Extension talk:AbuseFilter

Archives
Flow cleanup bot exports 2016 2017 2018 2019 2020 2021 2022 2023 Hidden topics

... and thus " (only supported in the latest, development version)" can and should be removed from the "Parameters"-table in the rows "$wgAbuseFilterCentralDB" and "$wgAbuseFilterIsCentral". 2A0A:A548:3F69:0:6BEC:4EED:E780:9DC6 (talk) 07:20, 19 October 2024 (UTC)Reply

Done Ciencia Al Poder (talk) 09:20, 20 October 2024 (UTC)Reply

I've wanted to make a filter to stop whitespace edits from new and anonymous users, but it doesn't seem to be working at all. Here's the code I have:
action == "edit" & old_wikitext == new_wikitext & (edit_delta < -2 | edit_delta > 2) & !page_recent_contributors
Any suggestions on how to fix this? 67.146.11.202 19:21, 26 December 2024 (UTC)Reply

old_wikitext == new_wikitext means the old and new wikitext are the same, including whitespace changes, which cannot be achieved (the system won't allow such an edit). To disregard whitespace, you will need something like rmwhitespace(old_wikitext) == rmwhitespace(new_wikitext).

!page_recent_contributors means "there are no recent contributors to the page." Which is true when creating a new page. You probably want something like ! user_name in page_recent_contributors.

You will also need a definition for a "new user", like ! 'confirmed' in user_groups. --Matěj Suchánek (talk) 11:04, 27 December 2024 (UTC)Reply

I substituted the "confirmed" part for users with less than 10 edits and the old_wikitext == new wikitext for the rmwhitespace(old_wikitext) == rmwhitespace(new_wikitext). Does the edit_delta section matter in any way? 67.146.11.202 01:57, 1 January 2025 (UTC)Reply

Depends. You may want allow newbies to fix a typo ("likethis") by adding a space. edit_delta > 2 means you allow edits where at most 2 such typos are fixed (with no other change made). IMHO this is reasonable. --Matěj Suchánek (talk) 09:16, 1 January 2025 (UTC)Reply

I made some changes and played around with what you suggested, and came up with this: action == "edit" & rmwhitespace(old_wikitext) == rmwhitespace(new_wikitext) & (edit_delta < -2 | edit_delta > 2) & ! user_name in page_recent_contributors & (user_editcount < 10 | user_age <  345600)

This still doesn't quite solve it, but it's getting closer to what I'd like my final product to be. 67.146.11.202 16:54, 1 January 2025 (UTC)Reply

I'm still looking for advice on using the rmwhitespace(old_wikitext) == rmwhitespace(new_wikitext) because I tested the filter and it couldn't find any results (checked over the last 3 months; there should've been a couple according to the recent changes history there) and still didn't catch them. Any fixes for this?

Not sure if this still applies but I did try out the autoconfirmed part the (user_editcount < 10 | user_age < 345600) will work (IE account has less than 10 edits or is less than 4 days old). I feel like this will work but is a side thing to the main issue I'm dealing with. 67.146.11.202 03:53, 5 January 2025 (UTC)Reply

Weird. When use the test tools on my wiki, it finds a fresh edit with only whitespace changes. And the expression evaluates true for other recent changes like [1][2]. Not sure what is wrong. --Matěj Suchánek (talk) 10:15, 5 January 2025 (UTC)Reply

I'm curious on whether or not I need to "define" if a user in is what group (either not logged in or a new editor). I'll come back in a few days with any updates if I do get the filter working. 67.146.11.202 03:46, 6 January 2025 (UTC)Reply

It's been just over a week, and I haven't been able to look at this too much, but I've been playing around with removing certain parameters from the existing code that I have and adding some parentheses from rmwhitespace(old_wikitext) to the edit_delta parameters. I also looked at the other changes from CS wiki that had whitespaces, I'm not sure what I'm doing wrong as the filter still isn't recognizing the whitespace edits. Edits like 1, 2, 3, 4 and 5 are whitespace ones but there are several that predate the filter so therefore wouldn't be tagged anyway.

Note: breaking up links so it doesn't trigger the external links filter (likely for spam purpose) 67.146.11.202 19:06, 14 January 2025 (UTC)Reply

It should be made clear that the condition rmwhitespace(old_wikitext) == rmwhitespace(new_wikitext) itself would, in my opinion, have caught all the edits you linked. But obviously not the filter. Because (edit_delta < -2 | edit_delta > 2) with edit_delta = 1 evaluates to (1 < -2 | 1 > 2) → (false | false) → false. Matěj Suchánek (talk) 08:44, 15 January 2025 (UTC)Reply

I see now, thanks. I'll tweak the filter and come back on here tomorrow morning (for me) on if there are any updates and if I have fixed it yet. 67.146.11.202 00:56, 16 January 2025 (UTC)Reply

So I've split the code into segments to try and pick out where it's going wrong. I changed the expression to edit_delta > -2) | (edit_delta < 2 with parentheses around the expression to make it specific. Maybe it's rmwhitespace(old_wikitext) == rmwhitespace(new_wikitext) looking for the article text being the exact same. I'm getting close to a solution, but the second expression still seems to be getting me. Is that the issue or something else? 67.146.11.202 03:21, 19 January 2025 (UTC)Reply

If you expect the filter to catch these five edits, the edit_delta condition is wrong either way. When you open the history page of any of these pages, you will see (+1) indicator at every edit in question. So your condition on edit_delta must be satisfied (at least) for one.

Note that (edit_delta > -2) | (edit_delta < 2) is always satisfied. If the delta is less than 2, it is satisfied. If it's greater than or equal to 2, then it must be greater than 1, 0, -1, -2, etc., therefore it's satisfied, too. --Matěj Suchánek (talk) 20:17, 19 January 2025 (UTC)Reply

There was only one change that should come up once I get the filter edit_delta paramaters fixed so it looks for greater than -2 OR less than +2 in terms of size (maybe looking an AND instead). I'm still playing around with the filter now and will come back in a few days again if I have made any progress in terms of fixes or not. 67.146.11.202 21:49, 19 January 2025 (UTC)Reply

Also, on an unrelated note, I was able to partially fix it by removing ! user_name in page_recent_contributors in the filter. Not sure if that detected all edits there but it did on the most recent whitespace edit by an IP, but not to a logged-in account. 67.146.11.202 21:59, 19 January 2025 (UTC)Reply

I downloaded the abusefilter and is in my file explorers but I don't know how to use it I am a noob at this thing so can you tell me how I use it? Thrusterboosts (talk) 03:48, 14 January 2025 (UTC)Reply

After you have finished Extension:AbuseFilter#Installation, go to Special:AbuseFilter/new and create a new filter at your will.

Extension:AbuseFilter/Rules format, Extension:AbuseFilter/Actions and w:Wikipedia:Edit filter/Documentation can be particularly helpful. --Matěj Suchánek (talk) 08:55, 14 January 2025 (UTC)Reply

Tried to import a script from another wiki but it gives me the following error:

"The data you tried to import is not valid"

the script in question: {"data":{"rules":"action == \"edit\"\r\n\u0026 user_editcount == 0\r\n\u0026 old_size == 0\r\n\u0026 user_age \u003C 432000\r\n\u0026 ( count(all_links) \u003E= 1\r\n| contains_any( lcase(added_lines), \"my homepage\", \"my home page\", \"my home-page\", \"my weblog\", \"my web blog\", \"my blog\", \"my web page\", \"my webpage\", \"my web-page\", \"my site\", \"my website\", \"my web-site\", \"my web site\", \"my essay\", \"my paper\", \"research paper\", \"contrast essay\", \"synthesis essay\", \"our customers\", \"cv\", \"real estate\", \"loan\", \"insurance\", \"for sale\", \"service\", \"porn\", \"OnlyFans\", \"pornstars\", \"Tiktok.Pornstars\", \"carpet cleaning\", \"carpetcleaning\") )\r\n\u0026 !contains_any( lcase(added_lines), \"sonic\", \"video games\", \"game\", \"guide\", \"walkthrough\", \"nintendo\", \"sony\", \"playstation\", \"microsoft\", \"wiki\", \"editor\", \"task\", \"tasks\")","name":"No Spam In Our House","comments":"Prevents spam page creation\u2014particularly those advertising unsavory services\u2014from brand new accounts with no other edits. There's a slew of false-positive-preventing phrases in the fold, so it really should only impact bad actors.","group":"default","actions":{"block":["noTalkBlockSet","3 days","3 days"],"disallow":["abusefilter-disallowed"]},"enabled":true,"deleted":false,"hidden":true,"global":false},"actions":{"block":["noTalkBlockSet","3 days","3 days"],"disallow":["abusefilter-disallowed"]}} AdmiralJuicy (talk) 14:01, 24 January 2025 (UTC)Reply

@AdmiralJuicy: Is "block" action enabled on your wiki? --Matěj Suchánek (talk) 17:22, 27 January 2025 (UTC)Reply

Yes 149.90.91.9 17:27, 27 January 2025 (UTC)Reply

I see the problem now. The export lacks the "privacylevel" key under "data". You are likely exporting from wiki running an older version. See https://phabricator.wikimedia.org/T365740. --Matěj Suchánek (talk) 19:40, 27 January 2025 (UTC)Reply

On wikis where you can easily become abuse filter admins, they may set it so no edit gets allowed on any page. This is why we really need a localsettings.php option that lets you whitelist pages from the abuse filter. That means abuse filter can warn on those pages but can’t disallow or block or block auto promote. 185.137.137.154 09:36, 17 May 2025 (UTC)Reply

