Tomasz Wegrzanowski wrote:
On Tue, May 24, 2005 at 03:27:18PM -0700, Brion Vibber
wrote:
Neil Harris wrote:
Timwi wrote:
You don't need JavaScript to do that.
Indeed not, but it lowers the bar to admit a rather greater number of
Skript Kiddies. See the exploit script that's currently knocking about.
It would be actually useful to work on decent rate limiters, which would
apply to all client scripts.
To whoever is going to write such a limiter: please don't apply
it to users with bot flag. Thanks. :-)
And, just to link several discussion threads together, how about a nice
hook routine, set_BOPM_candidate(), that could be called from various
places in the code to mark an IP as eligible for a BOPM scan?
Then, we could call this for all manner of
vandal-suggestive-but-not-conclusive events, such as rapid editing,
being reverted by admins, page-blanking, creating very large pages, and
so on. As we think of new heuristics, we can just put this call in.
For example, editing a user Javascript page might be one. Or creating
several accounts in rapid succession. ;-)
Keeping a whitelist of recently-scanned-and-found-OK IPs will prevent
this from being annoying for special cases such as ISPs, shared proxies
and bots.
A failed BOPM scan would then apply only a _short term_ IP block to the
open proxy: perhaps a week -- but it could do it across all languages
and projects. At the end of the week, the block would automatically
clear itself. Then the cycle can start all over again. The net effect
would be to hugely change the balance of power between open proxy using
vandals and the admins trying to clean up their messes, as the vandals'
ability to create damage would be automatically throttled by their
ability to acquire new open proxies.
-- Neil