Thread:Extension talk:ConfirmEdit/SimpleCaptcha now useless/reply (14)

I've added 34913 (AbuseFilter should monitor LoginAuthenticateAudit and allow creation of rules to block IPs with multiple failed attempts) and 34914 (proposing the functionality of LoginAuthenticateAudit be extended to also report edit, login, register, move, upload attempts being rejected by other extension hooks instead of just failed login attempts detected by core code).

Not sure if this is the best approach... perhaps simply requesting a maximum number of retries in ConfirmEdit itself then locking the IP out would be quicker?

Nonetheless, a user being repeatedly locked out for any reason (bad password, failed ConfirmEdit, failed some other spam check) is something that an AbuseFilter really ought to be able to detect, but currently cannot as only its built-in checks can be used as the basis for a rule or a limit.