manual
Anti-spam by CleanTalk
Release status: stable
Implementation User activity , Page action
Description Client extension for cloud anti-spam service CleanTalk.org.
Author(s) Denis Shagimuratov
Latest version 2.4 (2023-07-28)
MediaWiki 1.29+
PHP PHP 5.3+
Database changes Yes
License GNU General Public License 2.0 or later
Download

GitHub:

Note:
No localisation updates are
provided by translatewiki.net .

Parameters

  • $wgCTAccessKey
  • $wgCTNewEditsOnly
Added rights

  • cleantalk-bypass
Hooks used

The Anti-spam extension is a client-side application for a commercial cloud anti-spam service, cleantalk.org.

Anti-Spam service

The CleanTalk Cloud Service provides automatic and invisible protection from spam for websites. CleanTalk analyzes user behavior and evaluates the parameters of a completed form.

When installed on your website the Anti-Spam Module captures the behavior parameters of a visitor or a spambot. These parameters are being assessed and the service makes a decision — to post the visitor's message or to define it as spam and reject it. Based on such checks, the service forms its own list of email addresses used by spambots. Likewise, visitor registrations are being checked too. The service adds not only email addresses to the global blacklist but also IP addresses and domains of the websites that are promoted through spam mailout.

Spam Firewall feature

This option allows blocking spam-bots before they access MediaWiki content. CleanTalk collects spam bots activity data on websites, IP addresses of the most active spam bots are added to the Spam Firewall database. The service intercepts any HTTP(POST/GET) requests to a site and IP address it contains. If an IP address is included in CleanTalk blacklist of most spam active IPs, it will get a special page, if it is a real visitor then it proceeds to the site. That is completely transparent to the visitors. The results of Spam FireWall are logged and available in your control panel.

Real-Time Email Address Existence Validation

To validate that users sign up with their real email address, the CleanTalk server will perform email account existence checks using SMTP response.

Private blacklist/whitelist

Automatically blocks comments and registrations from your private black IP/email address list. This option helps to strengthen the protection from manual spam or block unwanted comments from users. You can add not only the certain IP addresses but also a separate subnet to your personal blacklist. The extension allows blocking or whitelisting emails for registration using wildcards, for example, "*@mail.com" will block/allow every address ending on @mail.com.

Blocking users by country

The external service can be used to automatically block comments and registrations from specific countries.

Stoplist by words

Comments that contain specific words can be forbidden.

cleantalk screenshots edit

  •  

    World map of top spam

  •  

    Analytics

  •  

    Log contents

  •  

    Account creation rejected

Installation edit

  • Download and place the file(s) in a directory called Antispam in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php file: 
    require_once "$IP/extensions/Antispam/Antispam.php";
  •   Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration parameters edit

To run extension

  • Get Access key
http://cleantalk.org/register?platform=mediawiki

Place the Access key in the LocalSettings.php with the variable $wgCTAccessKey.

  Note: you need to put it after loading the extension using require_once or wfLoadExtension().

  • Set as you wish true or false the parameter $wgCTNewEditsOnly.

Frequently Asked Questions edit

  • Should I change anything in the extension's settings or in my CleanTalk Control Panel when I switch my website from HTTP to HTTPS or vice versa?
    • No, the extension will work regardless of the protocol. 
  • After installation, on creation of a test user, I get error: Fatal exception of type "Wikimedia\Rdbms\DBQueryError". How to fix?
    • temporarily add:
      require_once "$IP/extensions/Antispam/Antispam.php";
      into LocalSettings.php, verify that the extension was loaded on the version page, then replace with:
      wfLoadExtension( 'Antispam' );
    • Don't set the key in the extensions/Antispam/Antispam.php file, but in LocalSettings.php file as variable $wgCTAccessKey below the load instruction.
  • This extension is dependent on cleantalk.org, a commercial paysite. Are there any free options or alternatives?
    • The Antispam extension is specific to this one provider, which is non-free. There are hundreds of other real-time blocklists (RBLs) or DNS blocklists (DNSBLs), both paid and free; most target spam e-mail but a few target forum or blog comment spam. Extension:StopForumSpam uses stopforumspam.com to prevent comment spam, for instance. Another option is to download IP deny lists from any of a number of sources, and import them into MediaWiki using the maintenance/updateDenyList.php script.
  • But what about false positives? Is there any way to prevent the extension from submitting the username, email address and IP address of my legit users only to have them appear on cleantalk.org's public blocklists?
    • While the number of false positives is relatively low, this is a problematic issue. It's best to mitigate this risk by only invoking Antispam on new account creation and on new page creation by new or anonymous users.
      • Implement autoconfirmation and set $wgAutoConfirmAge to something reasonable. Give the 'cleantalk-bypass' permission to the bot, sysop and autoconfirmed groups by modifying the "Group Permissions" section of extensions/Antispam/extension.json or by setting {{ll|Manual:$wgGroupPermissions|$wgGroupPermissions]]['autoconfirmed']['cleantalk-bypass'] = true; and making the same change for other desired groups in LocalSettings.php .
      • Limit the extension to new page creation by setting "CTNewEditsOnly": { "value": true } in the "config" section of extensions/Antispam/extension.json
      • The cleantalk.org web interface does provide a list of who and what has been blocked by the filter. It is possible to report false-positive or false-negative results there; this doesn't reinstate a wrongly-blocked edit or remove a wrongly-blocked IP from the Cleantalk lists, but it will temporarily whitelist the user on your own site.
  • I have multiple subprojects (such as en.example.wiki, fr.example.wiki, pt.example.wiki) for different topics or different languages. Will this extension work with this structure, or do I need to redesign the site to user www.example.wiki/en/PageName www.example.wiki/es/PageName and the like?
    • The extension will work regardless of your URL structure. The only limitation is that the Cleantalk server will remove the original domain and subdomain, replacing them with whatever domain name is tied to the ID specified in $wgCTAccessKey. This only affects the displayed blocklogs on the Cleantalk website; the extension will still work. Another option is to purchase multiple keys (one for each language subproject) but this does cost extra.
Retrieved from "https://www.mediawiki.org/w/index.php?title=Extension:Antispam&oldid=6045644"