George Herbert wrote:
We have a pattern abuser showing up on English
page after page full of 1-pixel versions of random images from
throughout the site. This appears to be a slow ramp-up to a larger
denial of service attack on the image servers for en.wp.
The pattern is easy to spot, once they do it, but "easy" in this case
is normal reaction time of admins / alert users, most of whom haven't
seen the pattern up close to know what's going on.
Is there anything that can or should be done ahead of time, at the
site operations level or developer level, to try and keep the presumed
end-case massive DOS attack on the systems from succeeding?
They're telegraphing their actions out pretty obviously, practicing
for what I strongly suspect is coming. But I don't know that we can,
with in-wiki tools, find them / block them out effectively enough...
It could be added to $wgSpamRegex to prevent saving pages with more than
5 or ten 1px image, but then it'd go with 2 or 3 px.
I recommend to add it instead to the antivandalism bots, so it'll take
more time to realise how he's being caught so fast.
I wouldn't care so much about DoS. The resizing is not different than if
he didn't use 1px images and they're small to download. The problem of
being so much and querying many images isn't really bad either. Browsers
doesn't fetch too many images at once (2-4) and we have all kind of
But hey!, Maybe i'm too optimistic and should start worrying of every
little hax0r ;-)