Last modified: 2011-03-13 18:05:47 UTC
Because of increasing vandalism on DE some admins are blocking manually hundreds of IPs of open proxies according "Meta:No open proxies" (http://meta.wikimedia.org/wiki/Meta:No_open_proxies). This blocking should better be done by software which could block for other wiki languages too. Either block all open proxies once / periocically or check the IP of a user during creating a new account and during logon. Some lists of open proxies on the web: - http://www.stayinvisible.com/proxy_lists.html - http://www.samair.ru/ - http://www.nntime.com/
I'd be willing to run a bot to do this. I already have the code to block all Tor proxies, however I could extend it to whatever other lists you require.
There's code hanging around for this, and it looks like it should work. Currently the only option is SORBS (does Wikimedia use that?), but it looks like it should be very simple to set things up to use any blacklist supporting the standard DNSBL protocol. Maybe the options for this should be expanded to allow arbitrary arrays of hostnames rather than just SORBS or nothing, and then this could be a simple config option. Any reason why not? (The advantage of this over bots is that it's simpler and more invisible, not clogging up logs and whatnot, and undoubtedly it's a good deal faster as well. Under the current system there appears to be no way to whitelist an IP that's blacklisted by a list, however, which might be a downside.)
A blacklist like [[m:Spam blacklist]] would be ideal, particularly if it recognized CIDR ranges. The blacklist maintained by the [[m:WM:OP|MetaProject on open proxies]] would be a good start. If some wikis prefer not to block such proxies automatically for some reason, they could toggle it off much as can be done with the spam blacklist. It would solve a problem that is currently overwhelming us, involving a single static IP address spamming every Foundation wiki with legitimate and widely-used links in petty revenge for an administrator's refusal to spam blacklist a legitimate site. The only current solution would be for a steward to manually create an account on every Foundation wiki, assign admin access to every account, and block that one IP address on every wiki. This would need to be done again if they used a different proxy. This isn't very workable. The spammer is causing significant disruption on many wikis and can presumably continue doing so forever; since this is the only workable solution I can think of, I've increased the priority.
This bug is about automatic open proxy blocking, not general-purpose manual crosswiki blocking. If you want to start a bug suggesting general-purpose crosswiki block lists, feel free. Repurposing to be Wikimedia-specific, because we already have DNSBL support in the software AFAIK.
Blocking open proxies on sight is considered evil by many. Some countries can only access the internet using open proxies for example. There will be no automatic blocking of open proxies in the foreseeable future. => Closing. If you disagree, please ask for a board resolution.
It could, though, be useful to do some automated flagging and human review.
