Extension:CrowdSec

MediaWiki extensions manual

CrowdSec Release status: experimental
Implementation	Page action
Description	Bouncer Integration with CrowdSec for anti-spam.
Author(s)	MPThLeetalk
Latest version	0.20.0
MediaWiki	1.39+
License	GNU General Public License 2.0 or later
Download	GitHub: project page git repository URL [help ] commit history Note: No localisation updates are provided by translatewiki.net .
Parameters $wgCrowdSecEnable $wgCrowdSecAPIUrl $wgCrowdSecAPIKey $wgCrowdSecCache $wgCrowdSecCacheTTL $wgCrowdSecFallback $wgCrowdSecRestrictRead $wgCrowdSecTreatTypesAsBan $wgCrowdSecReportOnly
Added rights crowdsec-bypass
Hooks used AbuseFilter-computeVariable AbuseFilter-generateUserVars AbuseFilter-builder getUserPermissionsErrors OtherBlockLogLink

This extension adds anti-spam integration with CrowdSec. It works as a bouncer, so it is mandatory to set up the CrowdSec Agent as well.

• Download on GitHub and place the file(s) in a directory called CrowdSec in your extensions/ folder.
• Add the following code at the bottom of your LocalSettings.php file:

  wfLoadExtension( 'CrowdSec' );
  

• Configure as required.
• Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Follow this documentation from CrowdSec. You may need to set up collections, logs, and more.

Then, you need to get a bouncer API token.

sudo cscli bouncers add mediawiki-bouncer

Remember the token key. It needs to be added to the extension configuration.

It is highly recommended to register with the Central API to pull blocklists from remote sources.

sudo cscli capi register

wfLoadExtension( 'CrowdSec' );
$wgCrowdSecAPIKey = ""; // Put LAPI key here.

This is the basic configuration. More configurations are documented in the README.

• There is no challenge method implemented. You can treat captcha decisions as bans using $wgCrowdSecTreatTypesAsBan.
  • It is recommended to use this extension with Extension:ConfirmEdit, which can block certain actions.
• This extension has been tested on MediaWiki 1.43. The minimum required version is 1.39+. It may work on older versions.

This extension integrates with AbuseFilter. The variable crowdsec_decision represents the CrowdSec decision:

• ok: The user is allowed to proceed.
• ban: The user is banned according to LAPI.
• error: The LAPI request failed.
• unknown: Failed to retrieve the user's IP.
• ... and various (custom) types from CrowdSec, including captcha.

• crowdsec-bypass - Allows users to bypass the CrowdSec check.

• Extension:StopForumSpam - The main functionality is based on this extension.