Hello,
I want to discuss a problem that we face on CS Wikipedia. There is
relatively frequent abuse of sockpuppets, especially for ban elusion. It
is also a subject of currently running arbitration case on cswiki between
me (sysop) and a vandal that creates hundreds user accounts and (aside to
useful edits!) disrupts Wikipedia various ways. It is such an extensive
phenomenon that editors often feel sneaking suspicion against almost all
newbies. That's very bad for a wiki project. There is a common rule, that
all rules and sanctions apply to *persons* and not user accounts.
However, it's often very difficult to reliably identify the person on the
other end of the wire, when the persons makes some steps to hide. One way
to improve the identification is the new CheckUser interface that we
extensively use. God bless developers for that. However, it has no effect
when the user hides behind an open proxy server. That leads us to the rule
that forbids using open proxy for editing and allows sysops to block such
IPs permanently. So much to the reasons why we need to proceed mass IP
blocking. Now lets consider how could we do it.
According to several publicly available lists, there are about 20 (maybe
30) thousands such IP addresses. We have about 15 sysops. Not all sysops
are active, not all are interested in this issue, not all have enough
technical skills. This means that some sysop(s) has to perform thousands
of IP blocks. More on that, consider that the sysop should examine each
such address whether it is open on some port or not. It is a
time-consuming and traffic-generating operation which is considered
abusive by some providers. These are the reasons why we decided to use a
robot to do the job quickly and not to check each address. It simply reads
given lists from web, compares them to special:ipblocklist and blocks the
rest.
Initially I developed and run the robot under my sysop account. It blocked
about 500 IPs per night. The blocks were time limited (random interval)
since there was no real check that the address is open. So if some proxy
would close and disappear from the lists, the block would automatically
expire. If not, the next run of the robot would block it again. Later we
have improved it by creating a special account for the robot and setting
him bot and sysop flags. That hided the blocks from RC page and that
allowed us to use the robot through all day, not only at night when nobody
edits. The same thing we did succesfully on cs Wikisource.
http://cs.wikipedia.org/wiki/Wikipedie:N%C3%A1st%C4%9Bnka_spr%C3%A1vc%C5%AF…
http://cs.wikipedia.org/wiki/Wikipedista:Proxybot
(pages in Czech)
We are sure that it made the vandal's life more difficult. That was our
goal. Some of the IP checks on sockpuppets shown open proxy addresses that
were blocked closely before the checks. Well done.
However, it has some disadvantages.
1) The biggest one is that setting the bot flag cleans the RC page but
doesn't clean the block logs. The robot messes them up so much that they
become nearly unusable.
2) So many blocked IPs lead to harder server-side checks performed on each
edit of the wiki.
3) Some "innocent" IPs may get blocked.
4) The bot and sysop flag should not be combined. It's probably only a bug
in MediaWiki that allowed us to do it. When you try to set bot flag to
sysop account, the software objects. When you do it in reverse order
(first the bot flag, than sysop) it succeeds. See
http://cs.wikisource.org/wiki/Special:Listusers/bot
that it is possible.
5) Time-limited blocks lead to repeating the same actions and in long time
scale it requires hundereds of block each night. This can be avoided by
infinite blocks.
In april, Anthere removed the sysop flag from Proxybot on cswiki.
http://meta.wikimedia.org/wiki/Requests_for_permissions/Archive_2006/May#De…
I stoped it immediately, today it is not running even on Wikisource. Most
of the IPs are blocked, some others get blocked indefinitely by a sysop's
hand from time to time. But most of them are blocked for a finite period.
http://cs.wikipedia.org/wiki/Special:Ipblocklist
Currently, the problems with vandals continue, but we are able to manage
them. What we're afraid of is the time when the blocks expire. Let's find
a better solution. For example integrating a list of open proxies directly
into the Wikimedia servers instead of blocking by sysops would be a way to
deal with it.
Thanks for any advice!
--
Vojtech Hala (aka Egg), MFF UK, Prague