Last modified: 2006-12-14 09:32:50 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T8931, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 6931 - Blocked account should not create new accounts from the same IP
Blocked account should not create new accounts from the same IP
Status: RESOLVED DUPLICATE of bug 5149
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Normal major with 19 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-06 10:45 UTC by tsor
Modified: 2006-12-14 09:32 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Hacky patch to autoblock all relevant IPs immediately on block (484 bytes, patch)
2006-08-11 21:25 UTC, Aryeh Gregor (not reading bugmail, please e-mail directly)
Details

Description tsor 2006-08-06 10:45:30 UTC
If an administrator blocks an account software should block the IP belonging to
this account for a (short) time, say 10 or 15 minutes, in order to prevent the
blocked user to create new accounts.

Vandals often create MANY new accounts from the same IP after an admin has
blocked them. Because of the autoblock the new accounts can not edit
immediately, but admins have to block these new accounts to prevent vandalism
after the autoblock time has expired.

Therefore the IP should automatically blocked for a short time. This IP block
must not be inserted into the IP blocklist. Otherwise every user might see the
IP of the vandal account (which is a function of checkuser).
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-06 20:53:11 UTC
How is it autoblock doesn't handle this?  Autoblock doesn't work on account
creation?  What do you mean, "after the autoblock time has expired" — you mean
after 24 hours, account creation from the IP should still be blocked?  The
24-hour limit is deliberate, so that dynamic IPs aren't indefinitely autoblocked
(consider an AOL user creating an abusive account and getting indefinitely
blocked; imagine if all his IPs got indefintely blocked too).
Comment 2 tsor 2006-08-07 16:02:42 UTC
Let me explain:

If I block the account XY, then

   (1) XY cannot edit anymore
   (2) without changing the ip XY can create new accounts XY-1, XY-2, XY-3 ...
   (3) XY-1 cannot edit immediately, but after the end of the autoblock time (24
h) he can edit.
   (4) To prevent further vandalism the admin must block XY-1, XY-2, XY-3 ...

We should prevent (2) for a small time, say 10 or 15 minutes.
Comment 3 tsor 2006-08-07 17:34:22 UTC
For an example look at http://de.wikipedia.org/wiki/Spezial:Log/newusers:
7.August, 18:46 h - 19:26 h. This happens nearly every day.
Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-10 02:50:58 UTC
Correct me if I'm wrong, but it appears that autoblocks never apply to IP
addresses.  If you block my account, I can still log out and edit freely.  Is
this incorrect?  It seems to be the behavior I'm getting, and appears to be
stated explicitly in User::spreadBlock.  If this is correct, why is it true?
Comment 5 Raimond Spekking 2006-08-10 07:49:56 UTC
#4: Autoblocks are effectiv for editing for all (?) /the last x IPs (?) that a
blocked user has had. This works fine. But an autoblocked IP can create
accounts. A lot of accounts :-( 

This has to be changed as #2 explained. 
Comment 6 Florian Adler 2006-08-10 08:34:15 UTC
We need this IP-Autoblock desperately on de.wiki. Every day hunderds of accounts in just one hour. that 
woundn't be possible, if this person had to change IP every minute
Comment 7 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-10 18:57:21 UTC
(In reply to comment #5)
> #4: Autoblocks are effectiv for editing for all (?) /the last x IPs (?) that a
> blocked user has had. This works fine.

So if User:Simetrical is blocked, I log out immediately, and I try to make an
anonymous edit, my IP *is* autoblocked?  Because I'm not seeing that on my wiki.
 My IP is only autoblocked if I attempt to make an edit before logging out. 
Does anyone know if this is correct behavior?  Why aren't autoblocks immediate
upon blocking in any case?
Comment 9 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-11 21:25:19 UTC
Created attachment 2217 [details]
Hacky patch to autoblock all relevant IPs immediately on block

This patch is not yet suitable for commit.  Phrases need to be changed, etc. 
But it works: $user->spreadBlock is simply called as soon as any username block
is instated via Special:Blockip (even if the block already existed beforehand,
incidentally).	I'll tweak it a bit Saturday night or Sunday to update phrases,
correct the logging order, and so on.
Comment 10 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-16 00:58:55 UTC
Comment on attachment 2217 [details]
Hacky patch to autoblock all relevant IPs immediately on block

Whoops, I see now.  I got seriously confused as to the function of
User::spreadBlock.  The only reason it worked in my test is because I was
attempting to block myself — spreadBlock blocks the current request's source
IP, I thought it actively looked up IPs used in the past 24 hours.  So this
would be a completely retarded patch to apply.	:D

When I asked brion on IRC, he said that the reason autoblocks aren't applied at
the time of the initial block is because nobody's written the code to find and
block all IPs recently used by a given user.  That's a bit beyond my skill
range at the moment, since I still haven't really tried to learn MySQL . . .
Comment 11 Rob Church 2006-08-16 02:43:33 UTC
(In reply to comment #10)
> When I asked brion on IRC, he said that the reason autoblocks aren't applied at
> the time of the initial block is because nobody's written the code to find and
> block all IPs recently used by a given user.  That's a bit beyond my skill
> range at the moment, since I still haven't really tried to learn MySQL . . .

This was a feature in one of the code snippets I wrote for an improved
autoblocker; never committed. It's quite a trivial thing to do, though, so I
might dig up the code, peer at it, and then plonk it in the repo.
Comment 12 Olaf Klenke 2006-12-13 11:53:26 UTC
The main problem is that many Administrators are not able to differentate between a Troll a Vandal and a person with more knowledge than out 
of plain and simple World Wide Web sources.

And that they are not able to handle their own Admin provokers out of their front ranks.
Comment 13 Olaf Klenke 2006-12-13 12:31:24 UTC
More or less a selfmade DE wiki problem
First work and controll your ego then come up with a better idea than this one

Regards

Comment 14 Rob Church 2006-12-13 15:38:49 UTC
Please stop posting random borderline trolling crap all over bug reports.
There's a sandbox on various wikis to go piss in, but we're actually trying to
work here.
Comment 15 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-12-13 15:57:00 UTC

*** This bug has been marked as a duplicate of 5149 ***
Comment 16 Olaf Klenke 2006-12-14 09:30:40 UTC
Dear Rob I know that this is the wrong place for this but it is the only possibility to get any notice of a blackmailing situation from German 
administress Bdk against me.
You also know that nobody really cares about this sandboxes because to many real trolls are writing there.
I know that my "case" is really different.
If Bdk means she is able to blackmail me with my comments.
OK thats fine.
But now I try to fight back over unconventional ways.
I appologize in advance for my behaviour.
Bdk knows exactly what to do to stop this.
If you are a free spirit with an own thought who is not listening to what the masses say I offer you to ring me.
Callback ( i pay ) under 0049/231 478254 Germany

This ain't no game anymore this has developped to a very serious threatening war which I always tried to avoid.

Sorry in advance for missusing this pages on purpose but this are really desperate circumstances and I will fight to death against her 
blackmailing over very indirect subtil ways.

Kind regards and sorry again

Yours sincerely

Olaf Klenke
Comment 17 Rob Church 2006-12-14 09:32:50 UTC
I'm not going to get involved in wiki politics. This is not the place for it;
this is a bug tracker. Please don't make further comments here unless commenting
on a bug report in a useful manner. Continuing to do otherwise will likely lead
to your BugZilla account being disabled.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links