[Bug 50886] New: "action=history&feed=" is an easy target for DOS attack

bugzilla-daemon Sun, 07 Jul 2013 05:44:14 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=50886


       Web browser: ---
            Bug ID: 50886
           Summary: "action=history&feed=" is an easy target for DOS
                    attack
           Product: MediaWiki
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: General/Unknown
          Assignee: [email protected]
          Reporter: [email protected]
    Classification: Unclassified
   Mobile Platform: ---

Hi,

requesting URLs like
http://en.wikipedia.org/w/index.php?title=Cat&action=history&feed=rss is an
easy way of DOS-attacking a small MediaWiki website. These requests are quite
heavy (diff generation for N revisions, with fetching all those revisions from
DB?), have no captcha (because RSS readers don't support that), and since
legitimate users almost never use them, they result in a cache miss.

Please make a configuration option to disable this "feature". $wgFeed is not
good enough: RSS is quite useful for Recentchanges/Newpages, we don't want to
disable those.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 50886] New: "action=history&feed=" is an easy target for DOS attack

Reply via email to