Extension:Wiki2Ban
 Release status: stableCategory:Stable extensions |
|
|---|---|
 |
|
| Implementation | User identityCategory:User identity extensions, Data extractionCategory:Data extraction extensions, Special pageCategory:Special page extensions |
| Description | Generates a log of failed authentication attempts to be used for IP blocking |
| Author(s) | Luca Mauri (Lucamauritalk) |
| Latest version | 1.0 (2023-06-01) |
| MediaWiki | Category:Extensions without MediaWiki version |
| Composer | lucamauri/wiki2ban Category:Extensions supporting Composer |
| License | GNU General Public License 3.0 or later |
| Download | GitHub: Note: https://github.com/lucamauri/Wiki2Ban/blob/main/README.md |
|
$wgW2BlogFilePath |
|
The Wiki2Ban extension generates a log of failed authentication that can be fed into Fail2Ban to block respective IP addresses.
This extension is inspired by Fail2banlog extension, but written from scratch by written by Luca Mauri.
Installation
Easiest way to install the extension is using Composer: it will automatically resolve all the dependencies and install them as well.
Add the require configuration as in the following example to the composer.local.json at the root of your MediaWiki installation, or create the file if it does not exist yet:
{
"require": {
"lucamauri/wiki2ban": "~1.0"
},
"extra": {
"merge-plugin": {
"include": [
]
}
},
"config": {
}
}
and, in a command prompt, run Composer in the root of your MediaWiki installation:
composer install --no-dev
Add the following code near the rest of the extensions loading in the site's LocalSettings.php:
wfLoadExtension('Wiki2ban');
Below this line, add the configuration parameters as explained in Configuration section below.
Configuration
In the LocalSettigs.php file add:
$wgW2BlogFilePath = "/var/log/mediawiki/wiki2ban.log";
\$wgW2BlogFilePath
The path to the logfile the extension will write and that Fail2Ban will read to perform ban actions.
Fail2Ban configuration
Finally you need to configure a rule and a filter on Fail2Ban: this extension contains two files in f2bconf directory showing basic configuration.
Rule
Rule is shown in the file:
/f2bconf/w2brule.conf
the content of this file can be copied into Fail2Ban's main configuration file (usually /etc/fail2ban/jail.local) or kept as a separate configuration file in `jail.d` directory. Remember to customize the parameter logpath with the path of the file defined in the configuration file (see above).
Filter
Filter is shown in the file:
/f2bconf/w2bfilter.conf
this file should be copied into Fail2Ban's filter directory (usually /etc/fail2ban/filter.d/).
Troubleshooting
To read detailed logging messages, you can intercept the log group named Wiki2Ban: for instance with the following configuration into LocalSetting.php:
$wgShowExceptionDetails = true;
$wgDebugLogGroups['Wiki2Ban'] = "/var/log/mediawiki/Wiki2Ban-{$wgDBname}.log";
Additional file
File wiki2ban.json contained in f2bconf folder is a definition for Log Navigator application as explained here: https://docs.lnav.org/en/latest/formats.html#defining-a-new-format.
See also
- Extension:Fail2Log — Creates a log file containing IP addresses of IP's that tried to login with an incorrect username and/or password.