Page MenuHomePhabricator
Create Task
Maniphest T427784

hCaptcha risk scores for blocked account creations
Open, Needs TriagePublic
Actions

Description

Summary

When a user attempts to create an account from a local or globally blocked IP or IP address range, we should collect the hCaptcha risk score from the hCaptcha token used in the account creation submission, and log this to the hcaptcha/risk_score event stream.

Acceptance criteria

  • hcaptcha/risk_score contains events from failed account creations due to IP / IP range blocks

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
hCaptcha: Collect risk score for blocked account creationsmediawiki/extensions/ConfirmEditmaster+346 -3
hCaptcha: Collect risk score for blocked account creationsmediawiki/extensions/ConfirmEditwmf/1.47.0-wmf.5+346 -3
hCaptcha: Log risk scores for blocked account creationsmediawiki/extensions/WikimediaEventsmaster+84 -4
Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
hcaptcha/risk_score: Add account-creation block actionsrepos/data-engineering/schemas-event-secondary!123kharlanhcaptcha-createaccount-block-riskscoremaster
Customize query in GitLab

Related Objects
Search...

Event Timeline

kostajh created this task.Mon, Jun 1, 9:23 AM
CodeReviewBot added a project: Patch-For-Review.Mon, Jun 1, 12:20 PM

kharlan opened https://gitlab.wikimedia.org/repos/data-engineering/schemas-event-secondary/-/merge_requests/123

hcaptcha/risk_score: Add account-creation block actions

gerritbot added a comment.Mon, Jun 1, 1:40 PM

Change #1295923 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/WikimediaEvents@master] hCaptcha: Log risk scores for blocked account creations

https://gerrit.wikimedia.org/r/1295923

gerritbot added a comment.Mon, Jun 1, 1:42 PM

Change #1295924 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/ConfirmEdit@master] hCaptcha: Collect risk score for blocked account creations

https://gerrit.wikimedia.org/r/1295924

CodeReviewBot added a comment.Mon, Jun 1, 5:22 PM

dreamyjazz updated https://gitlab.wikimedia.org/repos/data-engineering/schemas-event-secondary/-/merge_requests/123

hcaptcha/risk_score: Add account-creation block actions

CodeReviewBot added a comment.Mon, Jun 1, 5:22 PM

dreamyjazz merged https://gitlab.wikimedia.org/repos/data-engineering/schemas-event-secondary/-/merge_requests/123

hcaptcha/risk_score: Add account-creation block actions

gerritbot added a comment.Mon, Jun 1, 5:33 PM

Change #1295923 merged by jenkins-bot:

[mediawiki/extensions/WikimediaEvents@master] hCaptcha: Log risk scores for blocked account creations

https://gerrit.wikimedia.org/r/1295923

kostajh moved this task from Backlog to Needs review on the Product Safety and Integrity (Sprint Iris (May 25 - Jun 12)) board.Tue, Jun 2, 11:47 AM
gerritbot added a comment.Wed, Jun 3, 9:01 AM

Change #1297069 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/ConfirmEdit@wmf/1.47.0-wmf.5] hCaptcha: Collect risk score for blocked account creations

https://gerrit.wikimedia.org/r/1297069

gerritbot added a comment.Wed, Jun 3, 9:19 AM

Change #1297069 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@wmf/1.47.0-wmf.5] hCaptcha: Collect risk score for blocked account creations

https://gerrit.wikimedia.org/r/1297069

Stashbot added a comment.Wed, Jun 3, 9:19 AM

Mentioned in SAL (#wikimedia-operations) [2026-06-03T09:19:58Z] <kharlan@deploy1003> Started scap sync-world: Backport for [[gerrit:1297069|hCaptcha: Collect risk score for blocked account creations (T427784)]]

Stashbot added a comment.Wed, Jun 3, 9:21 AM

Mentioned in SAL (#wikimedia-operations) [2026-06-03T09:21:51Z] <kharlan@deploy1003> kharlan: Backport for [[gerrit:1297069|hCaptcha: Collect risk score for blocked account creations (T427784)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.Wed, Jun 3, 9:27 AM

Mentioned in SAL (#wikimedia-operations) [2026-06-03T09:27:25Z] <kharlan@deploy1003> Finished scap sync-world: Backport for [[gerrit:1297069|hCaptcha: Collect risk score for blocked account creations (T427784)]] (duration: 07m 26s)

kostajh moved this task from Needs review to QA in Prod on the Product Safety and Integrity (Sprint Iris (May 25 - Jun 12)) board.Wed, Jun 3, 9:48 AM
gerritbot added a comment.Wed, Jun 3, 10:34 AM

Change #1295924 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@master] hCaptcha: Collect risk score for blocked account creations

https://gerrit.wikimedia.org/r/1295924

Dreamy_Jazz removed a project: Patch-For-Review.Wed, Jun 3, 10:40 PM
Dreamy_Jazz merged a task: T413073: hCaptcha: Log information about failed account creations due to AbuseFilters and IP blocks.Fri, Jun 5, 12:00 PM
Dreamy_Jazz mentioned this in T413073: hCaptcha: Log information about failed account creations due to AbuseFilters and IP blocks.
dom_walden subscribed.Wed, Jun 10, 10:28 AM

@kostajh How can I see this working? Should I see anything on the browser-side or is it all server-side?

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits