AbuseFilter can take several actions, even more than one at a time. "Logging" and "tagging" are the softer ones, and won't prevent the edit from being saved. "Throttling" and "warning" are special actions, which don't do much on their own: the former only silently increases an internal counter, while the latter warns the user about what they are going to do, letting them amend the edit according to the warning text (or avoid saving the edit at all). "Disallow" is instead a stronger action, and completely prevents the edit from being saved. The other actions, i.e. "blockautopromote", "block", "degroup" and "rangeblock", are even stronger and each of them prevents the edit from completing and applies a specific action on the user themselves. Some of these actions (specifically, block, degroup and blockautopromote) may be reverted by users with the abusefilter-revert right. It allows users to access the /revert subpage, where they can specify a time period and get a list of revertable actions performed by a specified filter. By confirming the revert, all of these actions will be undone. The form for reverting actions taken by a filter can be accessed with a link found in every filter page, right below the one for accessing the history.
List of actions
The following actions are available in the AbuseFilter extension:
All filter matches are logged in the abuse log. This cannot be turned off.
The user is warned that their edit may not be appreciated, and is given the opportunity to submit it again. You may specify a specific system message containing the warning to display.
The filter will only match if a rate limit is tripped. You can specify the number of actions to allow, the period of time in which these actions must occur, and how those actions are grouped.
The groupings are which sets of people should have aggregate (shared) throttles. That is, if you type "user", then the same user must match the filter a certain number of times in a certain period of time. You may also combine groups with commas to specify that throttle matches sharing all criteria will be aggregated. For example, using "ip,page", X filter matches in Y seconds from the same IP address to the same page will be required to trip the remainder of the actions.
Full list of filter groups:
ip– IP address.
user– User account.
range– /16 range.
creationdate– User account creation date, server time.
editcount– Edit count — hack so that you can detect distinct users.
site– The whole site.
Actions matching the filter will be prevented, and a descriptive error message will be shown.
Revoking auto-promoted groups
Actions matching the filter will cause the user in question to be barred from receiving any extra groups from
$wgAutopromote for a period ranging from 3 to 7 days (random).
This can be restored at the debug tools page.
|Warning:||This action also affects administrators, even its creator. If an administrator has his right revoked, he will not be able to access the AbuseFilter page to disable the filter or to restore his status for a while. Checking user's group first is the good way.|
Users matching the filter will be blocked indefinitely, with a descriptive block summary indicating the rule that was triggered.
Removing from privileged groups
Users matching the filter will be removed from all privileged groups (sysop, bureaucrat, etc). A descriptive summary will be used, detailing the rule that was triggered.
Somewhat of a "nuclear option", the entire
/16 range from which the rule was triggered will be blocked for 1 week.
The edit or change can be 'tagged' with a particular tag, which will be shown on Recent Changes, contributions, logs, new pages, history, and everywhere else. These tags are styleable, so you can have items with a certain tag appear in a different colour or similar.