[Bug 34914] New: LoginAuthenticateAudit should be extended to also report access attempts blocked by anti-spam extensions

Fri, 02 Mar 2012 15:41:58 -0800 

https://bugzilla.wikimedia.org/show_bug.cgi?id=34914

       Web browser: ---
             Bug #: 34914
           Summary: LoginAuthenticateAudit should be extended to also
                    report access attempts blocked by anti-spam extensions
           Product: MediaWiki
           Version: 1.20-svn
          Platform: All
               URL: http://www.mediawiki.org/wiki/Thread:Extension_talk:Co
                    nfirmEdit/SimpleCaptcha_now_useless#SimpleCaptcha_now_
                    useless_12717
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: Unprioritized
         Component: User login
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


There is a hook [[mw:manual:hook/LoginAuthenticateAudit]] which is currently
called with (username, password, status) to report a status of any one of:
a) user logged in successfully
b) user supplied a bad password
c) user requested an e-mail password reset link

This hook is used by [[mw:Extension:Fail2banlog]] to ban (at the server
firewall level) IPs which attempt brute-force attacks which repeatedly try to
log in with bad passwords.

Unfortunately, it only detects access attempts blocked by core code and then
only on login attempts. There are many more attempts to access the wiki in some
way (edit, registration, upload...) which are blocked not by core code but by
extensions hooked into any or all of the following:
* edit: ([[mw:Manual:Hooks/EditFilter|EditFilter]],
[[mw:Manual:Hooks/EditFilterMerged|EditFilterMerged]],
[[mwLManual:Hooks/APIEditBeforeSave|APIEditBeforeSave]])
* login and registration [[Manual:Hooks/AbortLogin|AbortLogin]],
[[Manual:Hooks/AbortNewAccount|AbortNewAccount]]
* move: [[Manual:Hooks/AbortMove|AbortMove]]
* upload: [[Manual:Hooks/UploadVerification|UploadVerification]]
* delete: [[Manual:Hooks/ArticleDelete|ArticleDelete]]

Each of these hooks has some means (such as returning 'false' or setting $error
to a non-null string) to reject an edit or other access attempt as spam.

Perhaps [[Manual:Hooks/LoginAuthenticateAudit|LoginAuthenticateAudit]] should
have one extra event code added to indicate each of these actions (edit, login,
register, move, upload) being rejected by an extension due to abuse.

That way, if [[mw:extension:SpamBlacklist]] were repeatedly rejecting edits due
to spam URL's in the message payload, or [[mw:extension:ConfirmEdit]] were
reporting repeated wrong answers to CAPTCHAs, [[mw:extension:fail2banlog]]
could block the offending IPs once and for all.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to