Page MenuHomePhabricator
Create Task
Maniphest T380917

Ability to configure a wiki to auto block open proxies
Open, Stalled, Needs TriagePublicFeature
Actions

Description

Why

  • Since ST47ProxyBot (userpage, block log) has stopped blocking open proxies on English Wikipedia, I assume the amount of LTA-related proxy vandalism and abuse has increased. In particular, I wonder if the MidAtlanticBaby LTA would be stopped if this bot were still running.

What

  • Pick a MediaWiki extension (AutoModerator? TorBlock?) or create an extension to add the following functionality to:
    • Config variable such as $wgBlockOpenProxies = true
    • When set to true on a wiki, duplicates the functionality of ST47ProxyBot, which checked some kind of third party open proxy list, then blocked IP addresses for 14 days, 1 year, 2 years, or sometimes a different duration, depending on whether or not they were on that list, what type of proxy they were, and maybe an additional factor
    • The algorithm appears to be "a combination of open-source intelligence, blocklist APIs, and port scanning/fingerprinting". (More details.)
  • Alternatively: use AbuseFilter variables based on IP reputation data T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter

Notes

  • cc @Samwalton9-WMF and @kostajh, since this overlaps with some of your work (AutoModerator, IPInfo). cc @ST47, original bot maintainer.
  • if we implemented this via a hook that stops the attempted action, we could avoid spamming the block log, which was a downside of ST47ProxyBot
  • search keyword: VPNGate

See also: T166817: Globally block identifiable open proxies

Related Objects
Search...

StatusSubtypeAssignedTask
 StalledFeatureNoneT380917 Ability to configure a wiki to auto block open proxies
 ResolvedDreamy_JazzT354599 [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter
 ResolvedkostajhT360067 Deploy Extension:IPReputation
 ResolvedsbassettT360070 Application Security Review Request : Extension:IPReputation
 DuplicateDreamy_JazzT380454 Provide ip_reputation_tunnel_operators AbuseFilter
 DuplicateSTranT380919 Don't funnel all protected variable access logs to CheckUser temporary account access log
 ResolvedSTranT381052 Investigate: Should we remove the preference check from AbuseFilter's protected variables implementation?
 DuplicateDreamy_JazzT380710 Provide ip_reputation_risk_types variable in AbuseFilter
 ResolvedDreamy_JazzT386913 IPReputation: Create a service to get IPoid data in IPReputation
 ResolvedDreamy_JazzT380918 Provide capability to define new protected variables from other extensions
 ResolvedSTranT385687 Investigate: How should the AbuseFilter variable `user_unnamed_ip` be restricted
 ResolvedDreamy_JazzT380920 Remove the AbuseFilter protected variables preference gate
 ResolvedDreamy_JazzT387333 CheckUser should impose IP viewing restrictions on AbuseFilter's `unnamed_user_ip` protected variable
 ResolvedDreamy_JazzT387331 Provide a mechanism for other extensions to modify protected variables access requirements
 ResolvedDreamy_JazzT387013 IPReputation: Add AbuseFilter dependency in CI and Phan
 ResolvedSTranT387324 Add hook to support custom logging in `ProtectedVarsAccessLogger`
 ResolvedSTranT387328 Refactor CheckUser ProtectedVarsAccessLogger logging out of AbuseFilter
 ResolvedSTranT387329 Investigate: Confirm our logging expectations for AbuseFilter/CheckUser Temporary Accounts logs when using protected variables
 ResolvedDreamy_JazzT390873 AbuseFilter protected variables: Make it possible for protected variable values expire when the IP address expires
 ResolvedDreamy_JazzT390874 IPReputation: Create the initial IPReputation AbuseFilter variables
 ResolvedDreamy_JazzT388781 AbuseFilter / IP reputation: Instrument latency
 ResolvedDreamy_JazzT393665 AbuseFilter IP reputation: Provide documentation and recommendations for usage
 ResolvedDreamy_JazzT396069 Support generation of IPReputation AbuseFilter variable data for previous actions
 ResolvedDreamy_JazzT396079 Support generation of IPReputation AbuseFilter variables for temporary accounts and account creation
 ResolvedSecurityDreamy_JazzT396750 CVE-2025-53495: Do not show IP Reputation AbuseFilter variables to those without permission in Special:AbuseFilter/examine/<rc id>
 ResolvedSecurityDreamy_JazzT397196 CVE-2025-53499: AbuseFilter 'abusefiltercheckmatch' API does not check protected variable access restrictions
 ResolvedSecurityDreamy_JazzT397221 CVE-2025-53498: AbuseFilter batch testing tool do not log when protected variables are in the test pattern

Event Timeline

Novem_Linguae created this task.Nov 26 2024, 8:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 26 2024, 8:25 PM
Novem_Linguae renamed this task from Feature request: ability to configure a wiki to auto block open proxies to Ability to configure a wiki to auto block open proxies.Nov 26 2024, 8:27 PM
Novem_Linguae changed the subtype of this task from "Task" to "Feature Request".
kostajh added a comment.EditedNov 26 2024, 8:30 PM

I assume the amount of LTA-related proxy vandalism and abuse has increased

I am not sure about this assumption. It would be great to have some data on it. For example, we can see the number of blocks drop off when ST47ProxyBot goes offline in March:

image.png (944×954 px, 71 KB)

and the rate of reverts stays about the same

image.png (784×950 px, 66 KB)

as do page protections

image.png (784×950 px, 71 KB)

@Novem_Linguae for this task, my suggestion is that we solve it via T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter, especially as there is some work underway now for that feature as part of WE4.2 Anti-abuse work stream. If we then find that the AbuseFilter approach is not sufficient, we could look at achieving this task in a different way.

Hey_man_im_josh subscribed.EditedNov 26 2024, 8:40 PM

I certainly have felt like the bot's absence has had a negative effect on Wiki. One example is, during my NPP work, I patrol redirects. Every day this last week or two I'm finding at least 5-10 unreviewed redirects as the result of caste / clan related articles being redirected by IPs which have often ended up blocked as proxies by the time I find the redirect. I bet I'm missing quite a few as well with other editors marking those redirects as reviewed, whereas I'm reverting the BLARs which typically have very misleading edit summaries. Definitely some edits in contentious areas taking place that might not have otherwise.

kostajh attached a referenced file: F57750328: image.png. (Show Details)Nov 26 2024, 8:43 PM
kostajh attached a referenced file: F57750327: image.png. (Show Details)
kostajh attached a referenced file: F57750325: image.png. (Show Details)
A_smart_kitten subscribed.EditedNov 26 2024, 8:44 PM

@kostajh, FYI, the files you've linked to are currently showing as restricted.

edit: not any more :)

kostajh added a comment.Nov 26 2024, 8:45 PM
In T380917#10359516, @Hey_man_im_josh wrote:

I certainly have felt like the bot's absence has had a negative effect on Wiki. One example is, during my NPP work, I patrol redirects. Every day this last week or two I'm finding at least 5-10 unreviewed redirects as the result of caste / clan related articles being redirected by IPs which have often ended up blocked as proxies by the time I find the redirect. I bet I'm missing quite a few as well with other editora marking those redirects as reviewed, whereas I'm reverting the BLARs which typically have very misleading edit summaries. Definitely some edits in contentious areas taking place that might not have otherwise.

Ack, thanks for this. We will hopefully have some mechanism in place to allow for mitigating actions from anonymous proxies and proxies by name via subtasks of T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter.

kostajh added a comment.Nov 26 2024, 8:49 PM
In T380917#10359546, @A_smart_kitten wrote:

@kostajh, FYI, the files you've linked to are currently showing as restricted.

edit: not any more :)

Yeah, sorry about that!

Novem_Linguae updated the task description. (Show Details)Nov 26 2024, 8:56 PM
Novem_Linguae added a project: MediaWiki-extension-requests.
Izno subscribed.Nov 26 2024, 9:48 PM
HouseBlaster subscribed.Nov 26 2024, 10:50 PM
Bugreporter subscribed.EditedNov 27 2024, 1:03 AM

$wgBlockOpenProxies

This is indeed a feature in older MediaWiki: https://www.mediawiki.org/wiki/Manual:$wgBlockOpenProxies (removed in T56597). A number of related settings still exists in master version of MediaWiki, such as $wgEnableDnsBlacklist and $wgProxyList (which provides indirect support of third party open proxy list). See also T76301: Remove all proxy blocking functionalities from mediawiki core

Bugreporter added a comment.Nov 27 2024, 1:04 AM

Note in Wikimedia it is much better that proxies be globally blocked.

DreamRimmer subscribed.Nov 27 2024, 1:07 AM
Nemoralis subscribed.Nov 27 2024, 3:49 AM
1AmNobody24 subscribed.Nov 27 2024, 6:06 AM
Clearfrienda subscribed.Nov 27 2024, 11:11 PM
Johannnes89 subscribed.Dec 1 2024, 12:15 PM
kostajh updated the task description. (Show Details)Dec 2 2024, 9:07 AM

@Novem_Linguae can we mark this as stalled while Trust and Safety Product Team is working on shipping T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter? If we find that AbuseFilters using IP reputation data are not sufficient for this problem, we could think about a dedicated extension.

Novem_Linguae changed the task status from Open to Stalled.Dec 2 2024, 9:11 AM

OK. Marking as stalled.

I definitely like having this ticket to centralize discussion. This will probably come up in the future. Thanks for your input so far.

Novem_Linguae updated the task description. (Show Details)Dec 17 2024, 10:45 PM
Bugreporter mentioned this in T166817: Globally block identifiable open proxies.Jan 4 2025, 2:05 PM
Bugreporter updated the task description. (Show Details)
Aklapper added a subtask: T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter.Jan 6 2025, 12:09 PM
Dreamy_Jazz closed subtask T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter as Resolved.Jun 23 2025, 5:03 PM
kostajh added a comment.Jun 23 2025, 8:58 PM
In T380917#10370204, @kostajh wrote:

@Novem_Linguae can we mark this as stalled while Trust and Safety Product Team is working on shipping T354599: [EPIC] WE4.2.14b Provide IP reputation variables in AbuseFilter? If we find that AbuseFilters using IP reputation data are not sufficient for this problem, we could think about a dedicated extension.

This is now available: https://www.mediawiki.org/wiki/Extension:IPReputation/AbuseFilter_variables

That said, I would suggest not creating blocking actions based solely on these variables, but instead looking at ways to combine the IP reputation signals with other AbuseFilter variables to mitigate abuse as needed.

Novem_Linguae added a comment.Jun 23 2025, 9:19 PM

Thank you very much for you and your team's work on this. Should help a lot with LTAs using proxies.

HideonRosie subscribed.Jul 20 2025, 9:19 AM
Bugreporter merged a task: T409793: Develop an extension that blocks VPN usage without affecting many legitimate users.Nov 11 2025, 1:44 AM
Bugreporter added subscribers: Awesome_Aasim, Pppery.
Novem_Linguae added a comment.Dec 20 2025, 1:13 AM

Related: https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(technical)#Resurrect_ST47ProxyBot%3F

Some folks make good arguments to not bring back ST47ProxyBot, although a bot to block VPNGate is mentioned as a good idea.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits