Neil Harris wrote:
Here are two final, but possibly less safe, heuristics:
* do an open proxy scan on any IP that does a page move
* do an open proxy scan on any IP that commits edits at faster than a
certain rate
Those might well put a spoke in certain determined vandals' activities.
Did I say final?
* Do an open proxy scan on any IP that blanks a page (ie reduces it in
size by >80%, after blank-trimming is taken into account -- a very
common form of idiot vandalism)
* Do an open proxy scan on any IP that triggers the spam-detector (as
link-spammers will often work their way round open proxy lists)
Those will auto-catch more categories of idiot vandals operating over
open proxies, without too much added scan/complaints load.
Please critique and/or add to the list of plausible heuristics, with the
general idea that it is never a bad idea to block an open proxy, but it
is not good to scan every IP all the time.
-- N.