Add 'ipblock-exempt' userright to the Bot usergroup in cswiki
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Mormegil
	Dec 5 2012, 10:39 AM

Description

Since some bots on cswiki edit from the Amazon EC2 cloud service, which was hardblocked (because it was misused as an open proxy), they need to be exempt from the IP blocking. And because adding bots manually to the IP-exempt group seems to be unnecessary work, we would like to add the ipblock-exempt right directly to all approved bots.

(Actually, I was a bit surprised this is not the default behavior; cf. also bug 28914.)

Version: unspecified
Severity: enhancement
URL: http://cs.wikipedia.org/w/index.php?title=Wikipedie:Pod_l%C3%ADpou_%28n%C3%A1vrhy%29&oldid=9389043#V.C3.BDjimky_z_blokov.C3.A1n.C3.AD_IP_adres_pro_schv.C3.A1len.C3.A9_boty

Details

Reference: bz42720

Event Timeline

• bzimport raised the priority of this task from to High.Nov 22 2014, 12:48 AM

• bzimport added projects: Wikimedia-Site-requests, Shell.

• bzimport set Reference to bz42720.

Mormegil created this task.Dec 5 2012, 10:39 AM

(Removing fake dependency, added automatically by the [clone this bug] feature, my bad.)

[ What criteria for a default behavior? ]

A user group permissions is filled with permissions directly related to the group goal. A bot is an automated client and so need permission allowing to execute a higher rate of hits (e.g. the api limit), or not disrupt the normal operations (e.g. the bot flag in the watchlist).

Your IP exempt isn't at all related to this objective. This is why we don't include it. We aren't shopping for every useful rights, we add the rights wiki request for the custom groups and directly useful for the standard ones.

[ If you want to speak about being a bit surprised... ]

Personally, I'm surprised we block dedicated servers providers, instead to only block individually the servers abusing the service.

For example, the configuration request I'm going to take care now will be prepared on a machine hosted by such a provider blocked on en., it. and nl. I had to request IP exempt to use my remote desktop because some administrators prefer to block a whole legitimate service often abused and give exempts to users instead.

I would like to correct your message: this is not the EC2 service which which misused as an open proxy but some individual EC2 servers, generally because they were managed by inexperienced sysadmin and then exploited by script kiddies.

[ Taking this bug ]

Gerrit change 36970.

[ Local consensus ]

This change requires first a local community approval.

Please discuss the matter and get a consensus on the most appropriated place, for example http://cs.wikipedia.org/wiki/Wikipedie:Pod_l%C3%ADpou_%28technika%29

You are probably right; I said I was surprised, not that it would be necessarily correct for it to be default.

(Originally, I intended to talk a bit about your more general comments here, but I do not have much to add other than that you are probably right _in principle_, but it is too “idealistic” per my experience as an admin and a checkuser.)

Ad local consensus: I solicited comments on this prior to this request: see http://cs.wikipedia.org/wiki/Wikipedie:Pod_l%C3%ADpou_%28n%C3%A1vrhy%29#V.C3.BDjimky_z_blokov.C3.A1n.C3.AD_IP_adres_pro_schv.C3.A1len.C3.A9_boty

I don’t think I’ll get anything more than that (“do anyone have any objection?” – almost no response) on such a highly technical topic.

[ -shellpolicy +shell. Setting URL. ]

Deployed by Reedy, 2012-12-12.

Add 'ipblock-exempt' userright to the Bot usergroup in cswikiClosed, ResolvedPublicActions

Description

Details

Event Timeline

Add 'ipblock-exempt' userright to the Bot usergroup in cswiki
Closed, ResolvedPublic
Actions