Last modified: 2013-04-22 16:16:04 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T44720, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 42720 - Add 'ipblock-exempt' userright to the Bot usergroup in cswiki
Add 'ipblock-exempt' userright to the Bot usergroup in cswiki
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Site requests (Other open bugs)
unspecified
All All
: High enhancement (vote)
: ---
Assigned To: Dereckson
http://cs.wikipedia.org/w/index.php?t...
: shell
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-05 10:39 UTC by Mormegil
Modified: 2013-04-22 16:16 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Mormegil 2012-12-05 10:39:53 UTC
Since some bots on cswiki edit from the Amazon EC2 cloud service, which was hardblocked (because it was misused as an open proxy), they need to be exempt from the IP blocking. And because adding bots manually to the IP-exempt group seems to be unnecessary work, we would like to add the ipblock-exempt right directly to all approved bots.

(Actually, I was a bit surprised this is not the default behavior; cf. also bug 28914.)
Comment 1 Mormegil 2012-12-05 10:41:08 UTC
(Removing fake dependency, added automatically by the [clone this bug] feature, my bad.)
Comment 2 Dereckson 2012-12-05 11:10:58 UTC
[ What criteria for a default behavior? ]

A user group permissions is filled with permissions directly related to the group goal. A bot is an automated client and so need permission allowing to execute a higher rate of hits (e.g. the api limit), or not disrupt the normal operations (e.g. the bot flag in the watchlist).

Your IP exempt isn't at all related to this objective. This is why we don't include it. We aren't shopping for every useful rights, we add the rights wiki request for the custom groups and directly useful for the standard ones.


[ If you want to speak about being a bit surprised... ]

Personally, I'm surprised we block dedicated servers providers, instead to only block individually the servers abusing the service.

For example, the configuration request I'm going to take care now will be prepared on a machine hosted by such a provider blocked on en., it. and nl. I had to request IP exempt to use my remote desktop because some administrators prefer to block a whole legitimate service often abused and give exempts to users instead.

I would like to correct your message: this is not the EC2 service which which misused as an open proxy but some individual EC2 servers, generally because they were managed by inexperienced sysadmin and then exploited by script kiddies.

[ Taking this bug ]
Comment 3 Dereckson 2012-12-05 11:53:23 UTC
Gerrit change #36970.


[ Local consensus ]

This change requires first a local community approval.

Please discuss the matter and get a consensus on the most appropriated place, for example http://cs.wikipedia.org/wiki/Wikipedie:Pod_l%C3%ADpou_%28technika%29
Comment 4 Mormegil 2012-12-05 12:07:37 UTC
You are probably right; I said I was surprised, not that it would be necessarily correct for it to be default.

(Originally, I intended to talk a bit about your more general comments here, but I do not have much to add other than that you are probably right _in principle_, but it is too “idealistic” per my experience as an admin and a checkuser.)


Ad local consensus: I solicited comments on this prior to this request: see http://cs.wikipedia.org/wiki/Wikipedie:Pod_l%C3%ADpou_%28n%C3%A1vrhy%29#V.C3.BDjimky_z_blokov.C3.A1n.C3.AD_IP_adres_pro_schv.C3.A1len.C3.A9_boty

I don’t think I’ll get anything more than that (“do anyone have any objection?” – almost no response) on such a highly technical topic.
Comment 5 Dereckson 2012-12-05 14:49:32 UTC
[ -shellpolicy +shell. Setting URL. ]
Comment 6 Dereckson 2012-12-22 22:37:20 UTC
Deployed by Reedy, 2012-12-12.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links