Last modified: 2014-04-02 22:44:49 UTC
There is a hook [[mw:manual:hook/LoginAuthenticateAudit]] which is currently called with (username, password, status) to report a status of any one of: a) user logged in successfully b) user supplied a bad password c) user requested an e-mail password reset link This hook is used by [[mw:Extension:Fail2banlog]] to ban (at the server firewall level) IPs which attempt brute-force attacks which repeatedly try to log in with bad passwords. Unfortunately, it only detects access attempts blocked by core code and then only on login attempts. There are many more attempts to access the wiki in some way (edit, registration, upload...) which are blocked not by core code but by extensions hooked into any or all of the following: * edit: ([[mw:Manual:Hooks/EditFilter|EditFilter]], [[mw:Manual:Hooks/EditFilterMerged|EditFilterMerged]], [[mwLManual:Hooks/APIEditBeforeSave|APIEditBeforeSave]]) * login and registration [[Manual:Hooks/AbortLogin|AbortLogin]], [[Manual:Hooks/AbortNewAccount|AbortNewAccount]] * move: [[Manual:Hooks/AbortMove|AbortMove]] * upload: [[Manual:Hooks/UploadVerification|UploadVerification]] * delete: [[Manual:Hooks/ArticleDelete|ArticleDelete]] Each of these hooks has some means (such as returning 'false' or setting $error to a non-null string) to reject an edit or other access attempt as spam. Perhaps [[Manual:Hooks/LoginAuthenticateAudit|LoginAuthenticateAudit]] should have one extra event code added to indicate each of these actions (edit, login, register, move, upload) being rejected by an extension due to abuse. That way, if [[mw:extension:SpamBlacklist]] were repeatedly rejecting edits due to spam URL's in the message payload, or [[mw:extension:ConfirmEdit]] were reporting repeated wrong answers to CAPTCHAs, [[mw:extension:fail2banlog]] could block the offending IPs once and for all.
