Jump to content

Increasing account creation threshold

From Wikitech

There are cases when the Wikimedia Foundation or others will host events that have a tendency of creating a large amount of new account requests during a short window of time from a single IP or a few IPs. The IP can be effectively white listed to be excluded from rate limiting. This will also raise edit rate limits to the value used for autoconfirmed users (by default 90 edits/minute) instead of the limit for non-autoconfirmed users (8 edits/minute for all newbies coming from the same IP address).


This can easily be done if you add an $wmgThrottlingExceptions array in throttle.php

$wmgThrottlingExceptions[] = [ // T185930
	'from' => '2018-03-10T11:00:00 -5:00',
	'to' => '2018-03-10T16:00:00 -5:00',
	'range' => '',
	'dbname' => [ 'enwiki' ],
	'value' => 30 // 20 expected

IP and dbname values could be scalar values or arrays.

After this a backport deployer must sync the throttle with

sync-file wmf-config/throttle.php 

After this, if the event is in less than 72 hours, you should delete the memcached key with mwscript resetAuthenticationThrottle.php --wiki=metawiki --signup --ip

The processing logic for throttle.php is in throttle-analyze.php.

If the IP is not known then you can also set $wgAccountCreationThrottle to a value higher then 0.