![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Add rate limiting to community creation to prevent namesquatting.
[commit: http://hg.dwscoalition.org/dw-free/rev/40002de12c46]
Add rate limiting to community creation to prevent namesquatting.
Patch by![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
mark.
Files modified:
Add rate limiting to community creation to prevent namesquatting.
Patch by
mark.Files modified:
- bin/upgrading/base-data.sql
- etc/config.pl
- htdocs/community/create.bml
- htdocs/community/create.bml.text
--------------------------------------------------------------------------------
diff -r 61f0008d314b -r 40002de12c46 bin/upgrading/base-data.sql
--- a/bin/upgrading/base-data.sql Sun May 03 04:00:56 2009 +0000
+++ b/bin/upgrading/base-data.sql Sun May 03 17:24:19 2009 +0000
@@ -570,6 +570,8 @@ UPDATE priv_list SET des='Allows a user
UPDATE priv_list SET des='Allows a user to edit site text in a given language. arg=Unique language code, optionally appended by |domainid.domaincode',is_public='1',privname='Translate/Update Text',scope='general' WHERE privcode='translate';
INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when a user adds someone to their Friends list', 'addfriend');
UPDATE ratelist SET des='Logged when a user adds someone to their Friends list' WHERE name='addfriend';
+INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when a user creates a community.', 'commcreate');
+UPDATE ratelist SET des='Logged when a user creates a community.' WHERE name='commcreate';
INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when wrong username/password is used.', 'failed_login');
UPDATE ratelist SET des='Logged when wrong username/password is used.' WHERE name='failed_login';
INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when a user sends a free VGift', 'freevgifts');
diff -r 61f0008d314b -r 40002de12c46 etc/config.pl
--- a/etc/config.pl Sun May 03 04:00:56 2009 +0000
+++ b/etc/config.pl Sun May 03 17:24:19 2009 +0000
@@ -332,6 +332,8 @@
'rateallowed-lostinfo' => 3,
'rateperiod-failed_login' => 60*5, # 5 minutes
'rateallowed-failed_login' => 3,
+ 'rateperiod-commcreate' => 86400*7, # 7 days / 1 week
+ 'rateallowed-commcreate' => 3,
'staff_headicon' => 0,
thread_expander => 0,
'xpost_accounts' => 0,
diff -r 61f0008d314b -r 40002de12c46 htdocs/community/create.bml
--- a/htdocs/community/create.bml Sun May 03 04:00:56 2009 +0000
+++ b/htdocs/community/create.bml Sun May 03 17:24:19 2009 +0000
@@ -44,6 +44,10 @@ SUBMIT:
return "<b>$ML{'Error'}</b>: $ML{'.error.postrequired'}" unless LJ::did_post();
# Note: If a captcha check is added, then form auth would be redundant
return "<b>$ML{'Error'}</b>: $ML{'error.invalidform'}" unless LJ::check_form_auth();
+
+ # rate limit
+ return "<b>$ML{'Error'}</b>: $ML{'.error.ratelimited'}"
+ unless $remote->rate_log( 'commcreate', 1 );
my $user = LJ::canonical_username($POST{user});
my $title = $POST{title} || $user;
diff -r 61f0008d314b -r 40002de12c46 htdocs/community/create.bml.text
--- a/htdocs/community/create.bml.text Sun May 03 04:00:56 2009 +0000
+++ b/htdocs/community/create.bml.text Sun May 03 17:24:19 2009 +0000
@@ -12,6 +12,8 @@
.error.notvalidated2=You must <a [[aopts]]>validate your email address</a> in order to create a community.
.error.postrequired=POST required.
+
+.error.ratelimited=You have exceeded the maximum number of communities you can create in a week. Please try again later.
.error.username.inuse=Account name already in use; please select a different one.
--------------------------------------------------------------------------------