Hi Chris,
Out of the box, I don't think there is any failed-login logging,
although I think some of the auth plugins may. You could write a
simple hook for LoginAuthenticateAudit, similar to how ConfirmEdit
hooks failed logins to present a captcha after too many failed logins.
For permissions (I'm assuming you mean after install, when
LocalSettings.php has to get into your webroot somehow), your
webserver can get by with only read permission to the MediaWiki
directory. If you enable file uploads, the server needs to also write
and lock files and subdirectories in the /images directory. If you
have a debug log, obvious the server needs to write to that, but
please don't put that in your webroot. Also, if you have file uploads
enabled, the webserver will need to read and write to /tmp (or
whatever temp directory that your webserver is configured to use).
Different extensions or caching methods may need some other
permissions, but those are the basics.
On Wed, Oct 31, 2012 at 2:03 PM, Chris <cdm33.com(a)gmail.com> wrote:
Does anyone know how to detect or log failed logins ?
Also, there doesn't seem to be a consensus on file permissions in the wiki
directory - can anyone say with some authority ?
thanks,
Chris
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l