Topic on Extension talk:AbuseFilter

Hello.

I do technical job for a wiki which undergoes a DoS attack of special kind. Namely, the offender posts huge (more than 2 MiB) edits which are rejected by filters, but the extension stores texts in the text table. It results in huge quantities of garbage in the database. I looked at the configuration variables, but found nothing about limiting size (or truncation) of records.

I deem unlikely that modern versions could permit for such brute attack to proceed. May the loophole be closed by developers at some time since 2012? Unfortunately all wiki software on that site is very old.

If your MediaWiki version is from before 2012, you probably have a lot of more problems than this particular attack. I'm not aware of any fix, though, like removing the ability to ckeck past actions.

On the server side, however, you can limit PHP max_post_size or similar, and also the client_max_body_size in nginx. Note that this would also limit file uploads at that size.