Extension:Wiki2Ban

**MediaWiki extensions manual**
Wiki2Ban; Release status: stable
Implementation	User identity, Data extraction, Special page
Description	Generates a log of failed authentication attempts to be used for IP blocking
Author(s)	Luca Mauri (Lucamauritalk)
Latest version	1.0 (2023-06-01)
MediaWiki
Composer	lucamauri/wiki2ban
License	GNU General Public License 3.0 or later
Download	GitHub: project page; git repository URL [help]; commit history; ; Note:; No localisation updates are; provided by translatewiki.net. ; https://github.com/lucamauri/Wiki2Ban/blob/main/README.md
	Parameters $wgW2BlogFilePath
	Hooks used AuthManagerLoginAuthenticateAudit;

The Wiki2Ban extension generates a log of failed authentication that can be fed into Fail2Ban to block respective IP addresses.

This extension is inspired by Fail2banlog extension, but written from scratch by written by Luca Mauri.

Installation

Easiest way to install the extension is using Composer: it will automatically resolve all the dependencies and install them as well.

Add the require configuration as in the following example to the composer.local.json at the root of your MediaWiki installation, or create the file if it does not exist yet:

{
    "require": {
        "lucamauri/wiki2ban": "~1.0"
    },
    "extra": {
        "merge-plugin": {
            "include": [
            ]
        }
    },
    "config": {
    }
}

and, in a command prompt, run Composer in the root of your MediaWiki installation:

composer install --no-dev

Add the following code near the rest of the extensions loading in the site's LocalSettings.php:

wfLoadExtension('Wiki2ban');

Below this line, add the configuration parameters as explained in Configuration section below.

Configuration

In the LocalSettigs.php file add:

$wgW2BlogFilePath = "/var/log/mediawiki/wiki2ban.log";

`\$wgW2BlogFilePath`

The path to the logfile the extension will write and that Fail2Ban will read to perform ban actions.

Fail2Ban configuration

Finally you need to configure a rule and a filter on Fail2Ban: this extension contains two files in f2bconf directory showing basic configuration.

Rule

Rule is shown in the file:

/f2bconf/w2brule.conf

the content of this file can be copied into Fail2Ban's main configuration file (usually /etc/fail2ban/jail.local) or kept as a separate configuration file in `jail.d` directory. Remember to customize the parameter logpath with the path of the file defined in the configuration file (see above).

Filter

Filter is shown in the file:

/f2bconf/w2bfilter.conf

this file should be copied into Fail2Ban's filter directory (usually /etc/fail2ban/filter.d/).

Troubleshooting

To read detailed logging messages, you can intercept the log group named Wiki2Ban: for instance with the following configuration into LocalSetting.php:

$wgShowExceptionDetails = true;
$wgDebugLogGroups['Wiki2Ban'] = "/var/log/mediawiki/Wiki2Ban-{$wgDBname}.log";

Additional file

File wiki2ban.json contained in f2bconf folder is a definition for Log Navigator application as explained here: https://docs.lnav.org/en/latest/formats.html#defining-a-new-format.

Wiki2Ban Release status: stable

Implementation	User identity , Data extraction, Special page
Description	Generates a log of failed authentication attempts to be used for IP blocking
Author(s)	Luca Mauri (Lucamauri^talk)
Latest version	1.0 (2023-06-01)
MediaWiki
Composer	lucamauri/wiki2ban
License	GNU General Public License 3.0 or later
Download	GitHub: project page git repository URL ^{[help ]} commit history Note: No localisation updates are provided by translatewiki.net . https://github.com/lucamauri/Wiki2Ban/blob/main/README.md
Parameters $wgW2BlogFilePath
Hooks used AuthManagerLoginAuthenticateAudit