Closed Bug 1182909 Opened 10 years ago Closed 10 years ago

Prevent new accounts from CCing large numbers of users

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kmag, Assigned: glob)

References

Details

Attachments

(1 file, 1 obsolete file)

1182909_2.patch
2.94 KB, patch
dylan
: review+
Details | Diff | Splinter Review
A disgruntled former user has been creating abusive bugs and CCing every account with a Mozilla email address. It would be nice to be able to specifically target these bugs, but I can't think of a good reason for a new account to be able to CC over 1,000 users. Limiting them to adding, say, 5 CCs to a given bug should hopefully curb the problem.
See Also: → 1182900, 1182887, 1182812
5 CCs + timeout for user.
(When bugs are cloned, usually more than 5 people are cc'ed)
(In reply to Paul Rouget [:paul] from comment #2) > (When bugs are cloned, usually more than 5 people are cc'ed) Fair point, but it usually takes people at least a few months to learn about cloning bugs.
blocking on 5 CCs is fine, but this limit should only apply to accounts created within the last 24 hours (ie. use a different metric for "new" than the "new to bugzilla" tag). dropping priority because this is appears to be a single occurrence (across 3 bugs) and i've dealt with individual by preventing them from creating any new accounts.
Severity: major → normal
Assignee: nobody → glob
See Also: → 1183098
See Also: → 1183096
Attached patch 1182909_1.patch (obsolete) — Splinter Review
- adds antispam_cc_limit_age (default:2) and antispam_cc_limit_count (default:5) parameters - ignores cc requests from new accounts that exceed the limit
Attachment #8632860 - Flags: review?(dylan)
Comment on attachment 8632860 [details] [diff] [review] 1182909_1.patch Review of attachment 8632860 [details] [diff] [review]: ----------------------------------------------------------------- r- found a bug ::: extensions/AntiSpam/Extension.pm @@ +143,5 @@ > + my ($self, $params, $cc_field) = @_; > + return unless exists $params->{$cc_field}; > + > + my $user = Bugzilla->user; > + my $cc_count = scalar(@{ $params->{$cc_field} }); Can't use string ("dylan@mozilla.com") as an ARRAY ref while "strict refs" in use at ./extensions/AntiSpam/Extension.pm line 147. perhaps $cc_count = ref $params->{$cc_field} ? 0 + @{ $params->{$cc_field} } : 1
Attachment #8632860 - Flags: review?(dylan) → review-
Attached patch 1182909_2.patchSplinter Review
Attachment #8632860 - Attachment is obsolete: true
Attachment #8632918 - Flags: review?(dylan)
Comment on attachment 8632918 [details] [diff] [review] 1182909_2.patch r=dylan
Attachment #8632918 - Flags: review?(dylan) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 43740a1..da4255a master -> master
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Can be this done also to needinfo and other places? See e.g. in this bug #1160000 which was affected.
Flags: needinfo?(glob)
(In reply to Virtual_ManPL [:Virtual] from comment #10) > Can be this done also to needinfo and other places? > See e.g. in this bug #1160000 which was affected. yes -- last night i was putting out that particular fire. i plan on extending this to flags and other multi-user fields today.
Flags: needinfo?(glob)
See Also: → 1183975
Component: Extensions: AntiSpam → Extensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: