Editing Mediawiki/Anonymous IP Hash
From Bibliotheca Anonoma
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
By default, MediaWiki displays IP Addresses of an anonymous editor in edit history. However, the Bibliotheca Anonoma Wiki ''hashes these IP addresses'' using a salted bcrypt function, and displays the first 8 characters as an anonymous ID (e.g. <code>ID:D9erK127</code>). The IDs change daily. These are inspired by 2channel's anonymous ID hashes, as seen periodically on 4chan's /b/. | |||
By default, MediaWiki displays IP Addresses of an anonymous editor in edit history. | |||
However, | |||
These are inspired by 2channel's anonymous ID hashes, as seen periodically on 4chan's /b/. | |||
== Activating Anonymous IP Hash == | == Activating Anonymous IP Hash == | ||
Here's the gist of my anon ID hack to MediaWiki. I can't really package it as an extension or anything because it involves hacking things that | Here's the gist of my anon ID hack to MediaWiki. I can't really package it as an extension or anything because it involves hacking things that | ||
apparently aren't supposed to be hacked, but it's not hard to do. - Halcy <!-- Note that this mod makes banning | apparently aren't supposed to be hacked, but it's not hard to do. - Halcy <!-- Note that this mod makes banning edits quite hard. Maybe if there was a way to just not show the IP address to non-Admin users, and still store the IP in the database, that would be better. But on the flip side, tanasinn.info seems to be doing fine with it. --> | ||
1. Add the following to your LocalSettings.php: | 1. Add the following to your LocalSettings.php: | ||
Line 21: | Line 13: | ||
$wgDisableAnonTalk = true; | $wgDisableAnonTalk = true; | ||
function AnonUsername($IP) { | function AnonUsername($IP) { | ||
// Expiry time for hashes: dmY = new ID per day, WY = per week. | |||
$key = $IP.'PUT RANDOM TEXT HERE'.gmdate('dmY'); | |||
return 'ID:'.substr(password_hash($key, PASSWORD_DEFAULT), 'id'), 8, 8); // uses bcrypt level 10 | |||
} | } | ||
</pre> | </pre> | ||
The ID is a truncated hash, which, although it increases the risk of collisions, | The ID is a truncated hash, which, although it increases the risk of collisions, that may be a benefit rather than a liability when it comes to IPs. http://www.perlmonks.org/?node_id=111524 | ||
{{Warning| | {{Warning|Beware that hashing is [https://www.phillips321.co.uk/2012/04/04/cracking-an-md5-of-an-ip-address/ not a completely safe way to protect IPs], but if you use a good salt and bcrypt it can stop attackers for a few years.}} | ||
{{ | {{Note|Obviously you'd change the "PUT RANDOM TEXT HERE" to some random text: this functions as the salt and reduces the risk of brute force attacks. Just bang on the keyboard for a bit, or if you want to be truly random, get an RNG or just roll some dice.}} | ||
2. In <code>includes/user/User.php</code>, (Mediawiki 1.27.1: getName() Line 2109) find the line that says: | 2. In <code>includes/user/User.php</code>, (Mediawiki 1.27.1: getName() Line 2109) find the line that says: |