Extension:Antispam
Anti-spam by CleanTalk Release status: stable |
|
---|---|
Implementation | User activity , Page action |
Description | Client extension for cloud anti-spam service CleanTalk.org. |
Author(s) | Denis Shagimuratov |
Latest version | 2.4 (2023-07-28) |
MediaWiki | 1.29+ |
PHP | PHP 5.3+ |
Database changes | Yes |
License | GNU General Public License 2.0 or later |
Download | GitHub:
<translate> Note:</translate> |
|
|
|
|
Quarterly downloads | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Public wikis using | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
The Anti-spam extension is a client-side application for a commercial cloud anti-spam service, cleantalk.org.
Anti-Spam service
The CleanTalk Cloud Service provides automatic and invisible protection from spam for websites. CleanTalk analyzes user behavior and evaluates the parameters of a completed form.
When installed on your website the Anti-Spam Module captures the behavior parameters of a visitor or a spambot. These parameters are being assessed and the service makes a decision — to post the visitor's message or to define it as spam and reject it. Based on such checks, the service forms its own list of email addresses used by spambots. Likewise, visitor registrations are being checked too. The service adds not only email addresses to the global blacklist but also IP addresses and domains of the websites that are promoted through spam mailout.
Spam Firewall feature
This option allows blocking spam-bots before they access MediaWiki content. CleanTalk collects spam bots activity data on websites, IP addresses of the most active spam bots are added to the Spam Firewall database. The service intercepts any HTTP(POST/GET) requests to a site and IP address it contains. If an IP address is included in CleanTalk blacklist of most spam active IPs, it will get a special page, if it is a real visitor then it proceeds to the site. That is completely transparent to the visitors. The results of Spam FireWall are logged and available in your control panel.
Real-Time Email Address Existence Validation
To validate that users sign up with their real email address, the CleanTalk server will perform email account existence checks using SMTP response.
Private blacklist/whitelist
Automatically blocks comments and registrations from your private black IP/email address list. This option helps to strengthen the protection from manual spam or block unwanted comments from users. You can add not only the certain IP addresses but also a separate subnet to your personal blacklist. The extension allows blocking or whitelisting emails for registration using wildcards, for example, "*@mail.com" will block/allow every address ending on @mail.com.
Blocking users by country
The external service can be used to automatically block comments and registrations from specific countries.
Stoplist by words
Comments that contain specific words can be forbidden.
cleantalk screenshots
- Anti-spam by CleanTalk 1.png
World map of top spam
- Anti-spam by CleanTalk 2.png
Analytics
- Anti-spam by CleanTalk 3.png
Log contents
- Anti-spam by CleanTalk 5.png
Account creation rejected
Installation
- <translate> <tvar name=1>Download</tvar> and place the file(s) in a directory called <tvar name=name>
Antispam
</tvar> in your <tvar name=ext>extensions/
</tvar> folder.</translate> - <translate> Add the following code at the bottom of your <tvar name=1>LocalSettings.php </tvar> file:</translate>
require_once "$IP/extensions/Antispam/Antispam.php";
- File:OOjs UI icon check-constructive.svg <translate> Done</translate> – <translate> Navigate to <tvar name=special>Special:Version</tvar> on your wiki to verify that the extension is successfully installed.</translate>
Configuration parameters
To run extension
- Get Access key
Place the Access key in the LocalSettings.php with the variable $wgCTAccessKey
.
File:OOjs UI icon lightbulb-yellow.svg <translate> Note:</translate> you need to put it after loading the extension using require_once
or wfLoadExtension()
.
- Set as you wish
true
orfalse
the parameter$wgCTNewEditsOnly
.
Frequently Asked Questions
- Should I change anything in the extension's settings or in my CleanTalk Control Panel when I switch my website from HTTP to HTTPS or vice versa?
- No, the extension will work regardless of the protocol.
- After installation, on creation of a test user, I get error: Fatal exception of type "Wikimedia\Rdbms\DBQueryError". How to fix?
- temporarily add:
require_once "$IP/extensions/Antispam/Antispam.php";
into LocalSettings.php, verify that the extension was loaded on the version page, then replace with:wfLoadExtension( 'Antispam' );
- Don't set the key in the extensions/Antispam/Antispam.php file, but in LocalSettings.php file as variable $wgCTAccessKey below the load instruction.
- temporarily add:
- This extension is dependent on cleantalk.org, a commercial paysite. Are there any free options or alternatives?
- The Antispam extension is specific to this one provider, which is non-free. There are hundreds of other real-time blocklists (RBLs) or DNS blocklists (DNSBLs), both paid and free; most target spam e-mail but a few target forum or blog comment spam. Extension:StopForumSpam uses stopforumspam.com to prevent comment spam, for instance. Another option is to download IP deny lists from any of a number of sources, and import them into MediaWiki using the maintenance/updateDenyList.php script.
- But what about false positives? Is there any way to prevent the extension from submitting the username, email address and IP address of my legit users only to have them appear on cleantalk.org's public blocklists?
- While the number of false positives is relatively low, this is a problematic issue. It's best to mitigate this risk by only invoking Antispam on new account creation and on new page creation by new or anonymous users.
- Implement autoconfirmation and set $wgAutoConfirmAge to something reasonable. Give the 'cleantalk-bypass' permission to the bot, sysop and autoconfirmed groups by by setting {{ll|Manual:$wgGroupPermissions|$wgGroupPermissions]]['autoconfirmed']['cleantalk-bypass'] = true; and making the same change for other desired groups in LocalSettings.php .
- Limit the extension to new page creation by setting
$wgCTNewEditsOnly = true;
in LocalSettings.php - The cleantalk.org web interface does provide a list of who and what has been blocked by the filter. It is possible to report false-positive or false-negative results there; this doesn't reinstate a wrongly-blocked edit or remove a wrongly-blocked IP from the Cleantalk lists, but it will temporarily whitelist the user on your own site.
- While the number of false positives is relatively low, this is a problematic issue. It's best to mitigate this risk by only invoking Antispam on new account creation and on new page creation by new or anonymous users.
- I have multiple subprojects (such as en.example.wiki, fr.example.wiki, pt.example.wiki) for different topics or different languages. Will this extension work with this structure, or do I need to redesign the site to user www.example.wiki/en/PageName www.example.wiki/es/PageName and the like?
- The extension will work regardless of your URL structure. The only limitation is that the Cleantalk server will remove the original domain and subdomain, replacing them with whatever domain name is tied to the ID specified in $wgCTAccessKey. This only affects the displayed blocklogs on the Cleantalk website; the extension will still work. Another option is to purchase multiple keys (one for each language subproject) but this does cost extra.
- Pages with script errors
- Pages with broken file links
- Stable extensions
- Extensions without an image
- User activity extensions
- Page action extensions
- Extensions without a compatibility policy
- Extensions with manual MediaWiki version
- GPL licensed extensions
- Extensions in GitHub version control
- Extensions which add rights
- EditFilter extensions
- UploadVerifyFile extensions
- SkinAfterBottomScripts extensions
- TitleMove extensions
- All extensions
- Extensions not in ExtensionJson
- Extensions not using extension registration
- Spam management extensions