Extension:AbuseFilter

AbuseFilter allows privileged users to set specific controls on user activity and create automated reactions for certain behaviors.

Installation

 * Note: Requires Extension:AntiSpoof

As is standard with other MediaWiki extensions, you may install this extension by extracting the extension somewhere (usually the extensions folder), and adding require_once( '/path/to/AbuseFilter/AbuseFilter.php' ); to LocalSettings.php, and creating the tables (or running install.php).

Format of rules
The rules are formatted much as conditionals in a C/Java/Perl-like language.

Variables and literals
You can specify a literal by placing it in single or double quotes (for strings), or by typing it in as-is (for numbers, both floating-point and integer). You can get linebreaks with \n, tab characters with \t, and you can also escape the quote character with a backslash. "This is a string" 'This is also a string' 'This string shouldn\'t fail' "This string\nHas a linebreak" 1234 1.234 -123
 * Examples:

The abuse filter passes various variables by name into the parser. These variables can be accessed by typing their name in, in a place where a literal would work. You can view the variables associated with each request in the abuse log. USER_EDITCOUNT ARTICLE_RECENT_CONTRIBUTORS
 * Examples:

Simple comparisons
You can compare variables with other variables and literals with the following syntax:
 * &lt; and &gt; &mdash; Return true if the left-hand operand is less than/greater than the right-hand operand respectively.
 * &lt;= and &gt;=</tt> &mdash; Return true if the left-hand operand is less than or equal to/greater than or equal to the right-hand operand respectively.
 * ==</tt> and !=</tt> &mdash; Return true if the left-hand operand is equal to/not equal to the right-hand operand respectively.

1 == 2 Result: False 1 <= 2 Result: True 1 >= 2 Result: False 1 != 2 Result: True 1 < 2 Result: True 1 > 2 Result: False
 * Examples:

Arithmetic
You can use basic arithmetic symbols to do arithmetic on variables and literals with the following syntax:
 * -</tt> &mdash; Subtract the right-hand operand from the left-hand operand.
 * +</tt> &mdash; Add the right-hand operand to the left-hand operand.
 * *</tt> &mdash; Multiply the left-hand operand by the right-hand operand.
 * /</tt> &mdash; Divide the left-hand operand by the right-hand operand.
 * **</tt> &mdash; Raise the left-hand operand to the index specified by the left-hand operand.
 * %</tt> &mdash; Return the remainder given when the left-hand operand is divided by the right-hand operand.

1 + 1 Result: 2 2 * 2 Result: 4 1 / 2 Result: 0.5 9 ** 2 Result: 81 6 % 5 Result: 1
 * Examples:

Keywords
Two special keywords are included for often-used functionality
 * like</tt> returns true if the left-hand operand matches the glob pattern in the right-hand operand.
 * in</tt> returns true if the right-hand operand (a string) contains the left-hand operand.
 * rlike</tt> and regex</tt> return true if the left-hand operand matches the regex pattern in the right-hand operand.

"1234" like "12?4" Result: True "1234" like "12*" Result: True "foo" in "foobar" Result: True "foo" regex "\w+" Result: True
 * Examples:

Functions
A number of built-in functions are included to ease some common issues. They are executed in the general format functionName(arg1,arg2,arg3)</tt>, and can be used in place of any literal or variable. Its arguments can be given as literals, variables, or even other functions.
 * length</tt> returns the length of the string given as the first argument.
 * lcase</tt> returns the first argument converted to lower case.
 * <tt>ccnorm</tt> normalises confusable/similar characters in the argument, and returns a canonical form.
 * <tt>rmdoubles</tt> removes repeated characters in the argument, and returns the result.
 * <tt>specialratio</tt> returns the number of non-alphanumeric characters divided by the total number of characters in the first argument.
 * <tt>norm</tt> is equivalent to <tt>rmspecials(rmdoubles(ccnorm(arg1)))</tt>.
 * <tt>count</tt> returns the number of times the needle (first string) appears in the haystack (second string). If only one argument is given, splits it by commas and returns the number of segments.
 * <tt>rmspecials</tt> removes any special characters in the first argument, and returns the result.

length("Wikipedia") Result: 9 lcase("Wikipedia") Result: wikipedia ccnorm("ωɨƙɩᑭƐƉlα") Result: W1K1PED1A rmdoubles( "foobybboo" ) Result: fobybo specialratio("Wikipedia!") Result: 0.1 norm( "!!ω..ɨ..ƙ..ɩ..ᑭᑭ..Ɛ.Ɖ@@l%%α!!" ) Result: W1K1PED1A count( "foo", "foofooboofoo" ) Result: 3 count( "foo,bar,baz" ) Result: 3 rmspecials( "FOOBAR!!1" ) Result: FOOBAR1
 * Examples:

Boolean operations
You can match if and only if all of a number of conditions are true, one of a number of conditions are true, or one and only one of all conditions are true.
 * <tt>x | y</tt> &mdash; OR – returns true if one or more of the conditions is true.
 * <tt>x & y</tt> &mdash; AND – returns true if both of the conditions are true.
 * <tt>x ^ y</tt> &mdash; XOR – returns true if one, and only one of the two conditions is true.
 * <tt>!x</tt> &mdash; NOT – returns true if the condition is not true.

1 | 1 Result: True 1 | 0 Result: True 0 | 0 Result: False
 * Examples:

1 & 1 Result: True 1 & 0 Result: False 0 & 0 Result: False

1 ^ 1 Result: False 1 ^ 0 Result: True 0 ^ 0 Result: False

!1 Result: False

Order of operations
Operations are generally done right-to-left, but there is an order to which they are resolved. This is:
 * 1) Anything surrounded by parentheses (<tt>(</tt> and <tt>)</tt>) is evaluated as a single unit.
 * 2) Turning variables/literals into their respective data.
 * 3) Function calls
 * 4) Unary + and - (i.e. <tt>-1234</tt>, <tt>+1234</tt>)
 * 5) Keywords
 * 6) Boolean inversion (<tt>!x</tt>)
 * 7) Exponentiation
 * 8) Multiplication-related (multiplication, division, modulo)
 * 9) Comparisons.
 * 10) Boolean operations.

Throttle groupings
You can specify one or more, separated by commas. The way it works is that, for instance, if you use creationdate,range, there is a separate rate-limit for every creationdate-range.
 * <tt>ip</tt> &mdash; IP address.
 * <tt>user</tt> &mdash; User account.
 * <tt>range</tt> &mdash; /16 range.
 * <tt>creationdate</tt> &mdash; Creation date, server time.
 * <tt>editcount</tt> &mdash; Edit count &mdash; hack so that you can detect distinct users.
 * <tt>site</tt> &mdash; The whole site.
 * <tt>page</tt> &mdash; Page