It's almost certainly not a good idea to grant abuse filter editing perms so widely, but Extension:AbuseFilterBypass does exist to solve a similar problem. * Pppery * _{it has begun} 14:51, 19 May 2025 (UTC)Reply

It doesn’t solve any of the problems in my question. Also the whitelist applies to all users and all pages. 185.137.137.154 07:55, 24 May 2025 (UTC)Reply

Is there a variable or other way to get the post-edit wikitext of the page, but with all templates, magic words, etc. expanded? Basically a cross between the new_wikitext variable and Special:ExpandTemplates. I'm almost certain there's not, but I thought I'd ask to make sure I'm not missing something. My use case is for a filter that detects when a user adds a category to their personal CSS/JS, which can be done through a template. Alternatively, I'd settle for a way of detecting the total number of categories on the page after the edit, or being able to access a list/array containing all the page's categories. Mr. Starfleet Command (talk) 04:41, 22 June 2025 (UTC)Reply

@Mr. Starfleet Command No, unfortunately. We don't have anything beyond pre-save transforms. I did find phab:T60954, which is a feature request for a category-related variable but there hasn't been any progress since 2013. For now, you'll need to use a regex tailored to the specific templates to achieve what you're after. Dragoniez (talk) 08:07, 22 June 2025 (UTC)Reply

Ok, thanks for the info. Mr. Starfleet Command (talk) 13:46, 22 June 2025 (UTC)Reply

I meet this when I update to mw 1.43.3:

MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager::canSeeLogDetailsForFilter(): Argument #2 ($privacyLevel) must be of type int, null given, called in /usr/share/nginx/html/wiki/extensions/AbuseFilter/includes/Pager/AbuseLogPager.php on line 196
Backtrace:
from /usr/share/nginx/html/wiki/extensions/AbuseFilter/includes/AbuseFilterPermissionManager.php(201)
#0 /usr/share/nginx/html/wiki/extensions/AbuseFilter/includes/Pager/AbuseLogPager.php(196): MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager->canSeeLogDetailsForFilter()
#1 /usr/share/nginx/html/wiki/extensions/AbuseFilter/includes/Pager/AbuseLogPager.php(84): MediaWiki\Extension\AbuseFilter\Pager\AbuseLogPager->doFormatRow()
#2 /usr/share/nginx/html/wiki/includes/pager/ReverseChronologicalPager.php(134):  MediaWiki\Extension\AbuseFilter\Pager\AbuseLogPager->formatRow()
#3 /usr/share/nginx/html/wiki/includes/pager/IndexPager.php(601): MediaWiki\Pager\ReverseChronologicalPager->getRow()
#4 /usr/share/nginx/html/wiki/extensions/AbuseFilter/includes/Special/SpecialAbuseLog.php(673): MediaWiki\Pager\IndexPager->getBody()
#5 /usr/share/nginx/html/wiki/extensions/AbuseFilter/includes/Special/SpecialAbuseLog.php(248): MediaWiki\Extension\AbuseFilter\Special\SpecialAbuseLog->showList()
#6 /usr/share/nginx/html/wiki/includes/specialpage/SpecialPage.php(728): MediaWiki\Extension\AbuseFilter\Special\SpecialAbuseLog->execute()
#7 /usr/share/nginx/html/wiki/includes/specialpage/SpecialPageFactory.php(1717): MediaWiki\SpecialPage\SpecialPage->run()
#8 /usr/share/nginx/html/wiki/includes/actions/ActionEntryPoint.php(504): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#9 /usr/share/nginx/html/wiki/includes/actions/ActionEntryPoint.php(146): MediaWiki\Actions\ActionEntryPoint->performRequest()
#10 /usr/share/nginx/html/wiki/includes/MediaWikiEntryPoint.php(200): MediaWiki\Actions\ActionEntryPoint->execute()
#11 /usr/share/nginx/html/wiki/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#12 {main}

Tunglinwu (talk) 08:25, 22 August 2025 (UTC)Reply

What is your HEAD of MediaWiki (core) and AbuseFilter? --Matěj Suchánek (talk) 16:01, 24 August 2025 (UTC)Reply

MediaWIKI 1.43.3

AbuseFilter(f16f3d0) Tunglinwu (talk) 14:39, 26 August 2025 (UTC)Reply

It looks like a database problem on your end to me. There is an entry in the abuse log for which no abuse filter exists (or some af_hidden is null, but this doesn't look possible). Do you have afl_filter_id populated correctly (i.e., no zeros)? --Matěj Suchánek (talk) 18:43, 26 August 2025 (UTC)Reply

I read my database, afl_filter_id & af_hidden almost is 0. Tunglinwu (talk) 14:38, 27 August 2025 (UTC)Reply

afl_filter_id being 0 probably means it has not been migrated from the old afl_filter field. See phab:T220791. --Matěj Suchánek (talk) 07:39, 1 September 2025 (UTC)Reply