Page MenuHomePhabricator
Create Task
Maniphest T391322

Special:AbuseLog: Support search by IP and IP range when temporary accounts are enabled
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

Summary

Special:AbuseLog provides a search input for "User" that allows finding matches in logs for an IP address across all filters. When temporary accounts are enabled, searching by IP address no longer works. For users who have IP reveal rights, we should make it possible to find log matches for IPs associated with temporary accounts.

Background

  • Conceptually, this is somewhat similar to Special:IPContributions which allows plugging in an IP address or range, and finding temporary accounts (in last 90 days) associated with the IP / range.
    • From that point of view, the privacy and legal risk for this feature should be similar to Special:IPContributions

Technical notes

  • AbuseFilter will support IP/range lookups via afl_ip_hex after T397842: Populate afl_ip_hex for pre-existing abuse_filter_log rows
  • SpecialAbuseLog::searchForm's SearchUser input should now support IP ranges. See SpecialCheckUser, SpecialInvestigate for examples of how to support ip ranges (iprange property). Range should probably have some kind of limit like Special:IPContributions does.
  • SpecialAbuseLog::showList takes a parameter mSearchUser which should now ingest IP/ranges
  • If an IP/range is submitted (use IPUtils), the condition should match the IP/range to afl_ip_hex
    • The results should exclude all rows except those which are performed by logged-out users (where the IP is used as the performer of the log) and temporary accounts (as determined by TempUserConfig::isTempName and/or TempUserConfig::getMatchCondition)

Acceptance criteria

  • As a user with IP reveal rights, I can input an IP address or IP address range on Special:AbuseLog and get results with matches for the relevant temporary account users

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Support IP lookups of temporary accounts on Special:AbuseLogmediawiki/extensions/AbuseFiltermaster+266 -20
Customize query in gerrit

Related Objects
Search...

Event Timeline

kostajh created this task.Apr 8 2025, 7:27 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 8 2025, 7:27 AM
kostajh renamed this task from Special:AbuseLog: Support search by IP when temporary accounts are enabled to Special:AbuseLog: Support search by IP and IP range when temporary accounts are enabled.Apr 8 2025, 7:27 AM
kostajh mentioned this in T256823: Add range or wildcard support to Special:AbuseLog.
Johannnes89 subscribed.Apr 8 2025, 7:40 AM
Titore subscribed.Apr 15 2025, 10:35 PM
KColeman-WMF subscribed.Apr 28 2025, 10:56 PM
kostajh added a project: Temporary accounts.Apr 29 2025, 10:21 AM
EMill-WMF subscribed.Apr 29 2025, 8:50 PM
Niharika subscribed.Apr 30 2025, 1:31 PM
Dreamy_Jazz updated the task description. (Show Details)Apr 30 2025, 1:34 PM
Tchanders moved this task from Inbox to Create/update essential tools/anti-abuse management on the Temporary accounts board.Apr 30 2025, 4:26 PM
Tchanders edited projects, added Temporary accounts (Create/update essential tools/anti-abuse management); removed Temporary accounts.
Dreamy_Jazz added a project: Trust and Safety Product Sprint (Sprint Carrot Cake (May 26 - June 13)).May 21 2025, 11:47 AM
Dreamy_Jazz added a project: Schema-change.
Dreamy_Jazz moved this task from Unsorted to Change on the Schema-change board.
kostajh moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Carrot Cake (May 26 - June 13)) board.May 25 2025, 6:57 PM
Dreamy_Jazz mentioned this in T395612: AbuseFilter abuse_filter_log table: Store IP addresses as hex values.May 29 2025, 8:28 PM
Dreamy_Jazz removed projects: Schema-change, Trust and Safety Product Sprint (Sprint Carrot Cake (May 26 - June 13)).
Dreamy_Jazz subscribed.

Will split the Schema-change into subtasks to make it easier to work on.

Dreamy_Jazz mentioned this in T395613: Create afl_ip_hex column in the abuse_filter_log table.May 29 2025, 8:30 PM
Tchanders edited projects, added Temporary accounts (Global wiki rollout); removed Temporary accounts (Create/update essential tools/anti-abuse management).Jun 10 2025, 5:39 PM
Tchanders moved this task from To triage to Ready on the Temporary accounts (Global wiki rollout) board.Jun 12 2025, 1:25 PM
Dreamy_Jazz mentioned this in T397762: Write to afl_ip_hex in AbuseFilter.Jun 24 2025, 7:28 PM
Dreamy_Jazz mentioned this in T397842: Populate afl_ip_hex for pre-existing abuse_filter_log rows.Jun 25 2025, 1:45 PM
Dreamy_Jazz mentioned this in T397941: Update code to read from afl_ip_hex.Jun 26 2025, 2:42 PM
sgrabarczuk subscribed.Jun 30 2025, 12:24 PM
Tchanders edited projects, added Temporary accounts (Create/update essential tools/anti-abuse management); removed Temporary accounts (Global wiki rollout).Jul 16 2025, 2:22 PM
Niharika edited projects, added Temporary accounts; removed Temporary accounts (Create/update essential tools/anti-abuse management).Jul 22 2025, 11:01 AM
Niharika moved this task from Inbox to Q2 FY25-26 candidates on the Temporary accounts board.
Niharika edited projects, added Temporary accounts (Global wiki rollout); removed Temporary accounts.Jul 22 2025, 2:27 PM
OKryva-WMF triaged this task as Medium priority.Jul 22 2025, 3:17 PM
OKryva-WMF added a project: Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)).
STran updated the task description. (Show Details)Jul 23 2025, 4:54 PM
Dreamy_Jazz updated the task description. (Show Details)Jul 23 2025, 5:03 PM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz updated the task description. (Show Details)Jul 23 2025, 5:06 PM
Dreamy_Jazz updated the task description. (Show Details)
STran claimed this task.Jul 23 2025, 5:13 PM
STran moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)) board.
gerritbot added a comment.Jul 24 2025, 2:31 PM

Change #1172321 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] Support IP lookups of temporary accounts on Special:AbuseLog

https://gerrit.wikimedia.org/r/1172321

gerritbot added a project: Patch-For-Review.Jul 24 2025, 2:31 PM
STran moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)) board.Jul 24 2025, 2:57 PM
OKryva-WMF edited projects, added Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)); removed Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)).Jul 25 2025, 1:58 PM
OKryva-WMF moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.
Tchanders set the point value for this task to 1.Jul 29 2025, 6:41 AM
Tchanders moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.Jul 31 2025, 4:20 PM
gerritbot added a comment.Jul 31 2025, 5:06 PM

Change #1172321 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Support IP lookups of temporary accounts on Special:AbuseLog

https://gerrit.wikimedia.org/r/1172321

Maintenance_bot removed a project: Patch-For-Review.Jul 31 2025, 5:31 PM
ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.13; 2025-08-05).Jul 31 2025, 6:00 PM
Dreamy_Jazz moved this task from Inbox to Engineering on the Trust and Safety Product Team board.Aug 6 2025, 9:57 AM
Dreamy_Jazz added a project: OKR-Work.Aug 14 2025, 10:13 AM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.Aug 14 2025, 9:28 PM
Djackson-ctr subscribed.

New Code Changes have been implemented Per the Acceptance Criteria:

QA was completed for this ticket using Mediawiki 1.45.0-wmf.14 (012f5a9).

Testing was performed on various: Skins, Desktop View/MobileView, Chrome/Edge/Firefox/Safari, Windows/Mac/Android/iOS, RTL languages

STran closed this task as Resolved.Aug 18 2025, 3:20 PM
Dreamy_Jazz closed subtask T395612: AbuseFilter abuse_filter_log table: Store IP addresses as hex values as Resolved.Oct 22 2025, 4:02 PM
kostajh mentioned this in T412339: Support querying by IP range in API module of abuselog.Dec 11 2025, 8:10 AM
kostajh mentioned this in T412341: Include link to "abuse log" when viewing IP ranges.Dec 11 2025, 8:14 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits