Page MenuHomePhabricator
Create Task
Maniphest T354597

Record IP reputation data for account creations and edits
Open, Needs TriagePublic
Actions

Description

Now that iPoid-Service is in production, we have easy access to IP reputation data. This task proposes to create an event logging schema for fetching IP reputation data on account creation and edit activity, and logging that data in an event.

That would allow us to verify the usefulness of ipoid's data as a predictor of user activity. e.g. which percentage of accounts created from IPs known to ipoid were blocked after one month? Which percentage of edits created from IPs known to ipoid were eventually reverted?

We could also further break down these queries by including the full metadata provided by ipoid in the event, so we could for example distinguish between VPNs and callback proxies, or different proxy providers, etc.

Details

Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

kostajh created this task.Jan 9 2024, 8:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 9 2024, 8:58 AM
kostajh mentioned this in T354599: Make IP reputation available as a variable in AbuseFilter.Jan 9 2024, 9:02 AM
kostajh mentioned this in T354600: Create persistent storage for edits, account creations, account logins, and log entries associated with IPs with poor reputation.Jan 9 2024, 9:08 AM
kostajh added a project: MediaWiki-extensions-IPReputation.Jan 22 2024, 7:55 PM
kostajh added a project: User-kostajh.
CDanis subscribed.Jan 24 2024, 7:08 PM
sbassett subscribed.Jan 31 2024, 4:32 PM
kostajh claimed this task.Mar 12 2024, 7:46 AM
kostajh added a comment.EditedMar 12 2024, 7:50 AM

I'm planning to create a schema like "ip_reputation_log", looking something like:

Field nameTypeNotes
ipstringThe IP address used by the performer
ip_metadatastringThe JSON blob from ipoid
(data points from ip_metadata extracted as fields)
identifierintThe revision ID or log entry ID associated with the action
actionstringThe type of action, e.g. "edit", "createaccount"

Also include "performer" which would add the username.

The ip_metadata contains the following info:

ip                     The IP address queried
as                     Autonomous System Details
client.behaviors       Behaviors of clients on this IP
client.concentration   Location concentration of clients on this IP
client.count           Average number of clients observed per day
client.countries       Number of countries clients have come from
client.proxies         Call-back proxies running from devices on this IP
client.spread          The geographic spread of clients (km^2)
client.types           Types of client devices observed
infrastructure         The classification of infrastructure this IP is in
organization           The organization operating the IP address
location               Maxmind GeoLite2 location data
services               Protocols and services running on this IP (e.g. OpenVPN)
tunnels                VPN/Proxy/Anonymization details and operator information
risks                  Risks and threats from this IP address

We'd probably want to add most of these into distinct fields, to make it easier to query.

Ottomata subscribed.Mar 13 2024, 3:59 AM
gerritbot added a comment.Mar 15 2024, 10:53 AM

Change 1011281 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[schemas/event/secondary@master] Add ip_reputation/score schema

https://gerrit.wikimedia.org/r/1011281

gerritbot added a project: Patch-For-Review.Mar 15 2024, 10:53 AM
kostajh mentioned this in T360195: Analyze IP data and their relation to editing and account creations.Mar 15 2024, 2:30 PM
kostajh added a parent task: T360195: Analyze IP data and their relation to editing and account creations.
gerritbot added a comment.Mar 19 2024, 5:25 PM

Change 1011281 merged by jenkins-bot:

[schemas/event/secondary@master] Add ip_reputation/score schema

https://gerrit.wikimedia.org/r/1011281

Maintenance_bot removed a project: Patch-For-Review.Mar 19 2024, 5:30 PM
kostajh renamed this task from Record IP reputation data for account creations, logins, and edits to Record IP reputation data for account creations and edits.Mar 21 2024, 7:53 AM
kostajh updated the task description. (Show Details)
gerritbot added a comment.Mar 24 2024, 9:26 PM

Change #1013723 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/WikimediaEvents@master] WIP: Record IP reputation data with edits

https://gerrit.wikimedia.org/r/1013723

gerritbot added a project: Patch-For-Review.Mar 24 2024, 9:26 PM
gerritbot added a comment.Mar 27 2024, 8:23 PM

Change #1015106 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[integration/config@master] zuul: Add EventBus to phan dependencies for WikimediaEvents

https://gerrit.wikimedia.org/r/1015106

gerritbot added a comment.Mar 27 2024, 8:36 PM

Change #1015106 merged by jenkins-bot:

[integration/config@master] zuul: Add EventBus to phan dependencies for WikimediaEvents

https://gerrit.wikimedia.org/r/1015106

gerritbot added a comment.Mar 27 2024, 8:58 PM

Change #1015114 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/WikimediaEvents@master] Record IP reputation data for account creation

https://gerrit.wikimedia.org/r/1015114

gerritbot added a comment.Mar 28 2024, 11:53 AM

Change #1015295 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[operations/mediawiki-config@master] beta: Disable wgWikimediaEventsIPoidUrl

https://gerrit.wikimedia.org/r/1015295

gerritbot added a comment.Mar 28 2024, 11:55 AM

Change #1015296 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[operations/mediawiki-config@master] WikimediaEvents: Set IPoid URL

https://gerrit.wikimedia.org/r/1015296

gerritbot added a comment.Mar 28 2024, 11:58 AM

Change #1015299 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[operations/mediawiki-config@master] EventStreamConfig: Register ip_reputation/score

https://gerrit.wikimedia.org/r/1015299

gerritbot added a comment.Apr 8 2024, 10:18 AM

Change #1017812 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[schemas/event/secondary@master] ip_reputation/score: Add action for account auto creation

https://gerrit.wikimedia.org/r/1017812

gerritbot added a comment.Apr 8 2024, 10:21 AM

Change #1017813 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/WikimediaEvents@master] IPReputationHooks: Record account autocreation events

https://gerrit.wikimedia.org/r/1017813

gerritbot added a comment.Apr 10 2024, 9:26 PM

Change #1017812 merged by jenkins-bot:

[schemas/event/secondary@master] ip_reputation/score: Add action for account auto creation

https://gerrit.wikimedia.org/r/1017812

gerritbot added a comment.Apr 11 2024, 11:34 AM

Change #1013723 merged by jenkins-bot:

[mediawiki/extensions/WikimediaEvents@master] Record IP reputation data with edits

https://gerrit.wikimedia.org/r/1013723

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.1; 2024-04-16).Apr 11 2024, 12:00 PM
gerritbot added a comment.Apr 11 2024, 12:16 PM

Change #1015114 merged by jenkins-bot:

[mediawiki/extensions/WikimediaEvents@master] Record IP reputation data for account creation

https://gerrit.wikimedia.org/r/1015114

gerritbot added a comment.Apr 11 2024, 12:18 PM

Change #1017813 merged by jenkins-bot:

[mediawiki/extensions/WikimediaEvents@master] IPReputationHooks: Record account autocreation events

https://gerrit.wikimedia.org/r/1017813

gerritbot added a comment.Wed, Apr 17, 1:28 PM

Change #1015296 abandoned by Kosta Harlan:

[operations/mediawiki-config@master] WikimediaEvents: Set IPoid URL

Reason:

https://gerrit.wikimedia.org/r/1015296

gerritbot added a comment.Wed, Apr 17, 1:28 PM

Change #1015299 abandoned by Kosta Harlan:

[operations/mediawiki-config@master] EventStreamConfig: Register ip_reputation/score

Reason:

https://gerrit.wikimedia.org/r/1015299

gerritbot added a comment.Wed, Apr 17, 1:32 PM

Change #1015295 merged by jenkins-bot:

[operations/mediawiki-config@master] WikimediaEvents: Set IPoid URL and enable ip_reputation/score

https://gerrit.wikimedia.org/r/1015295

Stashbot added a comment.Wed, Apr 17, 1:33 PM

Mentioned in SAL (#wikimedia-operations) [2024-04-17T13:33:33Z] <logmsgbot> lucaswerkmeister-wmde@deploy1002 Started scap: Backport for [[gerrit:1015295|WikimediaEvents: Set IPoid URL and enable ip_reputation/score (T354597)]]

Stashbot added a comment.Wed, Apr 17, 1:36 PM

Mentioned in SAL (#wikimedia-operations) [2024-04-17T13:36:32Z] <logmsgbot> lucaswerkmeister-wmde@deploy1002 kharlan and lucaswerkmeister-wmde: Backport for [[gerrit:1015295|WikimediaEvents: Set IPoid URL and enable ip_reputation/score (T354597)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Lucas_Werkmeister_WMDE subscribed.Wed, Apr 17, 1:58 PM
In T354597#9722424, @gerritbot wrote:

Change #1015295 merged by jenkins-bot:

