Last modified: 2010-05-15 15:38:52 UTC
If you enter any users name @ Special:Userlogin and endlessly click on the "Mail
me a new password" button you can generate a large amount of traffic to anyones
email. Automated versions creating DOS attacks against email services effectivly
using a wikisite as a 3rd party service.
Is this still an issue in a release version of MediaWiki? What of CVS HEAD?
Also saw this in version 1.5.3
'Add a throttle to the "mail new password" feature to counter mass-email spam'
Er, the old summary actually listed what the request was. This is a more
Noticed this was moved to Severity enhancement? fixing using a mediawiki server
as a mail bomb platform is an enhancemet?
(In reply to comment #5)
Is unthrottled sending regarded as a bug in SMTP servers and other mail services?
Also debatable is whether this counts as a DOS lever/accelerator when it would
cost more bytes than it generates.
But the request still gets my vote as it would remove another potential source
of nuisance and bad PR.
*** This bug has been marked as a duplicate of 5370 ***