Page MenuHomePhabricator

Globally block identifiable open proxies
Open, Needs TriagePublic

Description

Project documentation

https://meta.wikimedia.org/wiki/Community_health_initiative/Blocking_tools_and_improvements/Open_proxies


Problem to solve

Editing from open proxies is globally not allowed on Wikimedia wikis as a way to mitigate spam and vandalism. Currently there is no tool that automatically globally blocks identifiable open proxies, but User:ProcseeBot is successfully used on English Wikipedia. @Slakr manages ProcseeBot and is open to enabling the bot on Meta to set global blocks, under the condition that his code is not publicly available. We'll also want to acquire consensus from Stewards.

----

Proposed solution

  • Enable ProcseeBot on Meta to make global blocks of identifiable open proxies.

Event Timeline

TBolliger created this task.Jun 1 2017, 5:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2017, 5:58 PM
TBolliger moved this task from Backlog to Snackbox on the Anti-Harassment board.Oct 5 2017, 9:54 PM
TBolliger moved this task from Snackbox to Blocked on the Anti-Harassment board.Oct 11 2017, 5:56 PM
TBolliger renamed this task from ProcSee bot improvements to Epic ⚡️ ProcSee bot improvements.Oct 18 2017, 6:34 PM
TBolliger updated the task description. (Show Details)Nov 6 2017, 9:53 PM
TBolliger renamed this task from Epic ⚡️ Global proxy blocking bot/tool to Globally block identifiable open proxies.Dec 7 2017, 8:01 PM
TBolliger updated the task description. (Show Details)
TBolliger added a subscriber: Slakr.
Huji added a subscriber: Huji.Dec 7 2017, 8:17 PM
Rxy added a subscriber: Rxy.Dec 8 2017, 9:31 AM
Rxy added a comment.Dec 8 2017, 11:09 AM

I'm interested in this. I think that is helpful for mitigation massive attacks via Open Proxy. WMF wikis having massive attacks via Open Proxy in some times (e.g. P5117 ru.wiktionary, HEAVY PAGE: ja.wikipedia).

In Japanese Wikipedia and SWMT wikis ("#cvn-sw"@freenode), PxyBot are checking Open proxy connectability (some ports) for each posts per IP users.
If that is an Open proxy, In case of detected from Japanese Wikipedia: PxyBot have been block it automatically. In case of detected from SWMT channel : Report it as Open Proxy detection at that channel and adding black list to CVN Bots.
if not so, simply cache as 'not detected' That result is cached for few months, and cached IP are not re-scanning.
(Note: I'm now planning PxyBot migrating to CVN.)

Hi @Rxy — Thanks for finding this ticket and commenting! I wasn't aware of PxyBot — it's good to find other examples of how this problem is being solved. It seems like the big difference between PxyBot and ProcseeBot is that PxyBot is reactive (checks IPs that make edits) while ProcseeBot is proactive (routinely harvests potential proxy IPs and checks if they are proxies.) They both seem like sane approaches — do you have any thoughts about ProcseeBot's methodology?

Also, can you please clarify for me what happens on SWMT wikis? What happens when it is reported at the channel and added to the blacklist?

Rxy added a comment.Dec 17 2017, 11:47 AM

Hi @Rxy — Thanks for finding this ticket and commenting! I wasn't aware of PxyBot — it's good to find other examples of how this problem is being solved. It seems like the big difference between PxyBot and ProcseeBot is that PxyBot is reactive (checks IPs that make edits) while ProcseeBot is proactive (routinely harvests potential proxy IPs and checks if they are proxies.) They both seem like sane approaches — do you have any thoughts about ProcseeBot's methodology?

I think ProcseeBot's blocking logs can be used as an Open Proxies list functionally (e.g. An attacking to a non-WMF web sites using Open Proxies from that bot's blocking log via MediaWiki API).

I think better for implemented of anti-robot mechanism to showing that bot's blocking logs, or doesn't input the port number in that blocking.

Also, can you please clarify for me what happens on SWMT wikis? What happens when it is reported at the channel and added to the blacklist?

When user (or IP address) have been added in CVN blacklist, that user's edit are highlighted in Red text at IRC channel.

example: m:User:Rxy/T166817-CVN-Highlighted

Additionally, User of the CVNSimpleOverlay script are can be highlighted at wiki for that blacklisted user.

TBolliger added a comment.EditedDec 18 2017, 9:45 PM

Ahh, thank you. I agree that the block log could be potentially used to assemble a list of proxy IPs, but I know the value of transparency for the block log is held to a higher importance on English Wikipedia than this potential for abuse.

Huji added a subtask: Restricted Task.Dec 19 2017, 1:25 AM

I think @Zppix also has a working anti open proxy bot that appears to work. Do correct me if I'm wrong.

TBolliger moved this task from Blocked to Backlog on the Anti-Harassment board.Mar 9 2018, 2:05 PM