Last modified: 2006-10-21 14:05:25 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T7370, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 5370 - Throttle password reminder requests


Summary:	Throttle password reminder requests

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	User login and signup (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Normal enhancement with 2 votes (vote)
Target Milestone:	---
Assigned To:	Rob Church

URL:	http://nl.wikipedia.org/w/index.php?t...
Whiteboard:
Keywords:

Duplicates:	4227 5799 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2006-03-27 08:19 UTC by Effeietsanders
Modified:	2006-10-21 14:05 UTC (History)
CC List:	4 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Effeietsanders 2006-03-27 08:19:16 UTC

Today I got spammed. Over 30 new passwords... :S Some funny guy requested a new
password for me over 30 times, and over 30 times i received an email. This is
not really something fun, and is a way to get people a hard life. 
Is it possible to limit the request for a new password to once per hour for
every user? Please, make that possible, because this is not the first time,
however this is the first time it is in this amount. 
Thanks a lot, you prevent a very nasty kind of spamattack with this. 

Effeietsanders

Comment 1 Rob Church 2006-05-12 18:26:13 UTC

*** Bug 5799 has been marked as a duplicate of this bug. ***

Comment 2 Rob Church 2006-05-13 17:32:55 UTC

Fixed in SVN trunk, r14200. Requests can now be throttled with the rate limiter.

Comment 3 Rob Church 2006-05-16 03:04:59 UTC

*** Bug 4227 has been marked as a duplicate of this bug. ***

Comment 4 bdk 2006-10-21 06:40:33 UTC

see bug 7078 for the request to enable it on Wikimedia's wikis

Comment 5 AnyFile 2006-10-21 14:01:48 UTC

A way to solve the use of this function to generate spam toward unknown address
would be to ask the user to supply his/her e-mail address and only if the given
e-mail address is the same of the one in the user configuration the password is
sent.

This system would however open a new problem: how to manage users that have lost
their password and do not remember what e-mail address have used? (a possible
way to solve this new problem would be to allow some very trusted user -like the
one with checkuser privilege- to be able to generate the password sending
without specifing the address)

Comment 6 Effeietsanders 2006-10-21 14:05:25 UTC

note: this is not about *disabling* the possibility, but about limiting it. Like
once per day. Don't tell me you forget your password more then once a day ;-)

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links