Closed Bug 866156 Opened 13 years ago Closed 13 years ago

Add rate limiting to number of accounts created per day

Categories

(support.mozilla.org :: Knowledge Base Software, task, P4)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
2013Q2

People

(Reporter: atopal, Unassigned)

References

Details

(Whiteboard: u=sumo-team c=general p=)

Please limit the number of accounts you can create per day to 1, excluding staff.
Blocks: 783262
Can you be more specific? Is this about limiting the number of times you can register from a specific IP address? How does staff come into play? Also, we are already protecting accounts by requiring email validation. I might be just totally confusing what this is about though.
Flags: needinfo?(a.topal)
Moving to backlog until details
Whiteboard: u=sumo-team c=general p= s=2013.9 → u=sumo-team c=general p= s=2013.backlog
Ricky, yeah, this is about limiting that by IP too. Staff is excluded because we sometimes have to try things on production. This is actually rather low priority. But let me know if you see a big issue with limiting by IP.
Flags: needinfo?(a.topal)
(In reply to Kadir Topal [:atopal] from comment #3) > Ricky, yeah, this is about limiting that by IP too. Staff is excluded > because we sometimes have to try things on production. This is actually > rather low priority. But let me know if you see a big issue with limiting by > IP. How can we limit this to staff? You need to be logged out to register.
Also, I am worried that limiting to 1 by IP will affect people at mozcamps for example where everybody is sharing an IP address.
My vote is to WONTFIX this. The ratelimiting is already in place. You have to go to your inbox and activate your account to use it. That should slow things down enough without affecting valid reasons to register.
I agree we should WONTFIX this. I think that limiting registrations is going to be a minefield of problems for legitimate users, and not very useful in blocking spam. I think we should not do this unless there is clear evidence that we are getting spam due to users registering too many accounts. Yes, spammers could automate checking their email, but if they are that sophisticated, they can use multiple ip addresses as well. I think this will only server to harm legitimate users.
Yeah, in retrospect this was a pretty dumb idea.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Cleaning out the backlog.
Whiteboard: u=sumo-team c=general p= s=2013.backlog → u=sumo-team c=general p=
You need to log in before you can comment on or make changes to this bug.