Page MenuHomePhabricator

accounts blocked without account creation blocked can override the account creation throttle
Closed, DeclinedPublic

Description

Author: chrisgrantmail

Description:
If an account is blocked with 'block account creation' disabled that account can then (assuming the autoblock has expired) create as many accounts as they like, bypassing the 6 accounts per IP throttle.


Version: unspecified
Severity: normal
URL: http://en.wikipedia.org/w/index.php?title=Special:Log&user=The_universe%2C_she_is_a_bitch.

Details

Reference
bz17126

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 10:25 PM
bzimport set Reference to bz17126.
bzimport added a subscriber: Unknown Object (MLST).

chrisgrantmail wrote:

*** Bug 18150 has been marked as a duplicate of this bug. ***

Pulling this to security because...really uncomfortable with this being out in the open. I know it's old but probably good to get it on our radar and/or check to see if it still exists.

CC: Chris, Dan, Philippe

chrisgrantmail wrote:

I've just tested this on enwiki (https://en.wikipedia.org/wiki/Special:Log/Chris_G's_Test_Account), and it no longer seems to be possible.

Considering the age of this bug, I think it is safe to close.

(In reply to Chris from comment #3)

I've just tested this on enwiki
(https://en.wikipedia.org/wiki/Special:Log/Chris_G's_Test_Account), and it
no longer seems to be possible.

Considering the age of this bug, I think it is safe to close.

best option imaginable :) closing and moving back out