Page MenuHomePhabricator

Create comprehensive global account action log for all CentralAuth wikis
Open, Needs TriagePublic

Description

The "Global user contributions" tool does not show account actions like blocking, protection, patrolling, reviewing, tagging and thanking. It may be helpful in some situations to have a comprehensive global log that encompasses all publicly logged actions.

See also / related: T222004


Original description:

I have accidentally dropped my Huggle bot password (instead of a prewritten message) in a Wikidata revert edit summary. Theoretically, an attacker filtering Special:RecentChanges for bot passwords could have automatically abused my account for a period of about 10 seconds. There seems to be no way for me to comprehensively check whether that has happened on any of the ~1000 wikis. The abuse scenario is not extremely unlikely due to the standardized composition of bot passwords and the API access that comes with them.

Please create a global account action log that fixes this lack of information. Alternatively, or additionally if needed, please manually run a database query for my account (2019-04-26T19:55:25).

Event Timeline

ToBeFree created this task.Apr 26 2019, 8:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 26 2019, 8:34 PM
ToBeFree updated the task description. (Show Details)Apr 26 2019, 8:35 PM
ToBeFree updated the task description. (Show Details)Apr 26 2019, 8:58 PM

For what you are literally asking for: https://tools.wmflabs.org/guc/

Reading between the lines, for what you actually want to know:

  • You had a huggle login on 2019-04-26T19:48:00 .
  • You had a web browser re-login at 2019-04-26T19:56:37 (To reauthenticate to change bot password)
  • Bot password changed at 2019-04-26T19:56:45

So nobody evil logged into your account at that time period

There are no other logins prior to changing your bot password

ToBeFree added a comment.EditedApr 26 2019, 11:33 PM

Thank you very much, this relieves me! :)

Regarding the tool, it may be a bit of a stretch and mostly irrelevant for my own account, but it doesn't look as if the GUC list would contain, for example, malicious abuse of the blocking, protection, patrolling, reviewing, tagging and thanking tools. It may also, or alternatively, be nice to have access to a log similar as the one you have provided above. Perhaps the feature request needs to be re-titled and/or re-described to be useful in this regard.

ToBeFree renamed this task from Create global account action log for all CentralAuth wikis to Create comprehensive global account action log for all CentralAuth wikis.Apr 27 2019, 12:04 AM
ToBeFree updated the task description. (Show Details)

Feel free to close any of both tasks, perhaps as a duplicate, if they are considered to be essentially attempting to solve the same problem using two different solutions