Author: mapellegrini
Description:
IP addresses and ranges that have been account-creation blocked should not allow logged-in users to register new accounts. I've determined that a recent group of sockpuppet accounts I blocked (using checkuser) were registered from a range I had account-creation blocked. Apparently, the vandal had one sockpuppet account already (let's call it A), and used that account to register others - A registers for B, B registers for C, C registers for D, etc. All registrations were done using IP addressesI had already blocked.
Version: unspecified
Severity: major