torelost.blogg.se

21 Oktober 2022 - 05:10
Inform login
Allmänt
Inform login




inform login
  1. #INFORM LOGIN FULL#
  2. #INFORM LOGIN PASSWORD#

Non-malicious: a user tries and fails on their phone, thinks "may be I just can't type my password correctly on the little phone screen", switches to laptop and fails again phone and laptop on two different networks (e.g.Grey area: a user is trying to log in via TOR every attempt may be routed differently in TOR, hence a different IP each time.Malicious: a user is trying to gain access to my account, but to circumvent MediaWiki safeguards, they are using a botnet or something like that.Here are situations that I can think of, in which multiple IPs might have failed attempts for the same account: T162748: Investigation: How does LoginNotify interface with CheckUser? T174553: Create a mechanism that allows fetching geolocation and subnet data for IP addresses T174562: LoginNotify should inform users of the IP address of successful login attempts to their account T145265: Store check user data action text in structured format T174562: LoginNotify should inform users of the IP address of successful login attempts to their account Mentioned Here T183722: Maintenance script to generate fake login attemps from any IP T32750: Ping/notify user when username used in an edit summary T184030: Investigation: Ping users from edit summary T185201: Phabricator edit registered multiple times T183722: Maintenance script to generate fake login attemps from any IP T174492: Log unsuccessful login attempts in CheckUser T187519: loginAttempt.php should use a hook, not a LoginNotify instance

inform login

T188184: LoginNotify should allow users to report malicious login attempts RELGN010ccf2623c2: Show the IP address of the login attempt in the Echo notification RELGN2b35a4028977: Show the IP address of the login attempt in the Echo notification RELGN1c82b5fc3f1e: Show the IP address of the login attempt in the Echo notification RELGN48a899c27587: Show the IP address of the login attempt in the Echo notification RELGN92895cc33796: Show the IP address of the login attempt in the Echo notification RELGN1a9d7c2dbf76: Show the IP address of the login attempt in the Echo notification RELGN6c7cf36422d5: Show the IP address of the login attempt in the Echo notification RELGN79a9af8bc729: Show the IP address of the login attempt in the Echo notification RELGN944977b2be16: Show the IP address of the login attempt in the Echo notification RELGN98125699c31f: Show the IP address of the login attempt in the Echo notification RELGN6fbdb8461eed: Show the IP address of the login attempt in the Echo notification RELGN256024829ae9: Show the IP address of the login attempt in the Echo notification RELGN005ffb99fe8b: Show the IP address of the login attempt in the Echo notification

inform login

RELGNb0448fdec9c6: Final NoteDb migration updates RELGNbf5798001565: Show the IP address of the login attempt in the Echo notification T205928: Improve Login alert when user logs in from new machine T249408: Show useragent data and username on new device login emails T253802: Configure WMF wikis to log login attempts in CheckUser

#INFORM LOGIN FULL#

Mentioned In T264483: LoginNotify doesn't log full IP

inform login

Primary link label (for email display only): None added

  • Body: Added a new body which reads "IP address of the last login attempt: $1" where $1 is replaced with the IP address.
    • Notification type (standard, bundled, expandable bundle): standard, I think (unchanged from the existing notification) Wording What triggers notification?: Login attempts Notification name: Unchanged, reusing notification-known-header-login-fail notification from LoginNotify Purpose of the notification: To inform the user about failed login attempts to his account To understand unfamiliar terms, visit the glossary. To see examples of the types of answers required, have a look at this sample form. New Notification Data Formįilling out this form will help developers and product people understand your idea and will provide the information required to implement it. Similarly, unsuccessful logins should leave CU traces to prevent abuse, otherwise this feature can become a source of annoyance. This will need to be checked with WMF Legal. I don't think there would be major privacy concerns as long as its noted where appropriate that trying to login on an account may disclose private data to the owner of that account, if that's not already covered by. When someone tries to reset our password, be it ourselves or third parties, the IP address of the requestor of the password reset is sent to our inbox with the password reset email.






    Inform login
    0 kommentar(er)
    Om Mig: