Extensión:AbuseFilter
AbuseFilter Estado de liberación: estable |
|
---|---|
Funcionamento | User activity , Special page , API |
Descrición | Permite poñer restriccións específicas baseadas no comportamento sobre unha actividade wiki. |
Autor(es) |
|
Compatibility policy | Snapshots releases along with MediaWiki. Master is not backward compatible. |
Cambios na base de datos | Si |
Composer | mediawiki/abuse-filter |
Táboas | abuse_filter abuse_filter_action abuse_filter_history abuse_filter_log |
Licenza | GNU General Public License 2.0 or later |
Descarga | |
|
|
|
|
|
|
|
|
Quarterly downloads | 126 (Ranked 44th) |
Public wikis using | 2,939 (Ranked 186th) |
Traduza a extensión AbuseFilter se está dispoñible en translatewiki.net | |
Problemas | Tarefas pendentes · Informar dun erro |
O AbuseFilter a extensión deixa privileged usuarios para pór accións específicas para ser tomado cando accións por usuarios, como edita, partido criterios seguros.
Por exemplo, un filtro podería ser creado para evitar usuarios anónimos desde engadir ligazóns externas, ou para bloquear un usuario que tira máis que 2000 caracteres.
Instalación
- Descargue e extraia os ficheiros nun directorio chamado «
AbuseFilter
», dentro do seu cartafolextensions/
.
Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter - Only when installing from Git, run Composer to install PHP dependencies, by issuing
composer install --no-dev
in the extension directory. (See task T173141 for potential complications.) - Engada o seguinte código ó seu $LocalSettings:
wfLoadExtension( 'AbuseFilter' );
- Execute a escritura de actualización, que creará automaticamente as táboas da base de datos que necesita esta extensión.
- Configure as required.
- Feito – Vaia a Special:Version no seu wiki para verificar que a extensión se instalou correctamente.
So, after installation from Git change to the directory containing the extension e.g. "../extensions/AbuseFilter/" and run composer install --no-dev
, or when updating: composer update --no-dev
.
Alternatively as well as preferably add the line "extensions/AbuseFilter/composer.json"
to the "composer.local.json" file in the root directory of your wiki like e.g.
{
"extra": {
"merge-plugin": {
"include": [
"extensions/AbuseFilter/composer.json"
]
}
}
}
Configuración
Dereitos do usuario
Unha vez instalada a extensión, terá que configurar os dereitos de usuario en "LocalSettings.php".
Dereitos | Descrición | Notes | User groups that have this right by default | Versions |
---|---|---|---|---|
abusefilter-modify | Crear ou modificar os filtros de abusos | Requires the abusefilter-view right
|
sysop | 1.19+ |
abusefilter-view | Ver os filtros de abusos | * | 1.19+ | |
abusefilter-log | Ver o rexistro de abusos | * | 1.19+ | |
abusefilter-log-detail | Ver os detalles das entradas do rexistro de abusos | Requires the abusefilter-log right
|
sysop | 1.19+ |
abusefilter-privatedetails | Ver os datos privados no rexistro de abusos | Prior to 1.34 this right was named abusefilter-private - Requires the abusefilter-log-detail right
|
— | 1.19+ |
abusefilter-modify-restricted | Modificar os filtros de abusos con accións restrinxidas | Requires the abusefilter-modify right
|
sysop | 1.19+ |
abusefilter-revert | Reverter todos os cambios dun filtro de abusos dado | sysop | 1.19+ | |
abusefilter-view-private | Ver os filtros de abusos marcados como privados | Requires the abusefilter-view right (not needed if the group already has the abusefilter-modify right)
|
sysop | 1.19+ |
abusefilter-hide-log | Agochar entradas no rexistro de abusos | Requires the abusefilter-log right
|
suppress | 1.19+ |
abusefilter-hidden-log | Ver as entradas agochadas do rexistro de abusos | Requires the abusefilter-log right
|
suppress | 1.19+ |
abusefilter-log-private | Ver as entradas no rexistro dos filtros de abusos marcados como privados | Requires the abusefilter-log right (not needed if the group already has the abusefilter-modify or abusefilter-view-private rights)
|
sysop | 1.20+ |
abusefilter-modify-global | Crear ou modificar os filtros de abusos globais | Requires the abusefilter-modify right
|
— | 1.21+ |
abusefilter-privatedetails-log | Ver o rexistro de consulta dos detalles privados do filtro de abusos | Prior to 1.34 this right was named abusefilter-private-log
|
— | 1.31+ |
abusefilter-modify-blocked-external-domains | Crear ou modificar os dominios externos que están bloqueados e non poden ser ligados | sysop | 1.41+ | |
abusefilter-bypass-blocked-external-domains | Eludir os dominios externos bloqueados | Requires the edit right
|
bot | 1.41+ |
abusefilter-access-protected-vars | Consultar e crear filtros que utilizan variables protexidas | sysop | 1.43+ | |
abusefilter-protected-vars-log | Ver os rexistros relacionados co acceso aos valores das variables protexidas | sysop | 1.43+ |
Por exemplo, a seguinte configuración de exemplo permitiría ós administradores facer todo o que quixeran co AbuseFilter, e a todos ver o rexistro e a configuración pública do filtro:
$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
$wgGroupPermissions['*']['abusefilter-view'] = true;
$wgGroupPermissions['*']['abusefilter-log'] = true;
$wgGroupPermissions['sysop']['abusefilter-privatedetails'] = true;
$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
$wgGroupPermissions['sysop']['abusefilter-access-protected-vars'] = true;
$wgGroupPermissions['sysop']['abusefilter-protected-vars-log'] = true;
abusefilter-access-protected-vars
permission. Logs pertaining to these filters can only be viewed by users with the abusefilter-protected-vars-log
permission. For more information, see Rules format .Parameters
Nome da variable | Valor predeterminado | Descrición |
---|---|---|
$wgAbuseFilterActions
|
[
'throttle' => true,
'warn' => true,
'disallow' => true,
'blockautopromote' => true,
'block' => true,
'rangeblock' => false,
'degroup' => false,
'tag' => true
]
|
As posibles accións que se poden facer cos filtros antiabusos Cando engadindo unha acción nova, control se é restrinxido en $wgAbuseFilterRestrictions e, se é, non esquece para engadir o abusefilter-modificar-restrinxido correcto aos grupos de usuario apropiados.
|
$wgAbuseFilterConditionLimit
|
1000
|
Número máximo de 'condicións' que se pode utilizar cada vez que os filtros se executan contra un cambio. (Filtros máis complexos requiren máis 'condicións'). |
$wgAbuseFilterValidGroups
|
[
'default'
]
|
A lista de "filtros" de grupos pode ser dividida a. Por default hai só un agrupa. Other extensions may add other groups. |
$wgAbuseFilterEmergencyDisableThreshold
|
[
'default' => 0.05
]
|
Desactivar un filtro se coincide con máis de dúas edicións, constituíndo máis do 5% das accións que foron verificadas contra o grupo de filtros no período "observado" (como moito, un día), a non ser que o filtro fose cambiado nos últimos 86400 segundos (un día) See emergency throttling. |
$wgAbuseFilterEmergencyDisableCount
|
[
'default' => 2
]
| |
$wgAbuseFilterEmergencyDisableAge
|
[
'default' => 86400
]
| |
$wgAbuseFilterActionRestrictions
|
[
"throttle" => false,
"warn" => false,
"disallow" => false,
"blockautopromote" => true,
"block" => true,
"rangeblock" => true,
"degroup" => true,
"tag" => false
]
|
Os usuarios deben ter o dereito "abusefilter-modify-restricted" (abusefilter-modificar rextrinxido) e o "abusefilter-modify" (abusefilter-modificar) para poder crear ou cambiar os filtros que realizan esas accións |
$wgAbuseFilterNotifications
|
false
|
Permite configurar a extensión para enviar notificacións a Special:RecentChanges ou UDP. Opcións dispoñibles: rc, udp, rcandudp
For sending changes to abuse filters to Special:RecentChanges, use
unset($wgLogRestrictions['abusefilter']); . |
$wgAbuseFilterNotificationsPrivate
|
false
|
Permitir notificacións para filtros privados. |
$wgAbuseFilterCentralDB
|
null
|
MW 1.41+ Nome da base de datos onde se almacenarán os filtros globais antiabuso (soportado só na última versión de desenrolo). Requires CentralAuth installed otherwise global filters will break on a wikifarm. |
$wgAbuseFilterIsCentral
|
false
|
MW 1.41+ Establecer esta variable como verdadeira para a wiki onde se almacenan os filtros globais antiabuso (soportado só na última versión de desenrolo) Requires CentralAuth installed otherwise global filters will break on a wikifarm. |
$wgAbuseFilterLocallyDisabledGlobalActions
|
[
"throttle" => false,
"warn" => false,
"disallow" => false,
"blockautopromote" => false,
"block" => false,
"rangeblock" => false,
"degroup" => false,
"tag" => false
]
|
Non permitir filtros centralizados que realicen accións que bloqueen localmente, quite de grupos ou elimine permisos. |
$wgAbuseFilterBlockDuration
|
'indefinite'
|
Duración dos bloqueos feitos polo filtro antiabuso
Cando de 1.31.0-wmf.25 duracións de bloque poden ser especificadas para cada filtro só e override esta variábel. Esta variábel é só utilizado cando habilitando o bloque para preselect un default duración.
|
$wgAbuseFilterAnonBlockDuration
|
null
|
A duración dos bloqueos creados polo AbuseFilter para usuarios anónimos. Usarase o valor de $wgAbuseFilterBlockDuration se non se establece.
Cando de 1.31.0-wmf.25 duracións de bloque poden ser especificadas para cada filtro só e override esta variábel. Esta variábel é só utilizado cando habilitando o bloque para preselect un default duración.
|
$wgAbuseFilterBlockAutopromoteDuration
|
5
|
Duration, in days, for which users' autopromotion is blocked by filters. |
$wgAbuseFilterDefaultWarningMessage
|
[
'default' => 'abusefilter-warning'
]
|
Mensaxes de aviso por defecto, por grupo de filtros |
$wgAbuseFilterDefaultDisallowMessage
|
[
'default' => 'abusefilter-disallowed'
]
|
Default disallow messages, per filter group |
$wgAbuseFilterLogIP
|
true
|
Whether to include IP in the abuse_filter_log |
$wgAbuseFilterLogIPMaxAge
|
3 * 30 * 24 * 3600
|
Idade usada como corte cando se purga o rexistro de direccións IP vellas. Por defecto é de 3 meses. Usado polo script de mantenemento purgeOldLogIPData.php. |
$wgAbuseFilterProfileActionsCap
|
10000
|
Número de acción que determina cando a reset profiling stats. |
$wgAbuseFilterLogPrivateDetailsAccess
|
false
|
Whether accessing private information from a filter log entry is logged. |
$wgAbuseFilterPrivateDetailsForceReason
|
false
|
Whether users are forced to provide a reason for accessing private information from a filter log entry. |
$wgAbuseFilterSlowFilterRuntimeLimit
|
500
|
Runtime in milliseconds before a filter is considered slow. |
$wgAbuseFilterRangeBlockSize
|
[
'IPv4' => '16',
'IPv6' => '19',
]
|
Size of the range blocked by 'rangeblock' action. |
$wgAbuseFilterProtectedVariables
|
[ "user_unnamed_ip" ]
|
Array of variables that are be considered protected (limited access) and require the abusefilter-access-protected-vars right to use/view.
|
Emergency throttling
AbuseFilter comes with a feature that automatically throttles (disables) filters that have been edited recently and match a certain threshold of the latest actions.
This is done to prevent harmful edits on the filters to block every user that performs an action on the wiki or similar.
