The idea of a maximum number of edits per account and day - that could
be increased on a case-by-case basis in the case of properly discussed
imports - has been floated and could, together with even stricter limits
for newer accounts, help reduce this threat.
I’m not sure that this really scares off bad actors.
Here
someone used over 15’000 different IP addresses from quite a number of
IP different address blocks from various countries and specifically used
crafted Overpass requests to make the system unavailable for everyone else.
I’m confident that this has been the third or forth round of attacks
after two or three earlier rounds have been contained by Overpass’ quota
system.
There are definitely both aggressive and sophisticated actors out there
that might be able to command a huge number of user accounts. However,
trying to predict attack patterns is Movie Plot
Security,
not actual security.
Don’t forget that there might be attacks to disrupt more the community
than the data.
I’d rather focus on tools that give insight into the state of our own
data and the community. Such tools help to reassert ourselves that our
data and community is still in good shape. There is a lot of things that
can be improved there.
Nonetheless, it always makes sense to prepare lines of defense than can
be turned on when other options are dire. Restricting edit activity per
day and account clearly falls into that category.