Increasing account creation threshold

From Wikitech
Jump to navigation Jump to search

There are cases when the Wikimedia Foundation or others will host events that have a tendency of creating a large amount of new account requests during a short window of time from a single IP or a few IPs. The IP can be effectively white listed to be excluded from rate limiting.

throttle.php

This can easily be done if you add an $wmfThrottlingExceptions array in throttle.php

$wmgThrottlingExceptions[] = [ // T185930
	'from' => '2018-03-10T11:00:00 -5:00',
	'to' => '2018-03-10T16:00:00 -5:00',
	'range' => '38.125.10.42',
	'dbname' => [ 'enwiki' ],
	'value' => 30 // 20 expected
];

IP and dbname values could be scalar values or arrays.

After this a SWAT member must sync the throttle with

sync-file wmf-config/throttle.php 

After this, if the event is in less than 72 hours, you should delete the memcache key with mwscript resetAuthenticationThrottle.php --wiki=metawiki --signup --ip 1.2.3.4

The processing logic for throttle.php is in throttle-analyze.php.

If the IP is not known then you can also set $wgAccountCreationThrottle to a value higher then 0.