AbuseFilter configuration

1. AbuseFilter Configuration

AbuseFilter is a powerful extension for MediaWiki that helps prevent vandalism, spam, and other disruptive behavior on wikis. It works by analyzing edits before they are saved and flagging those that match predefined patterns. This article provides a comprehensive guide to configuring and utilizing AbuseFilter, geared towards beginners. Understanding AbuseFilter configuration is crucial for maintaining a healthy and productive wiki environment. This guide will cover basic concepts, filter creation, variable usage, testing, and best practices. We'll also touch upon advanced features and troubleshooting.

Core Concepts

At its heart, AbuseFilter operates on the principle of matching regular expressions against the content of edits. When an edit is attempted, AbuseFilter evaluates it against a series of defined filters. Each filter consists of a pattern (the regular expression) and a set of actions to be taken if the pattern is matched.

Filters: These are the rules that define what constitutes potentially harmful content. Each filter has a unique ID, a name, a description, a pattern, and associated actions.
Patterns: Typically regular expressions, these define the text or code that AbuseFilter will look for in edits. They can be incredibly simple or very complex.
Variables: Predefined or user-defined variables provide context to the filter. For example, the `&title` variable contains the page title being edited, and `&user` contains the username of the editor. Using variables makes filters more flexible and accurate.
Actions: These specify what happens when a filter matches an edit. Common actions include flagging the edit for review, disallowing the edit entirely (blocking the user temporarily or permanently), tagging the edit, and sending email notifications.
Throttle: This mechanism limits the rate at which a user can perform actions (like editing) after triggering a filter. This prevents rapid-fire vandalism attempts.
History: AbuseFilter logs all flagged edits, providing an audit trail for administrators to review.

Accessing the AbuseFilter Interface

Access to the AbuseFilter interface is typically restricted to users with the `abusefilter-maintain` user right. This right is usually assigned to administrators and trusted users. The interface can be found at Special:AbuseFilter in your wiki.

Creating a New Filter

To create a new filter, navigate to Special:AbuseFilter and click the "Add filter" button. This will open a form with several fields:

Name: A descriptive name for the filter.
Description: A more detailed explanation of what the filter is intended to catch.
Pattern: The regular expression that defines the matching criteria. This is the most important part of the filter.
Public: If checked, the filter will be visible to other administrators.
Enabled: If checked, the filter will be active and will evaluate edits.
Actions: The actions to be taken when the filter matches.
Throttle: Configure throttling settings (if desired).

Let's consider a simple example: Creating a filter to block users from posting URLs to known spam websites.

1. Name: Spam URL Blocker 2. Description: Blocks edits containing URLs to known spam websites. 3. Pattern: `(https?://(www\.spamwebsite1\.com|www\.spamwebsite2\.net|example\.org))` 4. Public: Unchecked (for now) 5. Enabled: Checked 6. Actions: Disallow edit, Tag edit, Require review 7. Throttle: 1 hour block on first offense.

Understanding Regular Expressions

Regular expressions (regex) are the cornerstone of AbuseFilter. Learning regex is essential for creating effective filters. Here's a brief overview of some common regex elements:

`.` : Matches any single character.
`*` : Matches the preceding character zero or more times.
`+` : Matches the preceding character one or more times.
`?` : Matches the preceding character zero or one time.
`[]` : Defines a character class (e.g., `[aeiou]` matches any vowel).
`()` : Creates a capturing group.
`|` : Acts as an "or" operator.
`^` : Matches the beginning of a string.
`$` : Matches the end of a string.
`\d`: Matches any digit (0-9).
`\w`: Matches any word character (letters, numbers, and underscore).
`\s`: Matches any whitespace character (space, tab, newline).

Numerous online resources can help you learn regex. Regex101 ([1](https://regex101.com/)) is an excellent tool for testing and debugging regular expressions.

Utilizing Variables

AbuseFilter provides a range of predefined variables that can be used in filter patterns and actions. Some commonly used variables include:

`&title`: The title of the page being edited.
`&user`: The username of the editor.
`&ip`: The IP address of the editor.
`&text`: The content of the edit.
`&comment`: The edit summary.
`&timestamp`: The timestamp of the edit.
`&minor`: 1 if the edit is marked as minor, 0 otherwise.
`&new`: 1 if the page is being created, 0 otherwise.
`&namespace`: The namespace of the page being edited.

You can also define your own custom variables using the `defineVariable` function in the filter's pattern. This allows you to create more complex and targeted filters.

Filter Actions in Detail

AbuseFilter offers a variety of actions to respond to matched edits:

Disallow edit: Prevents the edit from being saved. This is the most aggressive action.
Tag edit: Adds a tag to the edit, making it easily identifiable in the history.
Require review: Flags the edit for review by an administrator. The edit is still saved, but it's marked for attention.
Warn user: Displays a warning message to the user.
Block user: Blocks the user for a specified duration. Use with caution.
Email notify: Sends an email notification to specified users.
Throttle: Limits the rate at which the user can perform actions.

You can combine multiple actions to create a layered response. For instance, you might disallow the edit, tag it, and require review simultaneously.

Testing Filters

Before enabling a filter, it's crucial to test it thoroughly to ensure it doesn't produce false positives (flagging legitimate edits) or false negatives (failing to catch harmful edits).

Special:AbuseFilter/test: This page allows you to test a filter against sample text.
Dry run: Enable a filter with the "Disallow edit" action but only for your own account. Attempt edits that should and shouldn't be flagged to verify its behavior.
Reviewing flagged edits: After enabling a filter, monitor the AbuseFilter history (Special:AbuseFilter/history) to review flagged edits and identify any issues.

Advanced Configuration

Complex Patterns: Use advanced regex features like lookarounds and backreferences to create highly specific filters.
Conditional Actions: Use the `if` statement within the filter pattern to execute different actions based on specific conditions.
Variable Combinations: Combine variables to create more nuanced matching criteria. For example, check if a user is new and posting URLs to suspicious websites.
Blacklists and Whitelists: Utilize external blacklists and whitelists to enhance filter accuracy.
Rate Limiting: Implement sophisticated rate limiting to combat automated attacks.

Troubleshooting

False Positives: If a filter is flagging legitimate edits, review the pattern and adjust it to be more specific. Consider adding exceptions using negative lookarounds.
False Negatives: If a filter is failing to catch harmful edits, expand the pattern to cover a wider range of possibilities.
Performance Issues: Complex filters can impact wiki performance. Optimize patterns and avoid unnecessary variables.
Filter Conflicts: Ensure that filters don't conflict with each other, leading to unexpected behavior.

Best Practices

Start Simple: Begin with simple filters and gradually increase complexity.
Document Filters: Provide clear and concise descriptions for each filter.
Regularly Review: Periodically review and update filters to maintain their effectiveness.
Collaborate: Share filters and collaborate with other administrators to improve overall wiki security.
Monitor History: Regularly monitor the AbuseFilter history to identify and address emerging threats.

Binary Options Integration (Indirectly Related - Risk Warning)

While AbuseFilter itself doesn’t directly integrate with binary options trading, it's crucial to understand the potential for scams and malicious activity related to this area. Filters can be deployed to detect and block links to fraudulent binary options websites or attempts to solicit investments through the wiki. **Important Disclaimer:** Binary options trading carries a high level of risk and is often associated with scams. This wiki does not endorse or promote binary options trading. Users should exercise extreme caution and conduct thorough research before engaging in any financial activity. Consider exploring technical analysis, trading volume analysis, indicators, trends, and various name strategies before making any investment decisions. Remember to practice proper risk management.

Related Wiki Pages

|}

Example AbuseFilter Patterns
Pattern	Description	Actions
www\.spam\.net))`	Detects URLs to example.com or spam.net	Disallow edit, Tag edit, Require review
free money)`	Detects phrases commonly used in scams	Warn user, Tag edit
porn)\b`	Detects explicit content (use with caution)	Disallow edit, Block user (temporary)
`\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}`	Detects IP addresses (useful for identifying open proxies)	Tag edit, Require review
`{{subst:unsigned}}`	Detects edits that intentionally bypass signature requirements	Warn user, Tag edit

Start Trading Now

Register with IQ Option (Minimum deposit $10) Open an account with Pocket Option (Minimum deposit $5)

Join Our Community

Subscribe to our Telegram channel @strategybin to get: ✓ Daily trading signals ✓ Exclusive strategy analysis ✓ Market trend alerts ✓ Educational materials for beginners