https://bugzilla.wikimedia.org/show_bug.cgi?id=9838
とある白い猫 <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] | |m --- Comment #35 from とある白い猫 <[email protected]> 2012-06-24 19:11:59 UTC --- A few ideas: Failed login IPs should be stored. It is nice to know someone is trying to steal a password but this is more helpful if attribution is possible. I am not sure if privacy policy prevents revealing IPs of failed logins as this in my view falls under "Logged in users do not expose their IP address to the public except in cases of abuse" if we are going to count the user failing to log in as a logged in user. A single failed login per account (per wiki) could be significant as SUL shares passwords for individual wikis and a quick way to fool such a system is attempting a different password once per wiki. Even closed wikis should be subject to the same check as closed wikis may have the same password leftover from a SUL creation. ALSO, it may be a good idea for checkusers and stewards to be able to see IPs where multiple failed login attempts are made to bulk number of accounts. We had a case on en.wikipedia where multiple admin accounts were stolen. People trying to steal multiple accounts at once isn't by any stretch of the imagination. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
