Closed Bug 1182909 Opened 9 years ago Closed 9 years ago

Prevent new accounts from CCing large numbers of users

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kmag, Assigned: glob)

References

Details

Attachments

(1 file, 1 obsolete file)

1182909_2.patch
2.94 KB, patch
dylan
: review+
Details | Diff | Splinter Review 
A disgruntled former user has been creating abusive bugs and CCing every account with a Mozilla email address.

It would be nice to be able to specifically target these bugs, but I can't think of a good reason for a new account to be able to CC over 1,000 users. Limiting them to adding, say, 5 CCs to a given bug should hopefully curb the problem.
See Also: → 1182900, 1182887, 1182812
5 CCs + timeout for user.
(When bugs are cloned, usually more than 5 people are cc'ed)
(In reply to Paul Rouget [:paul] from comment #2)
> (When bugs are cloned, usually more than 5 people are cc'ed)

Fair point, but it usually takes people at least a few months to learn about cloning bugs.
blocking on 5 CCs is fine, but this limit should only apply to accounts created within the last 24 hours (ie. use a different metric for "new" than the "new to bugzilla" tag).

dropping priority because this is appears to be a single occurrence (across 3 bugs) and i've dealt with individual by preventing them from creating any new accounts.
Severity: major → normal
Assignee: nobody → glob
See Also: → 1183098
See Also: → 1183096
Attached patch 1182909_1.patch (obsolete) — Splinter Review 
- adds antispam_cc_limit_age (default:2) and antispam_cc_limit_count (default:5) parameters
- ignores cc requests from new accounts that exceed the limit
Attachment #8632860 - Flags: review?(dylan)
Comment on attachment 8632860 [details] [diff] [review]
1182909_1.patch

Review of attachment 8632860 [details] [diff] [review]:
-----------------------------------------------------------------

r- found a bug

::: extensions/AntiSpam/Extension.pm
@@ +143,5 @@
> +    my ($self, $params, $cc_field) = @_;
> +    return unless exists $params->{$cc_field};
> +
> +    my $user = Bugzilla->user;
> +    my $cc_count = scalar(@{ $params->{$cc_field} });

Can't use string ("dylan@mozilla.com") as an ARRAY ref while "strict refs" in use at ./extensions/AntiSpam/Extension.pm line 147.

perhaps $cc_count = ref $params->{$cc_field} ? 0 + @{ $params->{$cc_field} } : 1
Attachment #8632860 - Flags: review?(dylan) → review-
Attached patch 1182909_2.patchSplinter Review 

        Attachment #8632860 -
        Attachment is obsolete: true

        Attachment #8632918 -
        Flags: review?(dylan)

    
    

    
  
Comment on attachment 8632918 [details] [diff] [review]
1182909_2.patch

r=dylan

        Attachment #8632918 -
        Flags: review?(dylan) → review+

    
    

    
  
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   43740a1..da4255a  master -> master
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED

    
    

    
  
Can be this done also to needinfo and other places?
See e.g. in this bug #1160000 which was affected.
Flags: needinfo?(glob)

    
    

    
  
(In reply to Virtual_ManPL [:Virtual] from comment #10)
> Can be this done also to needinfo and other places?
> See e.g. in this bug #1160000 which was affected.

yes -- last night i was putting out that particular fire.  i plan on extending this to flags and other multi-user fields today.
Flags: needinfo?(glob)

    
  
See Also:  → 1183975
Component: Extensions: AntiSpam → Extensions

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: