Page MenuHomePhabricator
Create Task
Maniphest T354832

Create a special throttling class for "rogue proxies" IPs
Open, Needs TriagePublic
Actions

Description

With the cheap availability of "residential proxies", which are mostly people's homes computers who are either compromised and part of a botnet, or where people installed adware which runs a proxy, our traditional IP-based throttling of actions is becoming easier and easier to circumvent.

I propose we start creating a new class of throttling of critical actions (edits, account creations, ...) that allows us to limit/block actions based on the reputation of an IP.

So basically:

  • when checking if the user can perform an action, check the reputation of their IP with our ip reputation provider service, Ipoid
  • If we get a non-empty response within a short timeout (2 seconds), and the IP is part of a residential/callback proxy network, count it towards a special throttling rule counter dedicated to those
  • Otherwise apply our normal throttling

We should probably begin applying this to account creation specifically, but the mechanism should probably be more general.

Related Objects

Event Timeline

Joe created this task.Jan 11 2024, 10:03 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 11 2024, 10:03 AM
kostajh subscribed.Jan 11 2024, 10:08 AM

Related: T354600: Create persistent storage for edits, account creations, account logins, and log entries associated with IPs with poor reputation

kostajh added projects: Security-Team, Trust and Safety Product Team.Jan 11 2024, 10:09 AM
Joe added a project: MediaWiki-extensions-CentralAuth.Jan 11 2024, 10:38 AM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptJan 11 2024, 10:38 AM
hnowlan subscribed.Jan 11 2024, 4:17 PM
jhathaway subscribed.Jan 11 2024, 4:23 PM
kostajh added a comment.Jan 11 2024, 4:39 PM

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/989728 takes a more extreme approach of denying account creation outright. It could be tailored to filter more narrowly to CALLBACK_PROXY types specifically.

Ladsgroup subscribed.Jan 11 2024, 7:38 PM
kostajh mentioned this in T354928: Allow logging and possibility to enact mitigations for actions for IPs with negative IP reputation data.Jan 12 2024, 9:14 AM
sbassett subscribed.Jan 12 2024, 5:47 PM
sbassett added a comment.Jan 12 2024, 5:55 PM

@kostajh - Are you aware of any plans to incorporate other, perhaps more Wikimedia-specific, reputation data within iPoid? While Spur has proven extremely useful, it can be a bit of a hammer, especially when it comes to Western bias. So I'm wondering if perhaps some internal data (edit counts, edit quality, IP location, etc.) might be incorporated within iPoid as additional meta information to help alleviate concerns around false positives.

Tgr subscribed.Jan 14 2024, 9:08 PM

Throttling as in MediaWiki throttling ($wgRateLimits)? I think a <2 sec delay during account creation is not ideal but acceptable, but any call to the throttler potentially being able to incur a delay seems problematic.

Or is the task about throttling in the network layer? (Probably not related to CentralAuth then.)

larissagaulia moved this task from Inbox, needs triage to Waiting on the MediaWiki-Platform-Team board.Jan 15 2024, 2:45 PM
sbassett moved this task from Incoming to Watching on the Security-Team board.Jan 16 2024, 5:26 PM
sbassett added a project: SecTeam-Processed.
STran moved this task from Backlog to External on the iPoid-Service board.Jan 24 2024, 11:10 AM
Tgr edited projects, added MediaWiki-extensions-IPReputation; removed MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth.Jun 30 2025, 12:44 PM

Not related to CentralAuth anymore since the IPReputation code has been moved to a separate extension.

Dreamy_Jazz edited projects, added Product Safety and Integrity; removed Trust and Safety Product Team.Feb 24 2026, 3:38 PM
Dreamy_Jazz moved this task from Inbox to Triaged (backlog) on the Product Safety and Integrity board.Feb 24 2026, 4:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits