Ever since T174492 was done, we have had the ability to log login attempts in CheckUser. This task proposes that we should enable this feature in WMF wikis.
For successful login attempts, the case is clear: it is one additional data point to use for CU purposes.
For failed login attempts, there is still a case to make: these are useful to be logged in that some users (especially those who have advanced permissions such as sysop, but are not using two-factor authentication) have repeatedly reported that their accounts have been targets of several failed login attempts (presumably, at least part of it is done by malicious users that are trying to gain access to their account). Logging the failed attempts will allow CheckUsers to investigate these incidents, and possibly identify another editor who seems to be behind the malicious attempt.
Another possible question: should we do an RFC about it first? The answer, IMHO, is no, it is not needed. For all of aforementioned items that are currently logged, no RFC was done first to get community consensus on whether or not to include them in the CU logs.
If enabled, the log entries would look like below in a "get edits" query by the IP address. If you query by the username instead, only the first row will be returned.
As discussed further below, it turns out that some bots log hundreds of successful logins per hour (sometimes even per minute) and that could inflate the CU tables significantly. Therefore, we will exclude successful login attempts from the CU logs kept on WMF wikis.
- Introduce $wgCheckUserLogSuccessfulBotLogins (r/605301)
- Create a patch for operations/mediawiki-config that sets the two global variables.
- Get approval from Legal
- Get acknowledgement for T&S
- Get approval from DBA (@Marostegui - with the conditions agreed during the task's discussion)
- Enable this for a few wikis, and monitor the growth of DB table size; also get feedback on usefulness of the new data
- Identify pilot wikis (fawiki and cswiki were selected)
- Deploy it for the pilot wikis (Done on 2020-09-03)
- Create a task for monitoring DB growth (see T261999)
- Enable this for all wikis but a few large ones
- Upon DBA satisfaction, enable at all wikis but loginwiki