Extension:Wiki2Ban

MediaWiki extensions manual
Wiki2Ban
Release status: stable
Implementation User identity , Data extraction, Special page
Description Generates a log of failed authentication attempts to be used for IP blocking
Author(s) Luca Mauri (Lucamauritalk)
Latest version 1.0 (2023-06-01)
MediaWiki
Composer lucamauri/wiki2ban
License GNU General Public License 3.0 or later
Download
https://github.com/lucamauri/Wiki2Ban/blob/main/README.md
$wgW2BlogFilePath

The Wiki2Ban extension generates a log of failed authentication that can be fed into Fail2Ban to block respective IP addresses.

This extension is inspired by Fail2banlog extension, but written from scratch by written by Luca Mauri.

Installation

edit

Easiest way to install the extension is using Composer: it will automatically resolve all the dependencies and install them as well.

Add the require configuration as in the following example to the composer.local.json at the root of your MediaWiki installation, or create the file if it does not exist yet:

{
    "require": {
        "lucamauri/wiki2ban": "~1.0"
    },
    "extra": {
        "merge-plugin": {
            "include": [
            ]
        }
    },
    "config": {
    }
}

and, in a command prompt, run Composer in the root of your MediaWiki installation:

composer install --no-dev

Add the following code near the rest of the extensions loading in the site's LocalSettings.php:

wfLoadExtension('Wiki2ban');

Below this line, add the configuration parameters as explained in Configuration section below.

Configuration

edit

In the LocalSettigs.php file add:

$wgW2BlogFilePath = "/var/log/mediawiki/wiki2ban.log";

\$wgW2BlogFilePath

edit

The path to the logfile the extension will write and that Fail2Ban will read to perform ban actions.

Fail2Ban configuration

edit

Finally you need to configure a rule and a filter on Fail2Ban: this extension contains two files in f2bconf directory showing basic configuration.

Rule

edit

Rule is shown in the file:

/f2bconf/w2brule.conf

the content of this file can be copied into Fail2Ban's main configuration file (usually /etc/fail2ban/jail.local) or kept as a separate configuration file in `jail.d` directory. Remember to customize the parameter logpath with the path of the file defined in the configuration file (see above).

Filter

edit

Filter is shown in the file:

/f2bconf/w2bfilter.conf

this file should be copied into Fail2Ban's filter directory (usually /etc/fail2ban/filter.d/).

Troubleshooting

edit

To read detailed logging messages, you can intercept the log group named Wiki2Ban: for instance with the following configuration into LocalSetting.php:

$wgShowExceptionDetails = true;
$wgDebugLogGroups['Wiki2Ban'] = "/var/log/mediawiki/Wiki2Ban-{$wgDBname}.log";

Additional file

edit

File wiki2ban.json contained in f2bconf folder is a definition for Log Navigator application as explained here: https://docs.lnav.org/en/latest/formats.html#defining-a-new-format.

See also

edit
  • Extension:Fail2Log — Creates a log file containing IP addresses of IP's that tried to login with an incorrect username and/or password.