The condition to disable the filter depend on those variables:
$wgAbuseFilterEmergencyDisableThreshold
- Percent of matches over the total amount of actions in the observed period.$wgAbuseFilterEmergencyDisableCount
- Count of matches of the filter in the observed period.$wgAbuseFilterEmergencyDisableAge
- Age of the filter to take it into account. If the last edit of the filter is older than this number of seconds, the filter won't be throttled, unless it's already throttled.
Throttled filters can be identified in the list of filters (Special:AbuseFilter) with the state Activado, Alta taxa de coincidencias. Throttling happens silently, and there's no way to see when a filter got throttled, except when Extension:Echo is installed, then a notification is sent to the user who was last to modify the filter.
When a filter gets throttled, it doesn't perform any dangerous action (actions usually restricted to special rights like blocking the user, or removing it from groups, controlled by $wgAbuseFilterActionRestrictions), and only "safe" actions are allowed (the ones that can warn or prevent the ongoing action). Throttled filters don't get enabled automatically. To disable the throttling, you need to edit the filter. Note that you need to actually change something from the filter: changing something from the filter's notes is sufficient.
Note that editing the filter updates its age, and can cause it to be disabled if it reaches again the conditions to be throttled in a short period since the last edit, leading to a unusable filter if your wiki has more abuse edits than legitimate ones.
Creando e xestionando filtros
Unha vez instalada a extensión, os filtros poden ser creados/probados/cambiados/borrados e pode accederse ós rexistros desde a páxina de xestión de filtros de abuso Special:AbuseFilter.
- Formato de regras - O basics de como para escribir un filtro
- Accións
- Regras globais
- Guía para optimizar o uso límite da condición
- Para importar filtros de Wikipedia: cando teña instalada a extensión, acceda a: w:Special:AbuseFilter, seleccione un filtro (por exemplo, w:Special:AbuseFilter/3), logo prema en "Exportar este filtro a outra wiki", copie o texto, acceda a: "Special:AbuseFilter/import" na súa wiki, e pegue o texto.
- To import filters from Wikipedia: When you have installed the extension, go to w:Special:AbuseFilter, choose a filter (say w:Special:AbuseFilter/3), then click "Export this filter to another wiki", copy the text, go to "Special:AbuseFilter/import" on your wiki, paste the text.
- m:Small wiki toolkits/Starter kit/AbuseFilter - A guide for small wiki communities on metawiki
API
O filtro antiabuso engade dous módulos API, un para detalles dos filtros antiabuso ("abuseFilter") e outro para o rexistro de abuso, posto que é independiente doutros rexistros MediaWiki ("AbuseLog"). Non é posible crear ou modificar os filtros antiabusos usando a API.
list = abusefilters
Lista de información sobre os filtros
- Parámetros
abfstartid
- O identificador de filtro desde onde iniciar a enumeraciónabfendid
- O identificador de filtro onde deter a enumeraciónabfdir
- A dirección na que se enumera (máis vello, máis novos)abfshow
- Mostrar só os filtros que cumpran con este criterio (enabled|!enabled|deleted|!deleted|private|!private)abflimit
- Número máximo de filtros a listarabfprop
- *abfprop
: Propiedades mostrar (id|description|pattern|actions|hits|comments|lasteditor|lastedittime|status|private)
Cando os filtros son privados, algunha sdas propiedades especificadas con abfprop
faltarán a menos que vostede teña os dereitos de usuario axeitados.
- Exemplos
Result |
---|
{
"batchcomplete": "",
"continue": {
"abfstartid": 18,
"continue": "-||"
},
"query": {
"abusefilters": [
{
"id": 1,
"hits": 41430
},
{
"id": 3,
"hits": 957485
},
{
"id": 5,
"hits": 5931
},
{
"id": 6,
"hits": 19
},
{
"id": 8,
"hits": 7
},
{
"id": 9,
"hits": 41354
},
{
"id": 11,
"hits": 132971
},
{
"id": 12,
"hits": 139693
},
{
"id": 14,
"hits": 63
},
{
"id": 15,
"hits": 15
}
]
}
}
|
list = abuselog
Lista de casos onde as accións activan un filtro abuso
- Parámetros
aflstart
- A data e hora dende onde comezar a enumeraciónaflend
- A data e hora dende onde rematar a enumeraciónafldir
- A dirección na que se enumera (máis vellos, máis novos)afluser
- Mostrar só as entradas onde se intentou a acción por un determinado usuario ou a través da súa IP.afltitle
- Mostrar só as entradas onde as accións involucran unha páxina dada.aflfilter
- Mostrar só as entradas que activan un filtro cun ID dadoafllimit
- Número máximo de entradas a listaraflprop
- Propiedades mostrar: (ids|filter|user|ip|title|action|details|result|timestamp|hidden|revid|wiki)
- Exemplo
Result |
---|
{
"batchcomplete": "",
"continue": {
"aflstart": "2018-03-06T02:34:18Z",
"continue": "-||"
},
"query": {
"abuselog": [
{
"id": 27219261,
"filter_id": "1073"
},
{
"id": 26938051,
"filter_id": ""
},
{
"id": 23388942,
"filter_id": "1"
},
{
"id": 22044912,
"filter_id": ""
},
{
"id": 22032235,
"filter_id": ""
},
{
"id": 22032196,
"filter_id": ""
},
{
"id": 21983882,
"filter_id": ""
},
{
"id": 20594818,
"filter_id": "904"
},
{
"id": 20593489,
"filter_id": "904"
},
{
"id": 20590442,
"filter_id": "904"
}
]
}
}
|
Possible errors
- Some users might experience that creating new filters or modifying old filters fail and the user just gets redirected to the original page. If the Wiki is using SSL certificates, this error could possibly be because of the
$wgServer
value, which might be using "http://" instead of "https://". An indication of this error will be, the browser giving https warning for Special:AbuseFilter pages. (Topic:T23dyyih0ofjada5)
Integration with other extensions
You can integrate AbuseFilter with other extension in various ways.
Adding variables for filtering
It is possible to add new variables, to be used in abuse filters. A list of examples is available . To do that, you should:
- Add a handler for the AbuseFilter-builder hook. To add a variable, you should use
$builder['vars']['variable_name'] = 'i18n-key';
, wherevariable_name
is the name of the variable, andi18n-key
is the fragment of an i18n key. The full key will beabusefilter-edit-builder-vars-{$your_key}
. - Add the i18n messages you chose at the previous point.
- Choose a hook handler where the variable will be computed. Depending on your use case, you could:
- Implement the AbuseFilter-generateTitleVars hook; this is specifically thought for page-related variables;
- Implement the AbuseFilter-generateUserVars hook; this is specifically thought for user-related variables;
- Implement the AbuseFilter-generateGenericVars hook; this is for variables not bound to a specific page or user;
- Implement the AbuseFilterAlterVariables hook; this is a bit more flexible than the other hooks, but it has a downside: your variable will not be available when examining past RecentChanges entries. If you want to implement that feature (and it's recommended to do so), you should use one of the hooks listed above, and use its third parameter (
$RCRow
).
- Inside the hook handler, there are two ways to add a variable:
- The "direct" way is calling
$vars->setVar( 'var_name', var_value );
. This is ideal only when the value is easy and quick to compute: the value is computed even if no active filter will use it. - The "lazy" way is calling
$vars->setLazyLoadVar( 'var_name', 'method_name', $params );
. Here, 'method_name' is a (unique) identifier that will be used to compute the variable (it's recommended to prefix it with the name of your extension). To register the method, you should add a handler for the AbuseFilter-computeVariable hook; therein, you should check if the $method passed matches your 'method_name', and if so, compute the variable. Lastly, $params is an array of parameters that you'll need to compute the variable; these are passed to the computeVariable hook handler. For an example of this, you can check out CentralAuth'sglobal_user_groups
.
- The "direct" way is calling
Adding custom actions
You can add custom action handlers, so that each filter may perform further actions. To do that, you choose a name for the action ('my-action' from now on), and then:
- Create a class named e.g. MyAction, that should extend \MediaWiki\Extension\AbuseFilter\Consequence, which can also implement HookAborterConsequence or ConsequencesDisablerConsequence
- Add a subscriber to the AbuseFilterCustomActions hook; the subscriber should provide a callback as documented in the hook documentation, that returns an instance of the class created above, for instance:
class MyAction extends \MediaWiki\Extension\AbuseFilter\Consequence {
public function run() {
throw new \Exception( 'Write me' );
}
}
public function onAbuseFilterCustomActions( &$actions ) {
$actions[] = function ( \MediaWiki\Extension\AbuseFilter\Consequence\Parameters $params, array $rawParams ) : MyConsequence {
return new MyAction( $params, $rawParams );
};
}
Then you should add the following i18n messages; you can replace 'my_action' with e.g. 'block' to see what the messages are for:
'abusefilter-edit-action-${my_action}'
'abusefilter-action-${my_action}'
Adding rule groups
You can also add extra rule groups, which can be used to group existing abuse filters. Note that, at the moment, each filter can only be in a single group (T116642). Currently, the only known consumer of this feature is Extension:StructuredDiscussions . To do that, you should:
- Append the name of the group to
$wgAbuseFilterValidGroups
.
- Add some code to run the filters with your group. Note that AbuseFilter won't do that on its own. To do that, you should construct an
AbuseFilterRunner
object, passing in the name of your group.
Véxase tamén
- Varios wikis da WMF onde está activada (e con que configuración)
This extension is being used on one or more Wikimedia projects. This probably means that the extension is stable and works well enough to be used by such high-traffic websites. Look for this extension's name in Wikimedia's CommonSettings.php and InitialiseSettings.php configuration files to see where it's installed. A full list of the extensions installed on a particular wiki can be seen on the wiki's Special:Version page. |
This extension is included in the following wiki farms/hosts and/or packages: This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm. |
- Extensions bundled with MediaWiki 1.38/gl
- Stable extensions/gl
- User activity extensions/gl
- Special page extensions/gl
- API extensions/gl
- Extensions supporting Composer/gl
- GPL licensed extensions/gl
- Extensions in Wikimedia version control/gl
- BeforeCreateEchoEvent extensions/gl
- ChangeTagsListActive extensions/gl
- CheckUserInsertChangesRow extensions/gl
- CheckUserInsertLogEventRow extensions/gl
- CheckUserInsertPrivateEventRow extensions/gl
- ContributionsToolLinks extensions/gl
- EditFilterMergedContent extensions/gl
- GetAutoPromoteGroups extensions/gl
- GetPreferences extensions/gl
- HistoryPageToolLinks extensions/gl
- JsonValidateSave extensions/gl
- ListDefinedTags extensions/gl
- LoadExtensionSchemaUpdates extensions/gl
- PageDelete extensions/gl
- PageSaveComplete extensions/gl
- ParserOutputStashForEdit extensions/gl
- RecentChange save extensions/gl
- SaveUserOptions extensions/gl
- TitleMove extensions/gl
- UndeletePageToolLinks extensions/gl
- UploadStashFile extensions/gl
- UploadVerifyUpload extensions/gl
- UserMergeAccountFields extensions/gl
- GetUserPermissionsErrors extensions/gl
- All extensions/gl
- Extensions requiring Composer with git/gl
- Extensions used on Wikimedia/gl
- Extensions included in Canasta/gl
- Extensions available as Debian packages/gl
- Extensions included in Fandom/gl
- Extensions included in Miraheze/gl
- Extensions included in MyWikis/gl
- Extensions included in ProWiki/gl
- Extensions included in ShoutWiki/gl
- Extensions included in Telepedia/gl
- Extensions included in wiki.gg/gl
- Extensions included in WikiForge/gl
- Spam management extensions/gl