Extension talk:AbuseFilter

About this board

19 previous topics. Previous discussion was archived at Extension talk:AbuseFilter/Archive 1 on 2016-10-24.

Function to decode HTML entities in abuse filters

1
Surjection (talkcontribs)

Is there a function that decodes HTML character entities in abuse filters (including decimal and hexadecimal character references)?

RockfordRoe (talkcontribs)

Heyo, my wiki is being frequently vandalized with the string: {{#ev:youtube|v=zI0Jd8iW6PU}}, And I'm not sure how to prevent it. I tried to add it to the noccnorm condition, but nothing seems to be triggering it. I'm not sure if I can export it due to the popularity of the wiki.

Ciencia Al Poder (talkcontribs)

Just prevent anons from adding {{#ev:youtube in added_lines?

RockfordRoe (talkcontribs)

Didn't work

Reply to "Prevent template spam?"
Johannnes89 (talkcontribs)

Hi there, I am sysop in deWP and this night a long time vandal was catched in our abusefilter but then his edit frequency caused some of our filters to be throttled. Two filters (302/333) still appear as throttled which got me worried. I didn't want to block the vandal right away in order to get more information about his edit behaviour.

But even when being throttled the filters successfully prevented all of the vandals edits. In Extension:AbuseFilter#Emergency throttling it says „When a filter gets throttled, it doesn't perform any dangerous action (the ones that can prevent the ongoing action), and only "safe" actions are allowed“ I always thought this would mean the edits could pass by the filter without being disallowed? (I was worried about that and relieved that the filters continued working)

Ciencia Al Poder (talkcontribs)

Dangerous actions are those listed in the $wgAbuseFilterActionRestrictions configuration variable with a value of "true" (blocking, removing from groups), but not disallowing the edit or warning. I've clarified this on the throttling section.

About the throttle, this is a problem that happens from time to time because of the logic. See task T210151

Johannnes89 (talkcontribs)

Ahh thanks for clarification! :)

My AbuseFilter not working properly.

20
Summary by Farvardyn

Thanks a lot to all!

Farvardyn (talkcontribs)

I exported Special:AbuseFilter/5 (User self-renaming or moving user talk pages into article talk space) and Special:AbuseFilter/12 (Replacing a page with obscenities) then imported to my wiki. It seems everything is installed properly and I did set them as Disallow/Enabled/Hidden. Then with another non-admin ordinary account, I tried to add <nowiki>#REDIRECT [[Talk:Test]]</nowiki> in my non-admin talk page, and it did not catch it. The same with second functionality above: I added a bad word (the word starting with f), and it did not hit it niether. The filter was set as 'Disallow', so why why hitting/disallowing was not working fine?

Daimona Eaytoy (talkcontribs)

For filter 5, adding #REDIRECT [[Talk:Test]] to a page is not supposed to cause a match, because this text doesn't match the regular expression used by the filter. Likewise, filter 12 has nothing to do with bad words at all. Are you sure that the links above are correct?

Farvardyn (talkcontribs)
Dinoguy1000 (talkcontribs)

In your first comment, you linked to filters on both MediaWiki.org (this site) and English Wikipedia. Daimona probably just missed this. Wikipedia's filter 5 only triggers on page moves, so simply editing your user talk page and replacing the contents with a redirect won't trigger it. Filter 12 only triggers if the edit includes a reduction in the page size (i.e. replacing most or all of the page's content) along with the profanity, so simply adding a swear also won't trigger it.

Farvardyn (talkcontribs)

@Daimona Eaytoy @Dinoguy1000 I also installed both `New user blanking articles` and `Large deletion from article by new editors` with Warn,Disallow and default error message for both: `abusefilter-warning` and `abusefilter-disallowed`. Then as normal user I tried to large edit and blanking an article, and I got this message:

`[Xrqt36tVvzaBrdFz40ulNwAAA4I] 2020-05-12 14:08:32: Fatal exception of type "Error"`

I tried also by disabling the extension completely and I could large delete/blanking an article and I could do, so I assume one of these filters is triggered and is working fine to disallow/warn it. But why I don't see any static hit (still 0) with irrelevant error message as I did not customize error messages.

Dinoguy1000 (talkcontribs)

A fatal exception means that somewhere the code errored out. Since it didn't log any action, it probably happened before the extension would have logged it. But I can't help with this problem further than that; you'll need someone who's familiar with the code side of the extension probably.

