Jump to content

Increasing account creation threshold

From Wikitech

There are cases when the Wikimedia Foundation or others will host events that have a tendency of creating a large amount of new account requests during a short window of time from a single IP or a few IPs. The IP can be effectively excluded from rate limiting. This will also raise edit rate limits to the value used for autoconfirmed users (by default 90 edits/minute) instead of the limit for non-autoconfirmed users (8 edits/minute for all newbies coming from the same IP address).

throttle.php

This can easily be done if you add an $wmgThrottlingExceptions array in throttle.php 

$wmgThrottlingExceptions[] = [ // T185930
	'from' => '2018-03-10T11:00:00 -5:00',
	'to' => '2018-03-10T16:00:00 -5:00',
	'range' => '38.125.10.42',
	'dbname' => [ 'enwiki' ],
	'value' => 30 // 20 expected
];

The 'IP', 'range' and 'dbname' values can all be single strings or arrays. The 'IP'/'range' is optional, but highly recommended.

After this a backport deployer must sync the throttle with 

sync-file wmf-config/throttle.php

After this, if the event is in less than 72 hours, you should delete the memcached key with: 

mwscript-k8s --comment='T00000' --follow -- resetAuthenticationThrottle.php --wiki=aawiki --signup --ip=1.2.3.4

(It does not matter which wiki you use, the throttle is shared.)

The processing logic for throttle.php is in throttle-analyze.php.

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Increasing_account_creation_threshold&oldid=2363368"