Extension:Fail2banlog

The Fail2banlog extension feeds "fail2ban" so you can block bruteforce attacks at the firewall level.

Usage
You will need fail2ban from fail2ban.org.

You have to add this to your fail2ban config (don't forget to change the file name) :

[MediaWiki] enabled = true logfile = /home/www/log/MWf2b.log port = http timeregex = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} \S{3} timepattern = %%Y-%%m-%%d %%H:%%M:%%S %%Z failregex = Authentication error

With newer version of fail2ban, you may create a new filter file in /etc/fail2ban/filter.d named mediawiki.conf : [Definition] failregex = Authentication error from  on .*
 * 1) note - depending on which version of the php extension you use below (pre or post 1.27) you may need to
 * 2) tweak the regex. I have just tweaked this to work on the latter shard of code.
 * 3) use fail2ban-regex to test your filter.

And call it from /etc/fail2ban/jail.conf with something like : [MediaWiki] enabled = true filter = mediawiki action = iptables-multiport[name=web, port="http,https", protocol=tcp] logpath = /home/www/log/MWf2b.log maxretry = 3

Download instructions
Please cut and paste the code found below or below for version from 1.27.0 and place it in. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation
To install this extension, add the following to LocalSettings.php:

Configuration parameters

 * fail2banfile : The file written, be sure you php can write to it, you may want to rotate it with your logs.
 * fail2banid : a simple test appended to each line.