[dw-free] Add rate limiting to community creation to prevent namesquatting.
[commit: http://hg.dwscoalition.org/dw-free/rev/40002de12c46]
Add rate limiting to community creation to prevent namesquatting.
Patch by
mark.
Files modified:
Add rate limiting to community creation to prevent namesquatting.
Patch by
![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
Files modified:
- bin/upgrading/base-data.sql
- etc/config.pl
- htdocs/community/create.bml
- htdocs/community/create.bml.text
-------------------------------------------------------------------------------- diff -r 61f0008d314b -r 40002de12c46 bin/upgrading/base-data.sql --- a/bin/upgrading/base-data.sql Sun May 03 04:00:56 2009 +0000 +++ b/bin/upgrading/base-data.sql Sun May 03 17:24:19 2009 +0000 @@ -570,6 +570,8 @@ UPDATE priv_list SET des='Allows a user UPDATE priv_list SET des='Allows a user to edit site text in a given language. arg=Unique language code, optionally appended by |domainid.domaincode',is_public='1',privname='Translate/Update Text',scope='general' WHERE privcode='translate'; INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when a user adds someone to their Friends list', 'addfriend'); UPDATE ratelist SET des='Logged when a user adds someone to their Friends list' WHERE name='addfriend'; +INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when a user creates a community.', 'commcreate'); +UPDATE ratelist SET des='Logged when a user creates a community.' WHERE name='commcreate'; INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when wrong username/password is used.', 'failed_login'); UPDATE ratelist SET des='Logged when wrong username/password is used.' WHERE name='failed_login'; INSERT IGNORE INTO ratelist (des, name) VALUES ('Logged when a user sends a free VGift', 'freevgifts'); diff -r 61f0008d314b -r 40002de12c46 etc/config.pl --- a/etc/config.pl Sun May 03 04:00:56 2009 +0000 +++ b/etc/config.pl Sun May 03 17:24:19 2009 +0000 @@ -332,6 +332,8 @@ 'rateallowed-lostinfo' => 3, 'rateperiod-failed_login' => 60*5, # 5 minutes 'rateallowed-failed_login' => 3, + 'rateperiod-commcreate' => 86400*7, # 7 days / 1 week + 'rateallowed-commcreate' => 3, 'staff_headicon' => 0, thread_expander => 0, 'xpost_accounts' => 0, diff -r 61f0008d314b -r 40002de12c46 htdocs/community/create.bml --- a/htdocs/community/create.bml Sun May 03 04:00:56 2009 +0000 +++ b/htdocs/community/create.bml Sun May 03 17:24:19 2009 +0000 @@ -44,6 +44,10 @@ SUBMIT: return "<b>$ML{'Error'}</b>: $ML{'.error.postrequired'}" unless LJ::did_post(); # Note: If a captcha check is added, then form auth would be redundant return "<b>$ML{'Error'}</b>: $ML{'error.invalidform'}" unless LJ::check_form_auth(); + + # rate limit + return "<b>$ML{'Error'}</b>: $ML{'.error.ratelimited'}" + unless $remote->rate_log( 'commcreate', 1 ); my $user = LJ::canonical_username($POST{user}); my $title = $POST{title} || $user; diff -r 61f0008d314b -r 40002de12c46 htdocs/community/create.bml.text --- a/htdocs/community/create.bml.text Sun May 03 04:00:56 2009 +0000 +++ b/htdocs/community/create.bml.text Sun May 03 17:24:19 2009 +0000 @@ -12,6 +12,8 @@ .error.notvalidated2=You must <a [[aopts]]>validate your email address</a> in order to create a community. .error.postrequired=POST required. + +.error.ratelimited=You have exceeded the maximum number of communities you can create in a week. Please try again later. .error.username.inuse=Account name already in use; please select a different one. --------------------------------------------------------------------------------