I've whipped up a fairly basic rate limiter which can be used to provide
a brake to mass-floods of edits or page moves.
It's experimental and probably still needs some work. Since it's
relatively self-contained and I think some people would like to have it
yesterday ;) I've gone ahead and checked it into the REL1_4 branch as
well as HEAD.
This is not a comprehensive antispam or antivandalism solution; it's
part of a soft security system to keep things from getting too far out
of human control: for instance you can specify that a new user account
can only perform up to 2 pages in 90 seconds (or 1 page in 3600 seconds
;) so a malicious script would not be able to as easily flood things at
a rate of say one move per second.
Currently it requires using memcached, though that's not really
necessary and will be fixed soon.
Over the next few days I'll also be working on improvements to the open
proxy blacklist checking and the shared spam URL blacklist system.
-- brion vibber (brion @
pobox.com)