Apply temporary account creation limits to /64 range for IPv6
Closed, ResolvedPublic
Actions

Description

Motivation

Switching between IPs within the same IPv6 range happens frequently. We want to minimize the ability for vandals to abuse temporary accounts by expanding the rate limits to the entire range.

Acceptance criteria

The account creation rate limit for temp accounts (currently 6/day) should apply to the entire IPv6 /64 range
No change for IPv4 IPs

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Apply temporary account creation limit to /64 range for IPv6 IPs	mediawiki/core	wmf/1.45.0-wmf.22	+64 -3
	Apply temporary account creation limit to /64 range for IPv6 IPs	mediawiki/core	master	+64 -1

Customize query in gerrit

Related Objects

Mentioned In: T357802: Design & Copy: Prompt user to create a regular account after temp account creation rate limit trip
Mentioned Here: T357802: Design & Copy: Prompt user to create a regular account after temp account creation rate limit trip
T26294: Should block IPv6 addresses at /64 instead of /128
T377771: Consider using the /64 range for IPv6 autoblocks

Event Timeline

Niharika created this task.Oct 8 2025, 10:21 AM

Niharika triaged this task as Medium priority.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 8 2025, 10:21 AM

See: T377771#10993214 and T26294#8024442

I think this should be fine for temporary users. The only contexts I can think of where multiple people might share the same /64, are corporate/institutional networks, a limited number of mobile carrier networks, shared public networks like libraries and cafes, and certain proxy or tunneling services. We might want to implement some kind of banner to inform users about this possibility, but these are basically cases where (I believe) anonymous editing shouldn't really happen, since users can blend together indiscriminately, much like with open proxies.

OKryva-WMF added a project: Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)).Oct 8 2025, 2:19 PM

OKryva-WMF moved this task from Priority backlog to Ready on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.

sgrabarczuk subscribed.Oct 8 2025, 6:14 PM

STran claimed this task.Oct 9 2025, 11:18 AM

STran moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.

STran moved this task from To triage to In progress on the Temporary accounts (Global wiki rollout) board.

Change #1194948 had a related patch set uploaded (by STran; author: STran):

[mediawiki/core@master] Apply temporary account creation limit to /64 range for IPv6 IPs

https://gerrit.wikimedia.org/r/1194948

gerritbot added a project: Patch-For-Review.Oct 9 2025, 1:56 PM

STran moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.Oct 9 2025, 3:02 PM

Izno subscribed.Oct 9 2025, 7:55 PM

In T406710#11254795, @Dragoniez wrote:

I think this should be fine for temporary users. The only contexts I can think of where multiple people might share the same /64, are corporate/institutional networks, a limited number of mobile carrier networks, shared public networks like libraries and cafes, and certain proxy or tunneling services. We might want to implement some kind of banner to inform users about this possibility, but these are basically cases where (I believe) anonymous editing shouldn't really happen, since users can blend together indiscriminately, much like with open proxies.

Thanks, @Dragoniez. To address the concern about informing users, I'd say that we focus our efforts on T357802: Design & Copy: Prompt user to create a regular account after temp account creation rate limit trip.

kostajh mentioned this in T357802: Design & Copy: Prompt user to create a regular account after temp account creation rate limit trip.Oct 10 2025, 8:44 AM

Titore subscribed.Oct 10 2025, 11:40 AM

Change #1194948 merged by jenkins-bot:

[mediawiki/core@master] Apply temporary account creation limit to /64 range for IPv6 IPs

https://gerrit.wikimedia.org/r/1194948

Maintenance_bot removed a project: Patch-For-Review.Oct 10 2025, 12:31 PM

ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.23; 2025-10-14).Oct 10 2025, 1:00 PM

Change #1195400 had a related patch set uploaded (by Kosta Harlan; author: STran):

[mediawiki/core@wmf/1.45.0-wmf.22] Apply temporary account creation limit to /64 range for IPv6 IPs

https://gerrit.wikimedia.org/r/1195400

gerritbot added a project: Patch-For-Review.Oct 12 2025, 8:47 AM

Change #1195400 merged by jenkins-bot:

[mediawiki/core@wmf/1.45.0-wmf.22] Apply temporary account creation limit to /64 range for IPv6 IPs

https://gerrit.wikimedia.org/r/1195400

ReleaseTaggerBot edited projects, added MW-1.45-notes (1.45.0-wmf.22; 2025-10-07); removed MW-1.45-notes (1.45.0-wmf.23; 2025-10-14).Oct 13 2025, 9:00 AM

Maintenance_bot removed a project: Patch-For-Review.Oct 13 2025, 9:31 AM

Johannnes89 subscribed.Oct 13 2025, 1:04 PM

kostajh moved this task from Needs review to Needs QA on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.Oct 14 2025, 11:53 AM

Count_Count subscribed.Oct 14 2025, 12:21 PM

OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)); removed Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)).Oct 17 2025, 1:47 PM

OKryva-WMF moved this task from Backlog to Needs QA on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.Oct 17 2025, 1:48 PM

New Code Changes have been implemented (Per the Acceptance Criteria), and verified.

Niharika closed this task as Resolved.Nov 12 2025, 9:38 AM

Apply temporary account creation limits to /64 range for IPv6Closed, ResolvedPublicActions