Page MenuHomePhabricator

blocking IP blocks hurts registered users
Closed, ResolvedPublic



When dynamic IP's from large ISP's (i.e., AOL and other ISP's) are blocked
because of anonymous vandalism, it hurts registered users with long good edit
histories, because the current mediawiki behavior is to block all users using
that ip.

I propose that such IP's get a special mark in the database indicating that this
BLOCK of ip's is special. When one of those ip's is blocked, the block only
affects anonymous (and perhaps very new?) users, and does NOT cause an automatic
block of legitimate registered users in good standing.

As currently stands, a vandalizer only needs to register with AOL and never log
in, and they can vandalize to their hearts content with minimal penalty, and we
are powerless to block them.

Version: 1.6.x
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:01 PM
bzimport set Reference to bz4506.
bzimport added a subscriber: Unknown Object (MLST).

tikras wrote:

I agree, the same things happen on IRC - my ip has been put into blacklist :(

One thing that Wikipedia's people could do is to actually disable anonymous editing
for the "blocked" IPs, allowing them to login.

Also, there is a way of blocking people by e-mail address, I am not sure if
MediaWiki developers had done that or not but i think that it would be a great
Especially when combined with Blocked IPs.
What i mean is that if the E-Mail is blocked and the user wants to register, theiy
should get a cookie and their IP address should be blocked until the ISP replies.
As well, a message could be sent to their E-Mail address saying that their E-Mail
address is being used for vandalising, and if they don't reply e.g. in 24 hours or
anything - they are reported to ISP.
There are lots of solutions but the thing is that it's hard to take control of

Another idea popped into my head - just add a cookie to every user, with a unique
ID ( it can be the id of the Edit ), and add that edit's id into the vandalised
page list (Probably in MySQL, new table :/).
Whenever the user comes back online, they are monitored ( This does not apply to
people who are not Vandalising, only to logged people ).
They can be reported to the ISP with monitored addresses and dates/times :).
Only disadvantage is that they can simply delete the cookie file.
But still if there is more security, there is less troubles.

  • This bug has been marked as a duplicate of 550 ***