Last modified: 2007-04-05 20:51:34 UTC
I think if CheckUser scanned HTTP header "User Agent", it would be even better because User Agent also includes people's browser, operating system, and what browser extentions (sometimes) they have.
(In reply to comment #0) > I think if CheckUser scanned HTTP header "User Agent", it would be even better because User Agent also > includes people's browser, operating system, and what browser extentions (sometimes) they have. And why should that be helpful?
That data isn't stored anywhere, so CheckUser can't actually access it, and storing it would probably cause a privacy stink.
You can view all your HTTP headers at http://www.ioerror.us/ip/headers That sort of thing can also detect proxies. As for User Agent, it's not so much privacy since browsers do report that. A few can alter it, but most can't and most can't alter the Operating System part. When you email eBay within their website and they reply, you automatically see your user agent is printed out on one of the lines sent in the email (for some reason?). MediaWiki software also appears to check that to give the right skin pages.
You can also fake a user agent.
Which doesn't negate the fact that most people don't know how or it wouldn't occur to them, so this would remain useful regardless. You can also fake IP addresses, after all. This seems like a good idea.
Fair enough. This will require a schema change to add a column to recentchanges to store the user agent.
Created attachment 2953 [details] Modifications to MySQL5 tables
Created attachment 2954 [details] Patch to add rc_agent to recent changes Changes to Recentchange.php, minor argument changes to article/logpage.php, new $wgPutAgentinRC var is defaultsetttings.php
Created attachment 2955 [details] Patch to add HTTP header user agent checking to checkuser
Created attachment 2956 [details] Updater maintenance "arhive" stuff Also a file named "patch-rc_agent.sql" is needed, containing: -- Adding the rc_agent field for logging client info in recentchanges ALTER TABLE /*$wgDBprefix*/recentchanges ADD rc_agent varchar(255) NOT NULL default '';
Created attachment 2993 [details] Summary patch for HTTP header, XFF info, and searching deleted edits Since header/foward unfo and deleted edit patches change the same areas, its easier to do both. rc_agent, rc_xff and rc_archived columns are added to recent changes. rc_archived is used to hide deleted edits from RC rather than have them deleted by article.php on page archival. Undeleted entries that are still new will become visible again (wich they don't currently) as they should.
Created attachment 2994 [details] Add sql archive files, minor fixes
Created attachment 2995 [details] ChangesList - make archived RC entries wrapped in deleted-rev CSS This just makes it more clear should deleted edits appear in the results (checkuser should be the only thing that includes them).
Stupid question here: Since you'll be recognizing the XFF information now, will auto-blocks also use this info? That is, when an AOL user is blocked, will it be that IP or the XFF that is auto-blocked? (How detailed is the AOL XFF header, anyway? Just dial-up sessions, or [hashed] AOL username specific?)
Oh, and THANK YOU FOR INCLUDING DELETED EDITS! Thank you, thank you, thank you! May all the blessings of our creator rain down upon you and yours! Wonderful! Magnificent! Thank you! Ahem. That is to say, well done. Bravo.
It might be better to combine the User Agent and X-Forwarded-For chain in a single column in some manner. This would then make it easier to add further data in the future, for example.
Yes, definitely the X-Forwareded. There's actually several of these ones like X-Originating IP. I believe there are five. There'a Bluecoat-Forwarded thing, which is encoded somehow and it looks like ABDD43DEGO. I contacted the people who make the Bluecoat proxies and they claim it's not encrypted and is decodable, but would not tell me how (just sent a 100 page manual that also didn't tell me about the encoding). There are proxies that don't spill the IP but they are much harder to find and a whole lot slower.
Good work, man. I tried it out; two things: please check the timestamp, it's always the same for me (all log entries start with "<li>05:01, 3 January 2007", when I used your patched version for the first time). Also, localize the "Go" button (you can use MediaWiki:Go for that).
(In reply to comment #18) > Good work, man. I tried it out; two things: please check the timestamp, it's always the same for me (all log entries start with "<li>05:01, 3 January 2007", when I used your patched version for the first time). Also, localize the "Go" button (you > can use MediaWiki:Go for that). I used it for the first at 04.59 :-). But the bug in this line: $date=date("H:m, j F Y",$timestamp); that should be $date=date("H:i, j F Y",$timestamp);
Created attachment 3008 [details] Summary patch - fix date bug, make radio buttons larger
Okay here's some proxy headers: X-Forwarded-For: 123.123.123.123 Client-ip: 123.123.123.123 Via: 1.0 cache4.jed X-BlueCoat-Via: 233643FA53757673
Sometimes proxies also have X-Forwarded-Host: X-Forwarded-Server:
Created attachment 3044 [details] Summary patch - update -Secure form some more -Use XML class stuff to compile some of the form -Use "bool" to make SQL column type more clear -Add a class to radio buttons rather than use style, they can be enlarged locally
Created attachment 3099 [details] Alternate patch - seperate checkuser table This patch adds: -A streamlined recent changes table for checkuser with its own cut off date. It also stores the IP as an integer, xff, and user agent data. -An rc_archived column that is used for exclusion in watchlists/RC ect. Entries from new edits that where deleted/restored can actually come back now as article.php and undelete.php just use this flag rather than deleting entries. -And rc_deleted column for revisiondelete, changelist.php will need some rewriting later to use it. Revisiondelete needs rc_deleted for proper hiding of data. -Improved UI and handling of bad input Todo maybe: -All page links from checkuser results are blue linked, even for deleted pages. Either two delete/restore hooks need to be added or a parameter for changeslists that allows use of either LinkObj or KnownLinkObj depending on some argument if this is to be done.
Created attachment 3100 [details] Separate table Removed some unneeded columns.
I'll need to add "0 as rc_patrolled" to stop all those damn red ! marks from showing on sites with patrolling.
Created attachment 3111 [details] Separate table patch -Remove last use of wfMsg() -Checkuser uses its own recentchange line parser, which allows for IP data to show and deleted pages to be redlinked.
Created attachment 3112 [details] Separate table patch Add date headers
Created attachment 3113 [details] Separate table patch Fix tiny newpageletter bug.
Created attachment 3114 [details] Separate table patch Add cuc_user index
Created attachment 3118 [details] Separate table patch Initialize $s.
Created attachment 3149 [details] Separate table summary patch -Improve indexes -Padd form a bit -Add some xff searching
Created attachment 3153 [details] Separate table summary patch Made UI more clear, cleaned up some things.
Created attachment 3167 [details] Separate table summary patch Fix some things per brion. Clean up some tiny form issues.
Created attachment 3178 [details] Separate table summary patch Fix exeption handling with a possible null var.
Created attachment 3193 [details] Separate table summary patch -Remove rc_archived, not needed anymore. -Removed rc_deleted stuff, that can go in some other patch elsewhere
Created attachment 3217 [details] For convenience, diff against current trunk (ProxyTools changes already applied, and one line change elsewhere)
Created attachment 3218 [details] Couple tweaks for notices and whitespace Would recommend making the log link more consistently visible. Possibly hide the IP list when doing user lookups on a single IP rather than a range. Otherwise looking pretty nice; the UI's much more polished than before. While I don't like duplicating a lot of fields, it does let the aging policy be separate for RC and CU data so that's probably necessary.
Created attachment 3219 [details] Have log always show
Created attachment 3222 [details] Re-add some messages that were lost
Created attachment 3342 [details] Update, use IPv6 functions
Created attachment 3344 [details] Use hex instead
Done in r21016
