Remove ability for filters to perform unwanted actions, or restrict the actions to global-admins (instructions within)
Submitted by: Richard Coleman
Project: Hydra
Issue type: Settings
Summary: Remove ability for filters to perform unwanted actions, or restrict the actions to global-admins (instructions within)
Server Environment: Production
URL: https://www.mediawiki.org/wiki/Extension:AbuseFilter#Configuration
Description: Option 1: Completely disable filter actions we don't want. Find the $wgAbuseFilterActions array in the settings and set 'blockautopromote', 'block', and 'degroup' to false.
Option 2: Keep these actions, but restrict them to staff (i.e. keep them in our toolbox should we find use for them). Remove the abusefilter-modify-restricted permission from Wiki Guardians, Administrators, and Bureaucrats. Check settings to make sure $wgAbuseFilterRestrictions is at the default value of array( 'block' => true, 'degroup' => true, 'blockautopromote' => true, 'rangeblock' => true ), so we don't deny admins any permissions unintentionally. Then set $wgAbuseFilterBlockDuration to something low, like 1 to 3 days (ideally there would be an option in Hydra for managers to configure this per-wiki, or even per-filter, but one thing at a time).
I don't know what the settings files look like behind the scenes, so I don't know if these will need to be applied to every current and future wiki or if this can be done from a centralized file.
Attachment: no