Per T29172#295926 / T29172#295931, the limit $wgAccountCreationThrottle can be easily circumvented because of SUL.
Version: unspecified
Severity: normal
See Also:
T34234: Add a throttle to limit the rate at which non-autoconfirmed users can create additional accounts (bug 32234)
@He7d3r, are you seeing this abused? We could add a hook in SpecialUserlogin so CentralAuth could update the memcache key to make it global, although that seems a little extreme.
You could also make a global abuse filter rule to block accountcreate actions after a throttle is reached. That will at least limit the number of wikis that can be abused.
I don't have data to confirm there is abuse (is there a way to know that?), but the uses as a workaround, described on T29172#295926, just exemplifies a procedure that can easily be used for that too.
[17:55:37] <Nemo_bis> https://meta.wikimedia.org/wiki/Mass_account_creation is silly
[17:55:59] <Nemo_bis> The last time, I just told the first row of people to register on Wikipedia, the second in Wikiquote, and so on.
[17:56:13] <Nemo_bis> Up to 4800 attendees, no issue. :D
So, assuming this fix will remove the workaround people were using for events with many account creations from a single IP, what is the recommended procedure nowadays for such cases?
File a request a couple days (preferably 1 week) prior to the event askung for the throttle to be lifted (include ip of event and roughly how many people are at event)
Also, i dont think rate limits apply to admins, so one admin could create accounts for other people, if there is an admin in attendence.