Daimona Eaytoy (talkcontribs)

So you meant filter 5 and 12 on enwiki IIUC. The links above point to filters 5 and 12 on mediawikiwiki, aka the wiki we're on currently. Assuming that I got it right this time, here are the answers.

  • Filter 5: It catches page moves, not redirections. So, in order to trigger it, you'd have to move your own user page to another title in the User: namespace.
  • Filter 12: The filter has too many conditions for me to be able to guess what went wrong. You have to ensure that the account you're using has no more than 30 edits, that the size of the page before and after the edit matches the numbers there, and that the new content of the page matches the regexp used by the filter.
Daimona Eaytoy (talkcontribs)

Whoops, I see Dinoguy1000 replied while I was writing, and the answers are indeed correct.

As for the error: the first thing that comes to mind is, ensure you have installed composer dependencies, especially wikimedia/equivset, as that's needed for using ccnorm. Aside from that, I'd need to see the complete stack trace of the error to understand what's going on (see Manual:How to debug).

Farvardyn (talkcontribs)

@Daimona Eaytoy@Dinoguy1000 Thanks for trying to help. I did read the how to debug link. As about below in index.php:


    error_reporting( -1 );


    ini_set( 'display_startup_errors', 1 );


    ini_set( 'display_errors', 1 );


I got no error. As about:


$wgDebugDumpSql = true;


$wgShowSQLErrors = true;


$wgShowDBErrorBacktrace = true;


$wgDebugLogFile = "debug-{$wgDBname}.log";


I got this trace error: [EDITED by Farvardyn] so I did run composer under AbuseFilter/ folder then `utfnormal` and `equivset` got installed. I also make sure my test account has no more than 30 contribs. But this time, with my test account I can largely delete an article and blank it with no error. This time I get no error nor blanking/largely deletion is trigerred! What else should I do? I highly appreciate your help.

Daimona Eaytoy (talkcontribs)

Glad to see that the first issue is now resolved! As above, unfortunately, there's not much we can do. I can just copy below the conditions checked by the filter, and you could make sure that all of these are satisfied:

  • No more than 30 contribs
  • Page size before the edit greater than 300 bytes, and lower than 300 bytes after the edit, OR more than 5000 bytes removed with the edit
  • The page is not a redirect
  • The page title doesn't contain any of "Sockpuppet investigations", "Sandbox", or the username of the test account
  • The new text of the page contains one of the bad words
  • The old text of the page doesn't contain one of those bad words
Farvardyn (talkcontribs)

@Daimona Eaytoy May I invite you to see that on my wiki? The page I tried blanking is: [EDITED by Farvardyn] and I will delete this link from here after you got it. Please create an account and try to blank it. Let me know which permissions do you need that I grant them to your account in order to test it. After that I can delete your account if you wish to not stay in my wiki. I highly appreciate your help.


Daimona Eaytoy (talkcontribs)

Thank you for sharing the link! AFAICS, you did indeed blank the page, but did not add any bad word. Both conditions should hold. Your blankings are perfect, just make sure to add a bad word as well the next time you try blanking the page :-)

Farvardyn (talkcontribs)
Farvardyn (talkcontribs)

I googled how to translate abusefilter-warning and abusefilter-disallow messages, that it always shows the translated version rather than English and found nothing in google. Please advise. @Daimona Eaytoy @Dinoguy1000

Daimona Eaytoy (talkcontribs)

Since they're custom system messages (see this page for help, I don't know if there's a more appropriate one), I'm not sure if there's a built-in way to translate them. I have little knowledge of the matter.

Dinoguy1000 (talkcontribs)

The translation method for built-in messages (i.e. subpages of the message with the subpage name being the ISO 639 language code for the language being translated to, e.g. for a French translation of a built-in message MediaWiki:Foobar, you would go to MediaWiki:Foobar/fr) might also work for custom messages, though I've never tried it myself.

Farvardyn (talkcontribs)

How can I set a custom translation for built-in message like abusefilter-disallow? I avoid automatic translation like google translator, I want to set a custom translation. How can I do so? @Daimona Eaytoy @Dinoguy1000

Dinoguy1000 (talkcontribs)

Do you mean abusefilter-disallowed? abusefilter-disallow isn't a built-in message. In any case, for built-in messages, you would determine the language tag for the language you want to translate to (Wikipedia has lists of these, linked from the ISO 639 page), and add that as a subpage name for the message you want to translate (e.g. for a French version of abusefilter-disallowed, it would be abusefilter-disallowed/fr). Note that built-in messages of MediaWiki itself, and any extensions used by WMF wikis (such as AbuseFilter), are already likely to be translated into most popular languages, so any built-in messages you're interested in translating may already have been translated into the language(s) you're interested in. This should be self-evident when you view the appropriate subpages, since you'll see translated content there instead of the generic "page doesn't exist" message.

Farvardyn (talkcontribs)

Got it. Thanks. Just one more question: CommentStreams added `staff` user group. Any other user groups are already translated except this one.How can I translated a user group? @Dinoguy1000 @Daimona Eaytoy

Farvardyn (talkcontribs)

The main reason I want to customize Mediawiki:abusefilter-disallowed is that I want to use Fmbox template to add an icon beside the text. But if I use any of Mbox templates, it looks like https://i.stack.imgur.com/1swED.png because Mediawiki:abusefilter-disallowed already uses a red box by default itself too. How to fix it? @Daimona Eaytoy@Dinoguy1000

Reply to "My AbuseFilter not working properly."
Summary by MarioSuperstar77

Could figure out the issue.

MarioSuperstar77 (talkcontribs)

I made a rule specifically to prevent new users from making unconstructive edits, but it flags when any new account is created with an email address specifically.

(user_editcount <3 &

((edit_delta < -1000)&(
 added_links))
) | (user_editcount <1 &(
 edit_delta < -3000)
)

How would you write the rule for it to work as intended?

Daimona Eaytoy (talkcontribs)

It depends on the definition of "new users" and "unconstructive edits", this way is a bit too vague. The code above seems sensible to me. If you want to exlude users with a verified email address, you should check that user_emailconfirm === null.

MarioSuperstar77 (talkcontribs)

I edited my post, I think I misspoke what I meant was my issue.

Daimona Eaytoy (talkcontribs)

Ah, I understand now. For account creations, you have edit_delta === null, and as in PHP, null is smaller than any number, so edit_delta < -3000 is true. So you have to check that action === 'edit'.

MarioSuperstar77 (talkcontribs)

When someone tries to make an account with an email it still trips the abuse filter.

action === 'edit' & (user_editcount <3 &

((edit_delta < -1000)&(

  added_links))

) | (user_editcount <1 &(

  edit_delta < -3000)

) | (user_editcount <1 &(

  added_links))

Daimona Eaytoy (talkcontribs)

There are missing parentheses. Right now what you have is equivalent to action === 'edit' & cond1 | cond2 | cond3. In the AbuseFilter language, like in many other programming languages (e.g. PHP, JavaScript, C), logical AND has higher precedence than OR, so that code is equivalent to (action === 'edit' & cond1 ) | cond2 | cond3, which means the action check is only applied to cond1. Instead, what you want is action === 'edit' & ( <conds here> ). I should also note that this filter will catch edits by registered users, unsure if this is what you want. If not, you also need to check that action === 'edit' & user_groups contains "user" & ( <the rest> ).

MarioSuperstar77 (talkcontribs)

The name of the rule is "New user removes text and adds links", so it is to prevent spam on my wiki. Thanks for the help!

103.88.223.179 (talkcontribs)

Hello folks, I'm using MediaWiki 1.34 and was trying to install this extension but each time I save the code "wfLoadExtension( 'AbuseFilter' );" in my LocalSetting.php I see this error "HTTP ERROR 500". I tired with different versions 1.31, 1.35 and the master but all return with the same error so can someone please tell if there is something I'm not doing the right way?

MediaWiki 1.34.0
PHP 7.3.22 (cgi-fcgi)
MySQL 5.7.28-log
ICU 63.1
Lua 5.1.5

Thank you

Ipsha

Daimona Eaytoy (talkcontribs)

Hey! Without further information it's basically impossible to understand what's going on. It might be a configuration issue, or perhaps an AbuseFilter bug. I suggest following this guide to get detailed PHP error messages, and then posting it back here.

103.88.223.179 (talkcontribs)

Thank you for replying, so after following your instructions, I first tried with the master version and I was encountered with:

Fatal error: Uncaught ExtensionDependencyError: Abuse Filter is not compatible with the current MediaWiki core (version 1.34.0), it requires: >= 1.36.0.

which is understandable so I then tried with 1.31 and it returns with:

Fatal error: Uncaught Error: Call to undefined method ObjectCache::getMainStashInstance() in /extensions/AbuseFilter/includes/AbuseFilterHooks.php:310 Stack trace: #0 /includes/libs/objectcache/BagOStuff.php(133): AbuseFilterHooks::{closure}(30) #1 /extensions/AbuseFilter/includes/AbuseFilterHooks.php(311): BagOStuff->getWithSetCallback('$wgDBname:abuse...', 30, Object(Closure)) #2 /includes/Hooks.php(174): AbuseFilterHooks::onGetAutoPromoteGroups(Object(User), Array) #3 /includes/Hooks.php(202): Hooks::callHook('GetAutoPromoteG...', Array, Array, NULL) #4 /includes/Autopromote.php(48): Hooks::run('GetAutoPromoteG...', Array) #5 /includes/user/User.php(3367): Autopromote::getAutopromoteGroups(Object(User)) #6 /includes/user/User.php(3340): User->g in /extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 310


Thank you

Daimona Eaytoy (talkcontribs)

That kind of error is expected: the compatibility policy of AbuseFilter, like for the majority (I think) of MediaWiki extensions, is "rel", which means that the 1_XX release of AbuseFilter is only compatible with MediaWiki 1_XX. So in your case, if you're using MediaWiki 1.34.0, you should download version 1.34.0 of AbuseFilter. I should also note that MediaWiki 1.34 is EOL, but that's not related to the issue you're facing.

103.88.223.179 (talkcontribs)

I installed the 1.34.0 version of AbuseFilter but now when I visit the Special:AbuseFilter/import and click on the "Import data" button it takes me to Special:AbuseFilter/new without saving the data and when I'm trying to create a new filter at Special:AbuseFilter/new it's not saving the data at all and again returned to the same page without any error message. So any idea if there is a bug or something? I'm not seeing any error message so I'm unsure what to post here.

Ciencia Al Poder (talkcontribs)
103.88.223.151 (talkcontribs)

So I contacted my service provider and they tried multiple settings but the error is still there. They replied that:

As this is a wiki custom site, I will recommend to contact wiki to provide recommendations on resolving this.

I can confirm modsecurity is not blocking processes as the enhanced security is disabled for the domain

In the link provided by @Ciencia Al Poder: above it says "If even saving a very simple edit gets you redirected to the main page, or to the same page without the edit appearing, it may be a problem with how you've set up $wgServer or some other configuration variable that controls the path of the index.php script, or conflicts with rewrite rules in your webserver's configuration." I tried using different browsers and set the below code in my LocalSetting

$wgServer =

$wgCanonicalServer =

The site is running on PHP 7.3 CGI and have the following settings in my htaccess

RewriteEngine On

RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/index.php [L]

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d

RewriteRule ^/?images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2 [L,QSA,B]

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d

RewriteRule ^/?images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]

<IfModule LiteSpeed>

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC] RewriteRule .* - [E=Cache-Control:vary=ismobile]

RewriteRule .* - [E=Cache-Vary:stopMobileRedirect,mf_useformat]

</IfModule>

<IfModule LiteSpeed>

   CacheLookup on

   </IfModule>

   

<FilesMatch "sitemap\.xsl$">

Allow from all

</FilesMatch>

But the filter is still not working properly so am I missing something?

Ciencia Al Poder (talkcontribs)

You must look in the development console of your browser (hit F12), go to the network tab, and look at the request when you submit the form to save the filter. If you get a POST and then a GET of the same page (because the POST is issuing a redirect), the data is lost, because HTTP redirects change the method (from POST to GET), discarding all the data.

Reply to "HTTP ERROR 500"

Why is $wgAbuseFilterActions's "degroup" = true by default?

4
Joeytje50 (talkcontribs)

The degroup ABF action to me seems like the most nuclear option in the entire extension. Consider a hypothetical where I'd go rogue on a wiki where I'm admin (not bureaucrat, so I shouldn't be able to remove admin rights of fellow admins or from bureaucrats normally), and I create a filter like this:

user_name !== "Joeytje50"

with the actions "Disallow, Block, Degroup". Any action that can trigger an ABF action, will trigger an ABF action, and to my knowledge there's nothing stopping my hypothetical rogue action from blocking out everyone else on the wiki, giving me free reign to ruin the wiki all the way until the sysadmins stop me.

All of this could be justified if the existance of such a tool was just too darn useful. However, on top of its incredible desctructive power, I can literally think of not a single legitimate application for this ABF action. There are two worst-case scenarios (where an AbuseFilter would 'save the day') I'd like to consider here:

Worst-case scenario #1: Rampant vandal with a bot account, vandalising huge amounts of pages (or bot-reverting them to a previous state).

Luckily, you have a magic abusefilter set up to detect exactly this behaviour. The actions taken are: Disallow, Block, Degroup. AbuseFilter saved the day!
However, in the real world, I would not trust any automated system to be flawless. The way safer solution would be to take the actions: Disallow, Block. The block action already prevents the vandal from doing any further harm, and can then decide whether the user should be unblocked. There is no need to hurry with the removal of privileges; if that is at all necessary (i.e. the ABF was not a false positive), a bureaucrat can come in and take away these bot rights.

Worse-case scenario #2: Rogue admin vandalising huge amounts of pages (or mass-deleting pages, or merging every single File: page onto a single page causing a huge mess).

Luckily, you've got a magic abusefilter predicting this exact type of rogue admin! You and your crystal ball can happily sit back and relax, because the actions taken are: Disallow, Block, Degroup. Abusefilter saved the day once again!
However, this admin was clever enough to come up with some devilish plan to mass-delete or mass-merge pages to cause havoc. Do you think this rogue admin would not be able to come up with the more devilish plan to strip all of his fellow admins from all of their rights through an abusefilter?

Admittedly, having a possibility for an automated process to revoke rights might be useful in some specific situations where an administrator has gone rogue, but given the situation of a rogue admin, I think the availability of this nuclear button only makes rogue admins more dangerous, not less.

To me, this action only seems safe if the 'degroup' action would be restricted to users that have the actual right to remove the highest possible removeable group. For example, if 'degroup' is able to remove 'bot' and 'rollback', then restrict editing abusefilters with this action taken only to users with the right to remove 'bot' and 'rollback' (probably Admins and higher). If 'degroup' is able to strip even 'admin' and 'bureaucrat' privileges, then editing any abusefilter with this action enabled on it should be limited to only groups that have the privileges to remove 'bureaucrat' and 'admin' from other users. If this restriction is not present, then my opinion is that this feature only ever offers more destructive than preservative control, for the reasons explained above.

Please make the 'degroup' action a disabled action by default, until degrouping is restricted to something that prevents abuse, e.g. something similar to what I described in my previous paragraph, or perhaps some other system where there would be legitimate applications for this feature.

Daimona Eaytoy (talkcontribs)

I partly agree with your rationale, in that degroup is indeed a nuclear option, and that I can't really think of a use case. However, I should note that it was disabled by default almost two years ago, see gerrit:468696, included in MediaWiki 1.34.

Joeytje50 (talkcontribs)

So then the documentation on the extension page is just wrong right now?

Daimona Eaytoy (talkcontribs)

Yes. I've just updated it.

Reply to "Why is $wgAbuseFilterActions's "degroup" = true by default?"

MediaWiki 1_35 error log never stops logging the following error every time a page is refreshed

2
Goodman Andrew (talkcontribs)

In a matter of an hour the error_log file is about 1GB in size with only the following error:

09-Dec-2020 01:08:52 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 52
[09-Dec-2020 01:08:52 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 57
[09-Dec-2020 01:10:24 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 52
[09-Dec-2020 01:10:24 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 57
[09-Dec-2020 01:10:29 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 52
[09-Dec-2020 01:10:29 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 57
[09-Dec-2020 01:10:32 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 52
[09-Dec-2020 01:10:32 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 57
[09-Dec-2020 01:10:33 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 52
[09-Dec-2020 01:10:33 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 57
[09-Dec-2020 01:11:47 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 52
[09-Dec-2020 01:11:47 America/Boise] PHP Warning:  array_key_exists() expects parameter 2 to be array, bool given in /home1/logosneg/public_html/en/w/extensions/AbuseFilter/includes/AbuseFilterHooks.php on line 57

What's happening, Abusefilter works fine at the page level. And I have only use the recommended default settings:

$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
$wgGroupPermissions['*']['abusefilter-view'] = true;
$wgGroupPermissions['*']['abusefilter-log'] = true;
$wgGroupPermissions['sysop']['abusefilter-privatedetails'] = true;
$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
Daimona Eaytoy (talkcontribs)

This is likely related to some config setting. Could you please verify that all assignments to $wgGroupPermissions are correct? Or alternatively, could you list those assignments? (Not just for AbuseFilter)

Reply to "MediaWiki 1_35 error log never stops logging the following error every time a page is refreshed"

Can't create new filter

6
Summary by EscoBye

$wgServer was set to HTTP, should be HTTPS.

EscoBye (talkcontribs)

Hello, I installed the AbuseFilter extensions and have the following configurations:


wfLoadExtension( 'AbuseFilter' );

$wgGroupPermissions['sysop']['abusefilter-modify'] = true;

$wgGroupPermissions['*']['abusefilter-log-detail'] = true;

$wgGroupPermissions['*']['abusefilter-view'] = true;

$wgGroupPermissions['*']['abusefilter-log'] = true;

$wgGroupPermissions['sysop']['abusefilter-privatedetails'] = true;

$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;

$wgGroupPermissions['sysop']['abusefilter-revert'] = true;


I ran update.php without any issues and can access Special:AbuseFilter but when I try to create and save a new filte the page simply refreshes and the filter is not saved. I tried adding 3 different filters and the filter list is still empty. I am logged in with a bureaucrat/admin account. Does someone know why this is happening?

Daimona Eaytoy (talkcontribs)

I've never heard of this bug. What version of MW are you running, and what version of AbuseFilter? Knowing the PHP version and the DBMS may help, too.

As an aside, note that "abusefilter-privatedetails" allows viewing the IP address of registered people who triggered an AbuseFilter -- I'm unsure if it's intentional to allow sysops to do that.

EscoBye (talkcontribs)

I forgot to include the versions in my first post but here they are:

MW: 1.34.2

PHP: 7.4.7

MySQL: 8.0.20

AbuseFilter: 3c2035d, probably REL1_34?

Daimona Eaytoy (talkcontribs)

Yeah, they seem fine, and everything should be supported. To clarify, could you please provide detailed steps for your attempt? Also, is there anything logged either in the JS console, or in the MW logs (see Manual:How to debug)?

EscoBye (talkcontribs)

I just noticed that I get the following warning: Mixed Content: The page at 'https://domain/w/Special:AbuseFilter/new' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://domain/w/Special:AbuseFilter/new'. This endpoint should be made available over a secure connection.

The subitted form probably never goes through since it's submitted over HTTP, any idea how to make the form submit over HTTPS?


Here are the steps:

  1. Starting at https://domain/w/Special:AbuseFilter/new
  2. Description: Prevent gibberish usernames
  3. Conditions: action == "createaccount" & accountname rlike "^[A-Za-z0-9]{10,}$" & accountname rlike "^[A-Z][a-z]{5,}(?:[A-Z].*[0-9]|[0-9].*[A-Z])"
  4. Hide details of this filter from public view checked
  5. Prevent the user from performing the action in question checked
EscoBye (talkcontribs)

I managed to solve the issue, the $wgServer was set to HTTP by mistake, I forgot to edit it when enabling SSL. Thanks for the help Daimona!

How to export/import all filters?

7
Sokote zaman (talkcontribs)

hello

How can I copy all the filters on my site?

How can I export the filters on my site?

thanks

Daimona Eaytoy (talkcontribs)

There's no way to do that, see T42191.

Sokote zaman (talkcontribs)

So what is this guide for?

php dumpBackup.php \

--plugin=AbstractFilter:extensions/ActiveAbstract/AbstractFilter.php \

--current \

--output=gzip:/dumps/abstract.xml.gz \

--filter=namespace:NS_MAIN \

--filter=noredirect \

--filter=abstract

Daimona Eaytoy (talkcontribs)

I'm unsure, but that seems to mention "AbstractFilter", which has nothing to do with AbuseFilter.

Sokote zaman (talkcontribs)

Thank you for taking the time to follow up

Ciencia Al Poder (talkcontribs)

If you're interested, there's a grabAbuseFilter.php in Manual:Grabbers to import all public filters from one wiki to other.

Daimona Eaytoy (talkcontribs)

Thanks for pointing this out, I'll mention it on phabricator. However, note that the script doesn't currently work, because it doesn't update the abuse_filter_action table (used to retrieve enabled actions for existing filters). I'm also unsure about the impact of not adding an entry in abuse_filter_history. I wouldn't recommend using it as-is on a public-facing wiki, because it would put the DB in an inconsistent state.

Reply to "How to export/import all filters?"