Author: merlvingian
Description:
If you enter any users name @ Special:Userlogin and endlessly click on the "Mail
me a new password" button you can generate a large amount of traffic to anyones
email. Automated versions creating DOS attacks against email services effectivly
using a wikisite as a 3rd party service.
Version: 1.5.x
Severity: normal
robchur wrote:
Is this still an issue in a release version of MediaWiki? What of CVS HEAD?
Old subject:
'Add a throttle to the "mail new password" feature to counter mass-email spam'
robchur wrote:
Er, the old summary actually listed what the request was. This is a more
unhelpful summary.
merlvingian wrote:
Noticed this was moved to Severity enhancement? fixing using a mediawiki server
as a mail bomb platform is an enhancemet?
zigger wrote:
(In reply to comment #5)
Is unthrottled sending regarded as a bug in SMTP servers and other mail services?
Also debatable is whether this counts as a DOS lever/accelerator when it would
cost more bytes than it generates.
But the request still gets my vote as it would remove another potential source
of nuisance and bad PR.