Evan Prodromou wrote:
http://meta.wikipedia.org/wiki/Edit_throttlingIt's not too effective against distributed attacks, though, since it only throttles a given user or IP address.
*nod*
Did you see my idea of a table like this?
user page throttle expiration jwales DNA 2 (timestamps go here) * Israel 3 jwales Turkey 0 plautus * 0 wik * 3
The idea is that for user/page combos, which could possibly include wildcards (or even regexp's, although simplicity is a virtue and the power of regexps might be overkill), there could be a throttle which would be the number of edits per whatever unit of time or similar.
What interests me about this way of looking at it is that it is a generalization of what we already do, i.e. site bans and page protection are both just special cases.
plautus * 0 says he can't edit anything. * Ham 0 says that [[Ham]] is protected.
---
For a distributed spambot attack, I don't know if this is helpful. I just wanted lots of people to see it and tell me what's wrong with it.
Perhaps a spambot attack could be taken care of with a "special case" ad hoc technique, for example "if the body of the article contains this string (spammers url) on a save of an edit, then we enter this ip number into the throttle table like this:
129.79.1.1 * 1
with an expiration of say 24 hours.
--Jimbo