[Bug 34913] New: AbuseFilter should hook LoginAuthenticateAudit, allowing rules to ban IP's who make repeated failed login attempts

Fri, 02 Mar 2012 15:26:33 -0800 

https://bugzilla.wikimedia.org/show_bug.cgi?id=34913

       Web browser: ---
             Bug #: 34913
           Summary: AbuseFilter should hook LoginAuthenticateAudit,
                    allowing rules to ban IP's who make repeated failed
                    login attempts
           Product: MediaWiki extensions
           Version: any
          Platform: All
               URL: http://www.mediawiki.org/wiki/Thread:Extension_talk:Co
                    nfirmEdit/SimpleCaptcha_now_useless#SimpleCaptcha_now_
                    useless_12717
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: Unprioritized
         Component: AbuseFilter
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


AbuseFilter provides various mechanisms to block or demote a user who
repeatedly does something questionable, based on its own ruleset (for instance,
repeatedly blanking articles or article sections) but provides no means to
create a rule which would perform some action in response to repeated login
failures or repeated failures to get spam past an extension (such as
ConfirmEdit or SpamBlacklist).

While we don't currently have a mechanism to notify AbuseFilter that a user is
repeatedly falling CAPTCHA (short of changing code elsewhere in the system) we
do have LoginAuthenticateAudit to report failed attempts to log in with
repeated bad passwords. Unfortunately, the only extensions to use this info are
either Fail2Ban (which firewalls the offending IP at the server level) or other
CAPTCHAs (to present a CAPTCHA on subsequent login attempts if previous
brute-force attempts have failed). There is nowhere where AbuseFilter requests
to be notified on LoginAuthenticateAudit failures and no means to create a rule
in the AbuseFilter to block an IP after an abusive number of failed login
attempts.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to