Page MenuHomePhabricator
Create Task
Maniphest T346003

AbuseFilter log entry for automatic account creation shows account name in the log but shows IP in CheckUser
Open, Needs TriagePublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):
Unsure of the exact steps, however I think it would probably occur using the following:

  1. Create a "wiki farm" (using CentralAuth or other method) that has shared accounts with at least two wikis.
  2. Create an AbuseFilter that targets usernames on a wiki 1 and logs when a hit occurs.
  3. Create an account on wiki 2 that would match the AbuseFilter on wiki 1
  4. Open a page on wiki 1 to cause an autocreation.

What happens?:
The AbuseFilter entry shows the performer as an account, but the action as shown in the CheckUser tool is marked as being performed by the IP address that created the account.

What should have happened instead?:
The log should be consistent between what is shown in the AbuseFilter log and what is shown in CheckUser. There is no need to show the IP as the performer in CheckUser, as the IP would already be shown just below as is done for logged in users.

Software version (skip for WMF-hosted wikis like Wikipedia):
English Wikipedia

Other information (browser name/version, screenshots, etc.):
I found this on the English Wikipedia. The example I found was https://en.wikipedia.org/wiki/Special:AbuseLog/35622396 (I found this while running CheckUser on the account for https://en.wikipedia.org/wiki/Wikipedia:Sockpuppet_investigations/Oli2000s). The account creation log entry appears before the AbuseFilter log entry in the CheckUser results which suggests that the account was created before the AbuseFilter log entry was sent to CheckUser.

Related Objects

Event Timeline

Dreamy_Jazz created this task.Sep 10 2023, 6:47 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 10 2023, 6:47 PM
Dreamy_Jazz renamed this task from AbuseFilter entry for autoaccountcreation shows as IP in CheckUser but as account name in the AbuseFilter log entry to AbuseFilter entry for automatic account creation shows as IP in CheckUser but as account name in the AbuseFilter log entry.Sep 10 2023, 6:48 PM
Dreamy_Jazz renamed this task from AbuseFilter entry for automatic account creation shows as IP in CheckUser but as account name in the AbuseFilter log entry to AbuseFilter log entry for automatic account creation shows account name in the log but shows IP in CheckUser.
Dreamy_Jazz updated the task description. (Show Details)Sep 10 2023, 6:50 PM
Dreamy_Jazz moved this task from Backlog to Logging on the AbuseFilter board.
Dreamy_Jazz updated the task description. (Show Details)Sep 10 2023, 6:59 PM
Dreamy_Jazz updated the task description. (Show Details)Sep 10 2023, 7:02 PM
Bugreporter subscribed.Sep 11 2023, 7:09 AM

Note: Currently AbuseFilter stores potentially non-existent user names as performer for account creation (including automatic creation) action, which is not supported by the actor mechanism. See T188180: Read from and write to `actor` table in AbuseFilter

matej_suchanek subscribed.Sep 11 2023, 8:20 AM

Yes, what @Dreamy_Jazz reports is basically a workaround for T233004#8066667 (814125).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL