Ilmari Karonen wrote:
Ilmari Karonen wrote:
Actually, [[MediaWiki:Blockiptext]] is probably
one place where this
also ought to be advertised.
...done. Improvements welcome.
Should there be some specific place where admins can report ISP proxies
so that a developer can check them, with a list of proxies that have
already been checked and found wanting?
May I suggest
http://meta.wikimedia.org/wiki/Talk:XFF_project ?
An admin doing vandal blocking
generally can't tell if a proxy provides XFF headers or not, but I
understand that the headers are logged in the database where developers
(and those with CheckUser privs?) can access them.
You need either shell access or cooperation from someone behind the proxy. Only a single
IP is
recorded in the database, that's what Special:CheckUser gives access to. The entire
XFF header for
each POST request is stored in a text format log on NFS, that's what developers need
to check.
Note that the log might not tell you the difference between fradulent XFF headers and real
ones. For
that I mostly rely on reverse DNS. I also use DNS to list proxies which have never made an
edit to
Wikipedia, and IP addresses reserved by the ISP for proxies that don't exist yet.
The method can be summarised as follows:
1) Find a proxy IP. I've done this in two ways: by user reports and searching IPs
marked
{{SharedIP}} on en.
2) Do reverse DNS. If it looks like a proxy, continue, otherwise stop.
3) If the hostname contains a number (e.g. bbcache-8.singnet.com.sg), change it until you
find the
edges of the range.
4) Search the XFF log.
a) If the proxy is forwarding for private addresses, add the range to [[/RFC 1918]].
b) If the proxy is not giving XFF headers, send them an email asking them to change
their
configuration.
c) If the proxy is giving valid XFF headers, add the range to the list.
-- Tim Starling