Last modified: 2013-02-11 15:35:19 UTC
AbuseFilter provides various mechanisms to block or demote a user who repeatedly does something questionable, based on its own ruleset (for instance, repeatedly blanking articles or article sections) but provides no means to create a rule which would perform some action in response to repeated login failures or repeated failures to get spam past an extension (such as ConfirmEdit or SpamBlacklist). While we don't currently have a mechanism to notify AbuseFilter that a user is repeatedly falling CAPTCHA (short of changing code elsewhere in the system) we do have LoginAuthenticateAudit to report failed attempts to log in with repeated bad passwords. Unfortunately, the only extensions to use this info are either Fail2Ban (which firewalls the offending IP at the server level) or other CAPTCHAs (to present a CAPTCHA on subsequent login attempts if previous brute-force attempts have failed). There is nowhere where AbuseFilter requests to be notified on LoginAuthenticateAudit failures and no means to create a rule in the AbuseFilter to block an IP after an abusive number of failed login attempts.