Extension:LoginNotify

From mediawiki.org
This extension comes with MediaWiki 1.40 and above. Thus you do not have to download it again. However, you still need to follow the other instructions provided.
MediaWiki extensions manual
LoginNotify
Release status: stable
Implementation User activity
Description Notify users of suspicious logins
Author(s) Brian Wolff (Bawolfftalk)
Latest version 0.1
MediaWiki >= 1.42
Database changes Yes
Composer mediawiki/loginnotify
Tables loginnotify_seen_net
License MIT License
Download
  • $wgLoginNotifySeenBucketSize
  • $wgLoginNotifyExpiryNewIP
  • $wgLoginNotifyExpiryKnownIP
  • $wgLoginNotifyEnableOnSuccess
  • $wgLoginNotifyUseSeenTable
  • $wgLoginNotifyAttemptsKnownIP
  • $wgLoginNotifyCacheLoginIPExpiry
  • $wgLoginNotifyCookieExpire
  • $wgLoginNotifyUseCentralId
  • $wgLoginNotifyCookieDomain
  • $wgLoginNotifyUseCheckUser
  • $wgLoginNotifySeenExpiry
  • $wgLoginNotifyMaxCookieRecords
  • $wgLoginNotifyAttemptsNewIP
  • $wgLoginNotifyCheckKnownIPs
  • $wgLoginNotifySecretKey
Quarterly downloads 30 (Ranked 120th)
Public wikis using 904 (Ranked 277th)
Translate the LoginNotify extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The LoginNotify extension notifies you when someone logs into your account. It can be configured to give warnings after a certain number of failed login attempts (The number is configurable, and can be different between unknown IPs/devices and known IPs/devices). It can also give Echo notices (which can also be emailed) for successful logins from IPs you don't normally use. It can optionally integrate into the CheckUser extension in order to determine if the login is from an IP address you don't normally use. It can also set a cookie to try and determine if the login is from a device you normally use.

Installation[edit]

This extension requires the Echo extension to be installed.

  • Download and move the extracted LoginNotify folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'LoginNotify' );
    
  • Configure as required.
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

This extension can optionally integrate with the CheckUser extension if it is installed, but does not require it.

Usage[edit]

Once LoginNotify is installed, whenever a user logs into the wiki, their IP subnet is cached on the server and a cookie named loginnotify_prevlogins is stored in their browser. These tokens, optionally along with CheckUser tables, are used to see if subsequent logins are coming from a known IP/device.

If CentralAuth and CheckUser are installed, it will check the IP not only for the current wiki, but also the ten wikis where the user is most active.

Configuration[edit]

Parameters that can be set in the "LocalSettings.php" file:

Name Description Default
$wgLoginNotifyAttemptsKnownIP The number of failed login attempts to permit from a known IP before a notification is triggered. 10
$wgLoginNotifyAttemptsNewIP The number of failed login attempts to permit from a new IP before a notification is triggered. 3
$wgLoginNotifyExpiryKnownIP The time-to-live of the count of failed login attempts from a known IP (from the time of the first failed attempt). 604800 (7 days)
$wgLoginNotifyExpiryNewIP The time-to-live of the count of failed login attempts from a new IP (from the time of the first failed attempt). 1209600 (14 days)
$wgLoginNotifyCheckKnownIPs Whether to trigger a notification after failed logins from known IPs. true
$wgLoginNotifyEnableOnSuccess Whether to trigger a notification after successful logins from unknown IPs. true
$wgLoginNotifyEnableForPriv Set different default notification preferences for different user groups. For user groups that have any of the user rights listed in this array, the preferences specified in Hooks:getOverridenOptions() are on by default. ("Failed login attempts" web notifications and "Login from new computer" web notifications.) [ "editinterface", "userrights" ]
$wgLoginNotifySecretKey Use this key instead of $wgSecretKey to generate the HMACs for the cookie. null
$wgLoginNotifyCookieExpire Expiration of the cookie. 15552000 (180 days)
$wgLoginNotifyCookieDomain To allow sharing login cookies between sites on different subdomains, set this to the parent domain name. null
$wgLoginNotifyMaxCookieRecords Maximum number of users (records) to track as having successfully logged in on a particular device. 6
$wgLoginNotifyCacheLoginIPExpiry How long to cache IPs in memcache. Set to false to disable; set to 0 to cache forever. 5184000 (60 days)