Maniphest T419260

Temporary accounts: Unlogged IP reveal possible during read only mode
Closed, ResolvedPublic
Actions

Description

Summary

If the site is in read only mode, it is possible to use IP reveal on temporary accounts without this being logged

Background

The IP reveal log requires read-write mode to be enabled to work
- When read only mode is enabled, the on-wiki log cannot be created and a critical logstash log is created. However, the IP reveal still occured
We should prevent unlogged IP reveals during period of read only mode
During the recent emergency read only period, we saw 1,400 instances of IP reveal that were unlogged
- This is mostly IP reveal via the abuselog API

Acceptance criteria

It is no longer possible to use IP reveal when the site is in read only mode

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	IP reveal: Don't allow IP reveal when in read only mode	mediawiki/extensions/CheckUser	master	+79 -1
	Protected vars: Don't show values during site read only	mediawiki/extensions/AbuseFilter	master	+216 -20

Customize query in gerrit

Related Objects

Duplicates Merged Here: T419399: Viewing protected variables not logged in read-only mode

Event Timeline

Dreamy_Jazz created this task.Mar 6 2026, 3:48 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 6 2026, 3:48 PM

Madalina edited projects, added Product Safety and Integrity (Sprint Crocus (Mar 2 - Mar 20)); removed Product Safety and Integrity.Mar 6 2026, 4:12 PM

PixDeVl subscribed.Mar 6 2026, 4:52 PM

A_smart_kitten added a project: CheckUser.Mar 8 2026, 12:56 PM

Dreamy_Jazz updated the task description. (Show Details)Mar 9 2026, 9:16 AM

Hmm, are you sure that right now it's possible to view the IP address of temporary accounts during a read-only period? I haven't checked it just now, but I'm pretty sure that during the recent emergency read-only period, when I tried to display IP addresses, I got an error.

In T419260#11687069, @neriah wrote:

Hmm, are you sure that right now it's possible to view the IP address of temporary accounts during a read-only period? I haven't checked it just now, but I'm pretty sure that during the recent emergency read-only period, when I tried to display IP addresses, I got an error.

Yes, the entry in the logging table only gets created after the IP address has been queried and returned. Specifically it appears that the issue is mostly related to the abuselog API. The rest (18 events) are seen from jobs, but it's possible that these entries were made during the period of time that some servers were read only and others were read-write

Dreamy_Jazz merged a task: T419399: Viewing protected variables not logged in read-only mode.Mar 9 2026, 2:17 PM

Dreamy_Jazz updated the task description. (Show Details)

Dreamy_Jazz added a subscriber: dom_walden.

sbassett added a project: 2026-user-javascript-incident.Mar 10 2026, 9:57 PM

Johannnes89 subscribed.Mar 12 2026, 7:46 AM

Catrope moved this task from Backlog to Q3 on the 2026-user-javascript-incident board.Mar 18 2026, 4:52 PM

Madalina moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Crocus (Mar 2 - Mar 20)) board.Mar 18 2026, 6:08 PM

Madalina moved this task from Ready to Backlog on the Product Safety and Integrity (Sprint Crocus (Mar 2 - Mar 20)) board.Mar 18 2026, 7:18 PM

MLechvien-WMF added a project: Sustainability (Incident Followup).Mar 19 2026, 11:42 AM

OKryva-WMF edited projects, added Essential-Work, Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))); removed Product Safety and Integrity (Sprint Crocus (Mar 2 - Mar 20)).Mar 24 2026, 8:15 AM

OKryva-WMF moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 25 2026, 1:01 PM

Dreamy_Jazz claimed this task.Mar 26 2026, 4:59 PM

Dreamy_Jazz moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.

Change #1262168 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/AbuseFilter@master] Protected vars: Don't show values during site read only

https://gerrit.wikimedia.org/r/1262168

gerritbot added a project: Patch-For-Review.Mar 27 2026, 3:38 PM

A_smart_kitten added a project: AbuseFilter.Mar 27 2026, 4:05 PM

Dreamy_Jazz moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 27 2026, 6:15 PM

Change #1262266 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] IP reveal: Don't allow IP reveal when in read only mode

https://gerrit.wikimedia.org/r/1262266

OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)); removed Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))).Tue, Apr 14, 7:29 AM

OKryva-WMF moved this task from Backlog to Needs review on the Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)) board.Tue, Apr 14, 7:45 AM

Change #1262168 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Protected vars: Don't show values during site read only

https://gerrit.wikimedia.org/r/1262168

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.26; 2026-04-28).Wed, Apr 15, 2:00 PM

Change #1262266 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] IP reveal: Don't allow IP reveal when in read only mode

https://gerrit.wikimedia.org/r/1262266

Maintenance_bot removed a project: Patch-For-Review.Thu, Apr 16, 7:31 AM

Dreamy_Jazz moved this task from Needs review to QA in Prod on the Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)) board.Thu, Apr 16, 7:56 AM

Dreamy_Jazz closed this task as Resolved.Tue, Apr 28, 11:53 AM

Dreamy_Jazz moved this task from QA in Prod to Done on the Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)) board.