Last modified: 2006-10-21 16:32:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T8427, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 6427 - Block password reset requests from blocked IP addresses
Block password reset requests from blocked IP addresses
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Low enhancement with 3 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
http://editthis.info/freak/crapflood
:
: 7639 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-24 18:32 UTC by freakofnurture
Modified: 2006-10-21 16:32 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description freakofnurture 2006-06-24 18:32:38 UTC 
A user whose IP address is blocked from editing (either directly by number or
range, or due to an autoblock from a blocked account attempting to edit) should
also be denied the ability to initiate bloody fuck obnoxious "password reset"
requests, (usually delivered in bulk to the sysop that blocked him the IP).

Anyway I have filtered incoming e-mail from wiki@wikimedia.org directly to
"Trash can". I hope nothing important originates from that address. If it does,
it should be separated accordingly.
Comment 1 Platonides 2006-06-25 18:03:49 UTC 
But if the ip is blocked, and *do* have a Wikpedia account, may want a password
reset to get his password, login and edit his user talk.
Comment 2 freakofnurture 2006-06-26 14:23:31 UTC 
If an innocent user experiences both collateral damage and amnesia at the same
time, he could move to another computer to make that request, provided he
doesn't get struck by lightning and eaten by a shark along the way.
Comment 3 Rob Church 2006-07-04 23:46:36 UTC 
Another option might be to throw up a captcha...
Comment 4 freakofnurture 2006-07-05 15:36:57 UTC 
or a throttle limit...
Comment 5 freakofnurture 2006-07-07 21:06:50 UTC 
or both...
Comment 6 Deon 2006-10-07 01:21:57 UTC 
We shoulnd't block _all_ blocked IPs from requesting pass's, but there should be someway the dev's can block certain 
IP's.
Not all IPs abuse the Password Reset.. Only some like en:69.50.208.4, also see 
http://en.wikipedia.org/wiki/WP:AN/I#Email
Comment 7 windyaso-wp 2006-10-07 04:42:51 UTC 
It's as simple as limiting password requests to five an hour or 
something...this would certainly cut down on the worst of the abuse.
Comment 8 freakofnurture 2006-10-07 07:18:04 UTC 
(In reply to comment #6)
> We shoulnd't block _all_ blocked IPs from requesting pass's, but there should be 
someway the dev's can block certain 
> IP's.
> Not all IPs abuse the Password Reset.. Only some like en:69.50.208.4, also see 
> http://en.wikipedia.org/wiki/WP:AN/I#Email

Perhaps this would be best as an extra checkbox on the [[Special:Blockip]] form, 
then. --user:freakofnurture
Comment 9 Deon 2006-10-15 22:58:35 UTC 
(In reply to comment #8)
>> We shoulnd't block _all_ blocked IPs from requesting pass's, but there should be 
someway the dev's can block certain 
>> IP's.
>> Not all IPs abuse the Password Reset.. Only some like en:69.50.208.4, also see 
>> http://en.wikipedia.org/wiki/WP:AN/I#Email

>Perhaps this would be best as an extra checkbox on the [[Special:Blockip]] form, 
>then. --user:freakofnurture


Definetly.
-D
[[User:Deon555]]
Comment 10 Jorge 2006-10-20 04:58:03 UTC 
well I lost my password for good after placing the request password email to my
autodelete spam filter after getting over 500 of those in one day, almost 1,000
for the week by en:69.50.208.4 this bug should be fixed and fast before it
happens to anyone else

jorge,

en:Jaranda
Comment 11 Karen Lofstrom 2006-10-20 10:48:05 UTC 
Same IP mailbombed me. Please fix this. -- Zora
Comment 12 Tristan Miller 2006-10-21 00:02:40 UTC 
See also Bug 7078, which proposes a throttle on password requests.  This would
be easiest to implement as the code is already there; the throttle value just
needs to be set for Wikipedia.
Comment 13 Brion Vibber 2006-10-21 16:23:32 UTC 
*** Bug 7639 has been marked as a duplicate of this bug. ***
Comment 14 Brion Vibber 2006-10-21 16:32:51 UTC 
Fixed in r17147.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links