[Foundation-l] Open proxy robotical blocking

Jan Kulveit jk-wikifound at ks.cz
Fri Apr 28 21:13:24 UTC 2006 

On Fri, Apr 28, 2006 at 04:38:57PM +0200, Anthere wrote:
...
> http://meta.wikimedia.org/wiki/Requests_for_permissions#Desysopping_of_cs:Wikipedista:Egg
> 
> Whether technically possible or not technically possible, Proxybot was 
> both a sysop and a bot on the cs.wikipedia.
> His activity is to block ips : 
> http://cs.wikipedia.org/w/index.php?title=Speciální%3ALog&type=block&user=Proxybot&page=
> 
> Is that suitable that a bot also has a sysop status ?
> 
> Ant
> 

I think several aspects should be separated 
-technical implementation & mediawiki issues (problems with cluttering of logs etc.)
-questions od accuracy of open proxy detection, if such blocks can be
automated
-should open proxies be blocked just because beeing open proxies? 

I hope Egg (creator of Proxybot) will post something about the bot in 
wikitech-l, in Requests_for_permissions also another solution was
proposed, to import the blacklist directly into db. I hope this
will be discussed in wikitech-l
 
What seems to me as relevant topic for Foundation-l are the policy questions

1. should open proxies be blocked?
some possible answers
a. yes
b. only after they are source of vandalism
c. no, they should be treated as normal ips
d. it should be left to local communities of language versions / projects to
decide

As we have a "WikiProject on open proxies" 
http://meta.wikimedia.org/wiki/WM:OP
and
http://meta.wikimedia.org/wiki/WM:NOP
no open proxies policy
the answer seems to be "yes", but see complains at
[[en:Wikipedia talk:No open proxies#Foundation Issue Violation]]

2. can such blocks be automated?
a. yes
b. yes, if the list was verified by hand by experienced users
c. yes, if the list was verified by trusted script run by trusted user
d. yes, if the list comes from reputable source (is meta: page a reputable
source?)
e. no, it should be checked by hand one by one
f. no
g. it should be left to local communities of language versions / projects to
decide

In my opinion trusted proxycheck script run by trusted user is
resonable. Scripts tend to err on side of caution (if I play with nmap
etc. I'm able to identify more proxies  simple script is).

My thought on the topic - if http://meta.wikimedia.org/wiki/WM:NOP is
official Foundation policy, it would make sense to have Wikimedia-wide
ip blacklist, blocking proxies. One-by-one blocks by hand by admins of 
individual projects are IMO waste of time. That isn't a problem on en: 
with its overwhelming manpower, but for smaller project dealing with open 
proxy abuse may be non-negligeable burden. One technically savvy vandal 
can occupy several checkusers and admins for indefinite time period: 
all he has to do is to download some public open proxy list, run his
own scan, and as soon as one proxy is blocked, switch to another.

If privacy policy is relatively strict and blocking policy relatively
liberal (warn several times, block only after several repeated 
vandalisms, if vandalizing edits are mixed with good edits, talk more,
use RfC etc.) time impact on wiki users vs. vandal plays in favour 
of vandal.

Jan Kulveit - User:Wikimol

More information about the foundation-l mailing list