Help:Abuse filter

The Abuse Filter allows privileged users to set specific controls on actions by users, such as edits, and create automated reactions for certain behaviors.

The extension allows automatic filters/heuristics to be applied to all edits. Specific rules can be developed, such as "users with fewer than 500 edits are blocked from moving pages to titles which match this regular expression: /poop/". Of course, the rules can get quite a bit more complicated.

Log entries and filters are only viewable by sysops. For all filters, a brief, general summary of what the rule targets will be available, and displayed in the log, the list of active filters, and in any error messages generated by the filter.

New abuse filters should be tested for a few days (in "log only" mode) before being brought to full force ("warn", "disallow" or "throttle" modes).

Filtering criteria
For all of the following, we can do extensive normalisation, regex matching, length comparison and regular comparisons (less than, greater than, equal to) matching, combining different filters with boolean logic.

User

 * Edit count.
 * Account age.
 * Groups.
 * Email-confirmed status.

Titles (moved-to, moved from included)

 * Namespace.
 * Title.
 * Full text.
 * Restrictions and protection status.

Action

 * The action type (edit, move or createaccount).
 * Edit summary.
 * Contents of the edit.

Throttling

 * Filters can specify whether actions done at a certain rate are by the same IP address, account, /16 range, account-creation-date, and/or to the same page, for a consequence (below) to be invoked.
 * Any of the above conditions can be combined to produce a separate rate-limiter. For instance, we can group all accounts created on the same date, from the same /16, for the purposes of rate-limiting.
 * Any actions set for that filter will occur if, and only if, the rate-limiter is tripped. This reduces false-positives by making the filter apply only if the same user is consistently tripping a particular filter, rather than a single false-positive.

Actions which can be assigned in response to filtered edits
If a user triggers a filter, AbuseFilter can apply any of the following sanctions based on the severity of the offense:
 * All actions triggering a filter are logged at a special page.
 * The user's action can be tagged for further review.
 * The user can be warned that their actions may be unconstructive.
 * The user's action may be disallowed.
 * The user's account may have its autoconfirmed status removed.
 * The user's account may be blocked from editing, along with all IP addresses used in the last 7 days.
 * The user's account may be removed from all privileged groups (such as sysop, bot, rollbacker).

Monitoring
All edits triggering an action will produce a report at Special:AbuseLog. On this page, a brief log entry is entered. Users with the appropriate permissions may view the log summary and view details on the log entry. This includes all information available to the filter when it ran, and may be useful for debugging purposes.

Sample abuse log entries

 * 06:43, 23 June 2008: Ausir (Talk | contribs | block) triggered filter 1, performing the action "edit" on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
 * 06:43, 23 June 2008: Ausir (Talk | contribs | block) triggered filter 2, performing the action "edit" on Main Page. Actions taken: none; Filter description: Test Filter (details)
 * 06:42, 23 June 2008: Ausir (Talk | contribs | block) triggered filter 1, performing the action "edit" on Main Page. Actions taken: warn; Filter description: Test Filter (details)
 * 06:42, 23 June 2008: Ausir (Talk | contribs | block) triggered filter 2, performing the action "edit" on Main Page. Actions taken: none; Filter description: Test Filter (details)
 * 06:22, 23 June 2008: Ausir (Talk | contribs | block) triggered filter 1, performing the action "edit" on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
 * 06:22, 23 June 2008: Ausir (Talk | contribs | block) triggered filter 2, performing the action "edit" on Main Page. Actions taken: none; Filter description: Test Filter (details)

Safeguards
To protect the wiki against poorly configured filters, a technical limit is imposed on the maximum percentage of actions that will trigger a given filter.

Notification
All notifications are based on the template mbox mediawiki.

Generic warning messages.

If a filter is set to warn and disallow, then a user clicking "Save page" will alternatively see that warning and standard disallowed message.