Extension:Fail2banlog

The Fail2banlog extension feeds "fail2ban" so you can block bruteforce attacks at the firewall level.

Usage
You will need fail2ban from fail2ban.org.

You have to add this to your fail2ban config (don't forget to change the file name) :

[MediaWiki] enabled = true logfile = /home/www/log/MWf2b.log port = http timeregex = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} \S{3} timepattern = %%Y-%%m-%%d %%H:%%M:%%S %%Z failregex = Authentication error

With newer version of fail2ban, you may create a new filter file in /etc/fail2ban/filter.d named mediawiki.conf : [Definition] failregex = Authentication error from  on .*
 * 1) note 2018/4/12- I have just tweaked the code to log entries compatible with the above.
 * 2) If in doubt, use fail2ban-regex to test your filter.

And call it from /etc/fail2ban/jail.conf with something like : [MediaWiki] enabled = true filter = mediawiki action = iptables-multiport[name=web, port="http,https", protocol=tcp] logpath = /home/www/log/MWf2b.log maxretry = 3

Download instructions
Please cut and paste the code found below or below for version from 1.27.0 and place it in. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation
To install this extension, add the following to LocalSettings.php:

Configuration parameters

 * fail2banfile : The file written, be sure you php can write to it, you may want to rotate it with your logs.
 * fail2banid : a simple test appended to each line.

Gotchas

 * check your paths
 * check your permissions/SELinux contexts
 * check your regex in the filter. Remember, this is a wiki, the source is fluid.