如何记录失败的 MediaWiki 登录尝试?
How do I log failed MediaWiki login attempts?
我找不到登录尝试失败的 MediaWiki 挂钩事件。一个存在吗?如果不是,有谁知道确定失败尝试的策略?
万一有另一种方法 - 我正在尝试记录失败的登录。
编辑
这是我的代码的相关部分,全局变量设置为 wiki 的名称(我也尝试了评论中提供的代码):
$wgHooks['AuthManagerLoginAuthenticateAudit'][] = 'logAuth';
function logAuth($response, $user, $username)
{
// grab the MediaWiki global vars
global $fail2banfile;
global $fail2banid;
//set vars to log
$time = date("Y-m-d H:i:s T");
$ip = $_SERVER['REMOTE_ADDR'];
//successful login
if ($response->status == "PASS") {
error_log("$time Successful login by $username from $ip on $fail2banid\n", 3, $fail2banfile);
return true; //continue to next hook
} else {
error_log("$time Authentication error by $username from $ip on $fail2banid\n", 3, $fail2banfile);
return true; //continue to next hook
}
以上记录了注册用户的成功登录和失败登录。不记录未注册用户名的登录尝试。我正在使用带有 Fail2Ban 的日志。
使用 AuthManagerLoginAuthenticateAudit 钩子。例如
use MediaWiki\Auth\AuthManager;
use MediaWiki\Auth\AuthenticationResponse;
$wgHooks['AuthManagerLoginAuthenticateAudit'][] = function ( $response, $user, $username ) {
if ( $response->status === AuthenticationResponse::FAIL ) {
log( "Failed login for user $username" );
}
};
要捕获上述挂钩无法捕获的某些情况,您可以创建一个日志记录提供程序:
use MediaWiki\Auth\AbstractPreAuthenticationProvider;
use MediaWiki\Auth\AuthenticationResponse;
class LoggingAuthenticationProvider extends AbstractPreAuthenticationProvider {
public function postAuthentication( $user, AuthenticationResponse $response ) {
if ( $response->status === AuthenticationResponse::FAIL && $user ) {
log( 'Failed login for user ' . $user->getName() );
}
}
}
$wgAuthManagerAutoConfig['preauth'][LoggingAuthenticationProvider::class] = [
'class' => LoggingAuthenticationProvider::class,
];
我找不到登录尝试失败的 MediaWiki 挂钩事件。一个存在吗?如果不是,有谁知道确定失败尝试的策略?
万一有另一种方法 - 我正在尝试记录失败的登录。
编辑
这是我的代码的相关部分,全局变量设置为 wiki 的名称(我也尝试了评论中提供的代码):
$wgHooks['AuthManagerLoginAuthenticateAudit'][] = 'logAuth';
function logAuth($response, $user, $username)
{
// grab the MediaWiki global vars
global $fail2banfile;
global $fail2banid;
//set vars to log
$time = date("Y-m-d H:i:s T");
$ip = $_SERVER['REMOTE_ADDR'];
//successful login
if ($response->status == "PASS") {
error_log("$time Successful login by $username from $ip on $fail2banid\n", 3, $fail2banfile);
return true; //continue to next hook
} else {
error_log("$time Authentication error by $username from $ip on $fail2banid\n", 3, $fail2banfile);
return true; //continue to next hook
}
以上记录了注册用户的成功登录和失败登录。不记录未注册用户名的登录尝试。我正在使用带有 Fail2Ban 的日志。
使用 AuthManagerLoginAuthenticateAudit 钩子。例如
use MediaWiki\Auth\AuthManager;
use MediaWiki\Auth\AuthenticationResponse;
$wgHooks['AuthManagerLoginAuthenticateAudit'][] = function ( $response, $user, $username ) {
if ( $response->status === AuthenticationResponse::FAIL ) {
log( "Failed login for user $username" );
}
};
要捕获上述挂钩无法捕获的某些情况,您可以创建一个日志记录提供程序:
use MediaWiki\Auth\AbstractPreAuthenticationProvider;
use MediaWiki\Auth\AuthenticationResponse;
class LoggingAuthenticationProvider extends AbstractPreAuthenticationProvider {
public function postAuthentication( $user, AuthenticationResponse $response ) {
if ( $response->status === AuthenticationResponse::FAIL && $user ) {
log( 'Failed login for user ' . $user->getName() );
}
}
}
$wgAuthManagerAutoConfig['preauth'][LoggingAuthenticationProvider::class] = [
'class' => LoggingAuthenticationProvider::class,
];