• Primary ticket is T11838: Send notification to account owner on multiple unsuccessful login attempts
  • Similar: T107707: Login alert when user logs in from new machine
• Extension Bawolff has worked on: https://www.mediawiki.org/wiki/Extension:LoginNotify
• Features:
  • Can use cookie to detect login/login attempt from a new device. Default cookie expiry is 180 days, in accordance with the privacy policy.
  • Integrates nicely with Echo and optionally with CheckUser (to determine if the login is from an IP address you don't normally use)

• • Uses IP caching and/or CheckUser to detect if login is from a known IP.
• Things we can work on:
  • The security review (T140167) created T151414: LoginNotify cleanup which lists a bunch of outstanding things that need to be done before the extension is deployable.
  • T135270: Update LoginNotify for AuthManager outlines a couple of hooks that need to be updated.
  • The code currently has 11 FIXME's and 7 TODO's which could definitely be investigated and worked on to make the code more reliant, long term.
• Things to think about:
  • The extension currently works on per-wiki basis. It would be a good idea to think about making it work with CentralAuth to detect login attempts on any of the wikis the user is attached to. Though the wishlist proposal doesn't mention it, it seems like an implicit given.

@Bawolff does the above seem accurate?

Yes that's accurate. Fixing up the code for AuthManager and echo changes (and other TODOs) is on my todo list, my todo list is just a little long right now :)

Feature wise, I'm also planning to add looking at rc_ip to see if user has previously logged in for wikis without checkuser.

CentralAuth wise - this is somewhat mitigated by global notifications and using email notifications - assuming it is enabled on all wikis - so if it was enabled by default, this would address it, but I'm not sure if we want to enable by default. Perhaps we do, I don't know.

I will note, that if CentralAuth is enabled, the extension looks at the checkuser table from up to 10 other wikis, not just the current wiki, when determining if the user has previously used the IP.

The extension currently works on per-wiki basis. It would be a good idea to think about making it work with CentralAuth to detect login attempts on any of the wikis the user is attached to. Though the wishlist proposal doesn't mention it, it seems like an implicit given.

This seems like it isn't really much of an issue due to global notifications (as Brian mentioned).

In T153335#2899322, @kaldari wrote:

The extension currently works on per-wiki basis. It would be a good idea to think about making it work with CentralAuth to detect login attempts on any of the wikis the user is attached to. Though the wishlist proposal doesn't mention it, it seems like an implicit given.

This seems like it isn't really much of an issue due to global notifications (as Brian mentioned).

Actually I just realized. If an attacker decided to use login.wikimedia.org to login, they could get around this extension since there is no echo installed on that wiki, so no global echo notice would be generated.

Actually I just realized. If an attacker decided to use login.wikimedia.org to login, they could get around this extension since there is no echo installed on that wiki, so no global echo notice would be generated.

@Bawolff: Any ideas for how to address that? If someone tries to log in as me on loginwiki I don't want to get separate notifications on hundreds of different wikis.

The first thing that comes to mind is either enable echo on all sul wikis or use the job queue to send the notice on some fallback wiki.