I've whipped up a fairly basic rate limiter which can be used to provide a brake to mass-floods of edits or page moves.
It's experimental and probably still needs some work. Since it's relatively self-contained and I think some people would like to have it yesterday ;) I've gone ahead and checked it into the REL1_4 branch as well as HEAD.
This is not a comprehensive antispam or antivandalism solution; it's part of a soft security system to keep things from getting too far out of human control: for instance you can specify that a new user account can only perform up to 2 pages in 90 seconds (or 1 page in 3600 seconds ;) so a malicious script would not be able to as easily flood things at a rate of say one move per second.
Currently it requires using memcached, though that's not really necessary and will be fixed soon.
Over the next few days I'll also be working on improvements to the open proxy blacklist checking and the shared spam URL blacklist system.
-- brion vibber (brion @ pobox.com)