TechInfoDepot:Edit filter



The Edit filter is a tool used to allow trusted users to set specific controls on user activity and create automated reactions for certain behaviors. Edits that trigger an edit filter are listed in a log.

The Abuse Filter extension was developed by Werdna with support from the Wikimedia Foundation, and went live on the English TechInfoDepot in March 2009. As of July 2009, nearly all user-facing elements of the filter refer to it as the "Edit filter" as not all the edits it flags are abusive. In the software and special pages it retains its original name.

The extension allows automatic filters/heuristics to be applied to all edits. Specific rules can be developed, such as "users with fewer than 500 edits are blocked from moving pages to titles which match this regular expression: /po{2,}p/". Of course, the rules can get quite a bit more complicated.

While filters are by default publicly viewable, others are set to be private. For all filters, including those hidden from public view, a brief, general summary of what the rule targets will be available, and displayed in the log, the list of active filters, and in any error messages generated by the filter.

Implementation of AbuseFilter on TechInfoDepot is being done with due caution—most abuse filters should be tested for a few days (in "log only" mode) before being brought to full force ("warn", "disallow" or "throttle" modes). Only members of specific groups are allowed to modify any of the filters, and this group is assignable by administrators.

The assignment of the edit filter manager user right to non-admins is highly restricted. It should only be requested by and given to highly trusted users, and only when there is a clear, demonstrated need for it. Demonstrated ability that one can and will safely use it is absolutely critical. This is because widespread disruption of the entire encyclopedia can easily occur&mdash;even unintentionally&mdash;with the smallest of mistakes in changing edit filters. Therefore, demonstrated knowledge of the extension's syntax and confidence in understanding and crafting regular expressions ("regexes") is absolutely essential. Non-admins should consider helping out at requested edit filters and troubleshooting at false positives to help demonstrate these skills.

Requests for assignment of the group to non-admins can be made at TechInfoDepot talk:Edit filter, where a discussion will be held for up to a week before a decision is made.

Filtering criteria
For all of the following, we can do extensive normalisation, regex matching, length comparison and regular comparisons (less than, greater than, equal to) matching, combining different filters with boolean logic.

User

 * Edit count.
 * Account age.
 * Groups.
 * Email-confirmed status.

Titles (moved-to, moved from included)

 * Namespace.
 * Title.
 * Full text.
 * Restrictions and protection status.

Action

 * The action type (edit, move or createaccount).
 * Edit summary.
 * Contents of the edit.

Throttling

 * Filters can specify whether actions done at a certain rate are by the same IP address, account, /16 range, account-creation-date, and/or to the same page, for a consequence (below) to be invoked.
 * Any of the above conditions can be combined to produce a separate rate-limiter. For instance, we can group all accounts created on the same date, from the same /16, for the purposes of rate-limiting.
 * Any actions set for that filter will occur if, and only if, the rate-limiter is tripped. This reduces false-positives by making the filter apply only if the same user is consistently tripping a particular filter, rather than a single false-positive.

Actions which can be assigned in response to filtered edits
If a user triggers a filter, AbuseFilter can apply any of the following sanctions based on the severity of the offense:
 * All actions triggering a filter are logged at a special page.
 * The user's action can be tagged for further review.
 * The user can be warned that their actions may be unconstructive.
 * The user's action may be disallowed.
 * The user's account may have its autoconfirmed status removed.

The following actions are currently not available on this wiki:
 * The user's account may be blocked from editing, along with all IP addresses used in the last 7 days.
 * The user's account may be removed from all privileged groups (such as sysop, bot, rollbacker).

Note: Individual sanctions can be disabled selectively. Any edit filter manager can restore autoconfirmed status in case of an error.

Monitoring
All edits triggering an action will produce a report at Special:AbuseLog. On this page, a brief log entry is entered. Users with the appropriate permissions may view the log summary. Users with certain higher permissions may view details on the log entry. This includes all information available to the filter when it ran, and may be useful for debugging purposes. Users with the highest level of log-viewing permissions may view private data about the action which caused the log event, such as the user's IP address. See the AbuseFilter documentation for more details on the permissions structure.

Sample abuse log entries

 * 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter
 * 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: none; Filter description: Test Filter

Sample detailed abuse log entries

 * 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
 * 06:43, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
 * 06:42, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn; Filter description: Test Filter (details)
 * 06:42, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
 * 06:22, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
 * 06:22, 23 June 2008: Andrew (Talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)

The details link brings up a screen like that on the right.

Safeguards
To protect the wiki against poorly configured filters, a technical limit is imposed on the maximum percentage of actions that will trigger a given filter. Other technical limits are in the process of being written.

Notification
All notifications are based on the template.

Standard notifications shown to a user triggering a filter action:

Generic warning message is below. Admins are advised to use custom warnings.

Some existing filters and their warnings:

If a filter is set to warn and disallow, then a user clicking "Save page" will alternatively see that warning and standard disallowed message.

Known issues
When the extension was initially installed, the available actions did not include blocking or removing from privileged groups. This restricted usage has been determined by community consensus, and if the extension is successful, the community may decide to enable the block, rangeblock or degroup actions for use on this wiki. Admins wishing to block users for triggering the abuse filter can use the uw-efblock template.

The full technical details of implementation are available on the MediaWiki bug tracker as bug 15684.