With any POST request to edit profiles, I can end up creating groups. This might seem sane at first, but I can, using some script, send several requests each causing the creation of a large number of groups. From what I can tell, this definitely hogs up CPU on the server as it takes on the order of minutes to create ~10000 groups. See: https://mozillians.org/en-US/u/6d7abdc827 and making groups?page=xxx meaningless https://mozillians.org/en-US/groups?page=530
I would disagree that this was a higher priority if we only allowed Vouched Mozillians to add groups, but we allow non-vouched users (possible spammers) to do so too. We should look into limiting the number of groups users can create if they're non-vouched.
Severity: major → normal
Priority: -- → P2
Target Milestone: --- → 1.3
Component: mozillians.org → Phonebook
Product: Websites → Community Tools
QA Contact: mozillians-org → phonebook
Target Milestone: 1.3 → ---
Version: unspecified → other
Let's do this: * Restrict group creation to vouched users * Attach a creator to the group (if it's not already there) This will probably prevent the spam issue contemplated, and give us a way to clean up and ban if the issue ever surfaces.
Priority: P2 → P3
The suggestions in comment 2 have now been implemented. Creating groups is done explicitly, and elegantly through a new form. Each new group is associated with a curator, who is the creator. Marking as resolved, thanks to the excellent work in bug 936569.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
QA Verified on stage and prod.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.