我无法找到失败登录尝试的MediaWiki挂钩事件。有人存在吗?如果没有,是否有人知道确定失败尝试的策略?
如果还有其他方法 - 我正在尝试记录失败的登录信息。
修改
这是我的代码的相关部分,全局变量设置为维基的名称(我也尝试了评论中提供的代码):
$wgHooks['AuthManagerLoginAuthenticateAudit'][] = 'logAuth';
function logAuth($response, $user, $username)
{
// grab the MediaWiki global vars
global $fail2banfile;
global $fail2banid;
//set vars to log
$time = date("Y-m-d H:i:s T");
$ip = $_SERVER['REMOTE_ADDR'];
//successful login
if ($response->status == "PASS") {
error_log("$time Successful login by $username from $ip on $fail2banid\n", 3, $fail2banfile);
return true; //continue to next hook
} else {
error_log("$time Authentication error by $username from $ip on $fail2banid\n", 3, $fail2banfile);
return true; //continue to next hook
}
以上记录成功登录,注册用户登录失败。未记录未注册用户名的登录尝试。我正在使用Fail2Ban的日志。
答案 0 :(得分:1)
使用AuthManagerLoginAuthenticateAudit挂钩。 E.g。
use MediaWiki\Auth\AuthManager;
use MediaWiki\Auth\AuthenticationResponse;
$wgHooks['AuthManagerLoginAuthenticateAudit'][] = function ( $response, $user, $username ) {
if ( $response->status === AuthenticationResponse::FAIL ) {
log( "Failed login for user $username" );
}
};
要捕获上述钩子不会出现的情况,可以创建一个日志记录提供程序:
use MediaWiki\Auth\AbstractPreAuthenticationProvider;
use MediaWiki\Auth\AuthenticationResponse;
class LoggingAuthenticationProvider extends AbstractPreAuthenticationProvider {
public function postAuthentication( $user, AuthenticationResponse $response ) {
if ( $response->status === AuthenticationResponse::FAIL && $user ) {
log( 'Failed login for user ' . $user->getName() );
}
}
}
$wgAuthManagerAutoConfig['preauth'][LoggingAuthenticationProvider::class] = [
'class' => LoggingAuthenticationProvider::class,
];