David Gerard wrote:
Neil Harris (usenet(a)tonal.clara.co.uk) [050121 22:55]:
I've noticed increasing levels of vandalism
via anonymizing proxies. We
turned off the automatic proxy-scanning some time ago because of
complaints by the clue-deficient who saw this as potential attacks.
However, it might be a good idea to do the following:
* whenever an admin _blocks_ a user, the IP they were editing from
should be automatically proxy-scanned, and blocked indefinitely if it is
an open proxy (_in addition to_ the username/IP block that would have
been applied)
By restricting proxy scans to proven vandals, this will reduce the rate
of proxy scans to a few dozen a day (from tens of thousands before), and
result in a proportionately trivial level of complaints which can safely
be auto-replied or ignored. It will also allow the reply to be very
clear: "we detected abuse from your user, verified that it was coming
from an unsecured proxy on your network, and took appropriate action".
Oh, yes *please*!
- d.
And I've just realized that this will also have another advantage:
legitimate policy-compliant users using open proxies (for whatever
reason) won't get automatically banned: they will still be able to edit,
so we default to being permissive. The moment that proxy is used for
abuse, though, that's another open proxy blocked for good.
More possible heuristics: scan editing IPs for open proxies if the page
they are editing has been protected in the recent past, or if the admin
revert function has recently been used on that page. This will catch
proxy-hopping users who engage in edit wars (Israel/Palestine, Fascism,
GW Bush...), but again only add a very small number of scans to the
overall total.
As in earlier proposals, we can add a recent-scans record, so an IP
won't be scanned more than say once a day, no matter what happens.
-- N.