[operations/mediawiki-config@master] WikimediaEvents: Set IPoid URL and enable ip_reputation/score

https://gerrit.wikimedia.org/r/1015295

Note for visibility: this was reverted because it didn’t work on mwdebug (and there was a logstash error about “Event submitted for unregistered stream name "mediawiki.ip_reputation.score"”), the revert just isn’t attached to this task.

gerritbot added a comment.Thu, Apr 18, 7:10 AM

Change #1020929 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[operations/mediawiki-config@master] WikimediaEvents: Set IPoid URL and enable ip_reputation/score (2nd attempt)

https://gerrit.wikimedia.org/r/1020929

gerritbot added a comment.Thu, Apr 18, 7:16 AM

Change #1020929 merged by jenkins-bot:

[operations/mediawiki-config@master] WikimediaEvents: Set IPoid URL and enable ip_reputation/score (2nd attempt)

https://gerrit.wikimedia.org/r/1020929

gerritbot added a comment.Thu, Apr 18, 7:23 AM

Change #1021338 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[operations/mediawiki-config@master] ext-EventLogging: Add mediawiki.ip_reputation.score

https://gerrit.wikimedia.org/r/1021338

gerritbot added a comment.Thu, Apr 18, 7:24 AM

Change #1021338 merged by jenkins-bot:

[operations/mediawiki-config@master] ext-EventLogging: Add mediawiki.ip_reputation.score

https://gerrit.wikimedia.org/r/1021338

Stashbot added a comment.Thu, Apr 18, 7:25 AM

Mentioned in SAL (#wikimedia-operations) [2024-04-18T07:25:13Z] <urbanecm@deploy1002> Started scap: Backport for [[gerrit:1020929|WikimediaEvents: Set IPoid URL and enable ip_reputation/score (2nd attempt) (T354597)]], [[gerrit:1021338|ext-EventLogging: Add mediawiki.ip_reputation.score (T354597)]]

Stashbot added a comment.Thu, Apr 18, 7:28 AM

Mentioned in SAL (#wikimedia-operations) [2024-04-18T07:28:16Z] <urbanecm@deploy1002> kharlan and urbanecm: Backport for [[gerrit:1020929|WikimediaEvents: Set IPoid URL and enable ip_reputation/score (2nd attempt) (T354597)]], [[gerrit:1021338|ext-EventLogging: Add mediawiki.ip_reputation.score (T354597)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

gerritbot added a comment.Thu, Apr 18, 7:46 AM

Change #1021355 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[operations/mediawiki-config@master] EventStreamConfig: Fix stream title for mediawiki.ip_reputation.score

https://gerrit.wikimedia.org/r/1021355

Stashbot added a comment.Thu, Apr 18, 7:47 AM

Mentioned in SAL (#wikimedia-operations) [2024-04-18T07:47:40Z] <urbanecm@deploy1002> Finished scap: Backport for [[gerrit:1020929|WikimediaEvents: Set IPoid URL and enable ip_reputation/score (2nd attempt) (T354597)]], [[gerrit:1021338|ext-EventLogging: Add mediawiki.ip_reputation.score (T354597)]] (duration: 22m 27s)

gerritbot added a comment.Thu, Apr 18, 7:50 AM

Change #1021355 merged by jenkins-bot:

[operations/mediawiki-config@master] EventStreamConfig: Fix stream title for mediawiki.ip_reputation.score

https://gerrit.wikimedia.org/r/1021355

Stashbot added a comment.Thu, Apr 18, 7:51 AM

Mentioned in SAL (#wikimedia-operations) [2024-04-18T07:51:14Z] <kharlan@deploy1002> Started scap: Backport for [[gerrit:1021355|EventStreamConfig: Fix stream title for mediawiki.ip_reputation.score (T354597)]]

Stashbot added a comment.Thu, Apr 18, 7:54 AM

Mentioned in SAL (#wikimedia-operations) [2024-04-18T07:54:16Z] <kharlan@deploy1002> urbanecm and kharlan: Backport for [[gerrit:1021355|EventStreamConfig: Fix stream title for mediawiki.ip_reputation.score (T354597)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Thu, Apr 18, 8:10 AM

Mentioned in SAL (#wikimedia-operations) [2024-04-18T08:10:51Z] <kharlan@deploy1002> Finished scap: Backport for [[gerrit:1021355|EventStreamConfig: Fix stream title for mediawiki.ip_reputation.score (T354597)]] (duration: 19m 36s)

Maintenance_bot removed a project: Patch-For-Review.Fri, Apr 26, 6:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL