The Edit filter is a tool used to allow trusted users to set specific controls on user activity and create automated reactions for certain behaviors.
The Abuse Filter extension was developed by Werdna with support from the Wikimedia Foundation, and went live on the English Wikipedia in March 2009. As of July 2009, nearly all user-facing elements of the filter refer to it as the Edit filter as not all the edits it flags are abusive. In the software and special pages it retains its original name.
The extension allows automatic filters/heuristics to be applied to all edits. Specific rules can be developed, such as “users with fewer than 500 edits are blocked from moving pages to titles which match this regular expression: /poop/”. Of course, the rules can get quite a bit more complicated.
Log entries are viewable by all users, and while filters are by default publicly viewable, others are set to be private. For all filters, including those hidden from public view, a brief, general summary of what the rule targets will be available, and displayed in the log, the list of active filters, and in any error messages generated by the filter.
Implementation of Extension:AbuseFilter at Nerf Blaster Wiki is being done with due caution — most abuse filters should be tested for a few days (in “log only” mode) before being brought to full force (“warn”, “disallow”, or “throttle” modes). Only members of specific groups are allowed to modify any of the filters, and this group is assignable by the Active Bureaucrats Group.
The assignment of the Edit filter manager user right to non-Administrators is highly restricted. It should only be requested by, and given to, highly trusted users, and only when there is a clear, demonstrated need for it. Demonstrated ability that one can and will safely use it is absolutely critical. This is because widespread disruption of the entire site can easily occur — even unintentionally — with the smallest of mistakes in changing edit filters. Therefore, demonstrated knowledge of the extension’s syntax and confidence in understanding and crafting regular expressions (i.e., “regexes”) is absolutely essential. Non-Administrators should consider helping out at requested edit filters and troubleshooting at false positives in order to help demonstrate these skills.
Requests for assignment of the group to non-Administrators can be made at the discussion page, where a discussion will be held for up to a week prior to a decision being made. Discussion may extend beyond a week if appropriate consensus, or lack of it, is not clear.
Extension documentation
 |
What follows was written when the extension was first created, and may be somewhat out of date. |
Filtering criteria
For all of the following, we can do extensive normalisation, regex matching, length comparison and regular comparisons (less than, greater than, equal to) matching, combining different filters with boolean logic.
User
- Edit count.
- Account age.
- Groups.
- Email-confirmed status.
Titles (moved-to, moved from included)
- Namespace.
- Title.
- Full text.
- Restrictions and protection status.
Action
- The action type (edit, move or createaccount).
- Edit summary.
- Contents of the edit.
Throttling
- Filters can specify whether actions done at a certain rate are by the same IP address, account, /16 range, account-creation-date, and/or to the same page, for a consequence (below) to be invoked.
- Any of the above conditions can be combined to produce a separate rate-limiter. For instance, we can group all accounts created on the same date, from the same /16, for the purposes of rate-limiting.
- Any actions set for that filter will occur if, and only if, the rate-limiter is tripped. This reduces false-positives by making the filter apply only if the same user is consistently tripping a particular filter, rather than a single false-positive.
Actions which can be assigned in response to filtered edits
If a user triggers a filter, AbuseFilter can apply any of the following sanctions based on the severity of the offense:
- All actions triggering a filter are logged at a special page.
- The user’s action can be tagged for further review.
- The user can be warned that their actions may be unconstructive.
- The user’s action may be disallowed.
- The user’s account may have its autoconfirmed status removed.
- The user’s account may be blocked from editing, along with all IP addresses used in the last 7 days.
- The /16 range from which the user originates, can be blocked.
The following actions are currently not available on this wiki:
- The user’s account may be removed from all privileged groups (such as sysop, bot, rollbacker).
Template:UpdateTemplate:SpacesIndividual sanctions can be disabled selectively. Any edit filter manager can restore autoconfirmed status in case of an error.
Monitoring
All edits triggering an action will produce a report at Special:AbuseLog. On this page, a brief log entry is entered. Users with the appropriate permissions may view the log summary. Users with certain higher permissions may view details on the log entry. This includes all information available to the filter when it ran, and may be useful for debugging purposes. Users with the highest level of log-viewing permissions may view private data about the action which caused the log event, such as the user’s IP address. See the AbuseFilter documentation for more details on the permissions structure.
Sample abuse log entries
- 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter
- 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: none; Filter description: Test Filter
Sample detailed abuse log entries
A sample detailed log entry
- 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
- 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
- 06:42, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn; Filter description: Test Filter (details)
- 06:42, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
- 06:22, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
- 06:22, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
The details link brings up a screen like that on the right.
Safeguards
To protect the wiki against poorly configured filters, a technical limit is imposed on the maximum percentage of actions that will trigger a given filter. Other technical limits are in the process of being written.
Notification
All notifications are based on the template Template:Tlx.
Standard notifications shown to a user triggering a filter action:
| Message name | Message text |
|---|---|
| abusefilter-disallowed |
This Ain't Allowed...This action has been automatically identified as harmful, and therefore disallowed. If you believe your edit was constructive, please inform an administrator of what you were trying to do, or report it here. A brief description of the abuse rule which your action matched is: $1 |
| abusefilter-degrouped |
Bye Bye GroupsThis action has been automatically identified as harmful. Consequently, it has been disallowed, and, since your account is suspected of being compromised, all rights have been revoked. If you believe this to have been in error, please contact a bureaucrat with an explanation of this action, and your rights may be restored. A brief description of the abuse rule which your action matched is: $1 |
| abusefilter-autopromote-blocked |
This is a safety measureThis action has been automatically identified as harmful, and it has been disallowed. In addition, as a security measure, some privileges routinely granted to established accounts have been temporarily revoked from your account. A brief description of the abuse rule which your action matched is: $1 |
Generic warning message is below. Admins are advised to use custom warnings.
| Message name | Message text |
|---|---|
| abusefilter-warning | Thanks for your edit. Please check what this is what you meant to do before pressing save. Your edit will be flagged as $1. |
Some existing filters and their warnings:
| Filter and message | Message text |
|---|---|
| 3: blanking articles |
Hello from the Nerf Blaster Wiki. It seems that an automated filter detected that you caused damage to the wiki by blanking content from pages. If you did not do this action, and feel that this is an error, report it here. |
| 30: large deletions |
Hello from the Nerf Blaster Wiki. It seems like an automated filter has detected that you have caused damage to the wiki by removing a large amount of content from pages. If you did not remove a large amount of content, and feel that this is in error, report it here. |
If a filter is set to warn and disallow, then a user clicking “⧼Save⧽” will alternatively see that warning and standard disallowed message.
Known issues
When the extension is initially installed, the available actions will not include blocking or removing from privileged groups. This restricted usage has been determined by community consensus, and if the extension is successful, the community may decide to enable the block, rangeblock or degroup actions for use on this wiki. Administrators wishing to block users for triggering the abuse filter can use the [[wikipedia:Template:uw-afblock|Template:Tlc]] template.
The full technical details of implementation are available on the MediaWiki bug tracker as Template:Bugzilla.