Because of increasing vandalism on DE some admins are blocking manually hundreds
of IPs of open proxies according "Meta:No open proxies"
(http://meta.wikimedia.org/wiki/Meta:No_open_proxies). This blocking should
better be done by software which could block for other wiki languages too.
Either block all open proxies once / periocically or check the IP of a user
during creating a new account and during logon.
Some lists of open proxies on the web:
Version: unspecified
Severity: enhancement
I'd be willing to run a bot to do this. I already have the code to block all Tor
proxies, however I could extend it to whatever other lists you require.
ayg wrote:
There's code hanging around for this, and it looks like it should work.
Currently the only option is SORBS (does Wikimedia use that?), but it looks like
it should be very simple to set things up to use any blacklist supporting the
standard DNSBL protocol. Maybe the options for this should be expanded to allow
arbitrary arrays of hostnames rather than just SORBS or nothing, and then this
could be a simple config option. Any reason why not?
(The advantage of this over bots is that it's simpler and more invisible, not
clogging up logs and whatnot, and undoubtedly it's a good deal faster as well.
Under the current system there appears to be no way to whitelist an IP that's
blacklisted by a list, however, which might be a downside.)
A blacklist like [[m:Spam blacklist]] would be ideal, particularly if it
recognized CIDR ranges. The blacklist maintained by the [[m:WM:OP|MetaProject on
open proxies]] would be a good start. If some wikis prefer not to block such
proxies automatically for some reason, they could toggle it off much as can be
done with the spam blacklist.
It would solve a problem that is currently overwhelming us, involving a single
static IP address spamming every Foundation wiki with legitimate and widely-used
links in petty revenge for an administrator's refusal to spam blacklist a
legitimate site.
The only current solution would be for a steward to manually create an account
on every Foundation wiki, assign admin access to every account, and block that
one IP address on every wiki. This would need to be done again if they used a
different proxy. This isn't very workable.
The spammer is causing significant disruption on many wikis and can presumably
continue doing so forever; since this is the only workable solution I can think
of, I've increased the priority.
ayg wrote:
This bug is about automatic open proxy blocking, not general-purpose manual crosswiki blocking.
If you want to start a bug suggesting general-purpose crosswiki block lists, feel free.
Repurposing to be Wikimedia-specific, because we already have DNSBL support in the software AFAIK.
jeluf wrote:
Blocking open proxies on sight is considered evil by many. Some countries can only access the internet using open proxies for example. There will be no automatic blocking of open proxies in the foreseeable future. => Closing.
If you disagree, please ask for a board resolution.