Wikipedia talk:WikiProject on open proxies

From Wikipedia, the free encyclopedia

Shortcut:
WT:OP

Contents

[edit] Wikipedia:No Open Proxies

Since "no open proxies" has never been formally stated as Wikipedia policy; I've started a new page in the Wikipedia namespace to document this:

Wikipedia:No Open Proxies

--EngineerScotty 21:32, 20 January 2006 (UTC)

[edit] RBL check script

I wrote the following user script to help check IPs for potential open proxies. Comments?

addOnloadHook(function () {
    var title;
    if (!(title = document.getElementById('t-contributions') )) return;
    if (!(title = title.getElementsByTagName('a')[0] )) return;
    if (!(title = title.href )) return;
    title = title.replace(/^.*\/wiki\/Special:Contributions\//, "");   
    if (!title.match(/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/)) return;
    addLink('p-tb', 'http://rbls.org/?q='+title, 'RBL check', 't-rblcheck', 'Multi-RBL check');
});

Note that the script needs the addLink helper function to work. —Ilmari Karonen (talk) 21:48, 11 February 2006 (UTC)

Latest version available at Wikipedia:WikiProject User scripts/Scripts/RBL check (or User:Ilmari Karonen/rblcheck.js). —Ilmari Karonen (talk) 14:13, 4 May 2006 (UTC)

[edit] Suggestions for appropriate place to report non-public proxies

Someone on Wikipedia:Articles_for_deletion/Verbungula seems to be using a proxy in order to stack votes there, and to avoid 3RR elsewhere... but I'm not sure if it's an open proxy or if he's using lynx through the shell on his web hosting account. I'm behind a firewall at my college right now and can't run proxy scanners and such, so I can't check if it's a 'public' proxy or not. Could someone please check it for me? It's 66.101.59.248, which hosts Young Zaphod's web site [1]. Since there's a chance that it's not an open proxy, and is limited to their hosting customers, what would be the appropriate action for that kind of thing (when they're not "open")? Atari2600tim (talkcontribs) 19:17, 17 February 2006 (UTC)

The IP doesn't seem to be an open proxy. No administrative action can be taken in that respect. // Pathoschild (admin / talk) 20:30, 17 February 2006 (UTC)
I figured. I guess I'll have to point out that it's a paid private proxy every time that it participates in votes and such. Oh well, thanks anyway. --Atari2600tim (talkcontribs) 22:20, 17 February 2006 (UTC)

[edit] Move to meta?

More approporate place? --Cool CatTalk|@ 15:38, 9 March 2006 (UTC)

The WikiProject is already on Meta. Note that the first link under Chapters is to the Wikimedia Meta-Wiki. This is the local chapter, where Wikipedians can report open proxies and where open proxies which haven't been blocked on this project can be listed. // Pathoschild (admin / talk) 19:38, 9 March 2006 (UTC)

[edit] Access to the check tool

Is this the correct place to ask for access? The project page doesn't make it clear whether to ask here or on Tawker's talk page. At the moment I'm running suspected proxies through my own perl script to test them, but an extra tool wouldn't hurt. --GraemeL (talk) 16:55, 25 March 2006 (UTC)

In the future leave me a note on my talk page or go ask Pathoschild, (I trust he'll give the credentials to trusted users) -- Tawker 06:57, 15 May 2006 (UTC)

== Technical solution to block open proxies from all wikis at

So when someone in this project finds an open proxy, you block it here on Wikipedia, and maybe you list it on Meta, and maybe eventually it gets blocked on some other Wikimedia projects. Obviously a much better method would be if Wikimedia could just block the open proxy from editing everywhere, all at once. Is anyone working on such a solution? It would save a lot of effort, and it would protect the smaller wikis from a lot of vandalism. User:dbenbenn 23:42, 19 April 2006 (UTC)

It's been proposed before. Feel free to submit the code to do so. :) // [admin] Pathoschild (talk/map) 23:50, 19 April 2006 (UTC)


[edit] CGI proxies?

I'm currious - how do ya'll go about detecting CGI proxies? Unlike HTTP / SOCKS4 / SOCKS5 proxies, HTTP requests crafted in a certain way won't do it. Rather, you'd have to guess the URL. If the IP address directly corresponds to a website whose main page features a CGI proxy, then I guess it's an easy enough determination, but what about when it doesn't? What if I, for example, write a script at /random/location.php that serves as an open proxy and don't mention it on the main index page (or any page connected to it)? HTTP_REFERER wouldn't help (unless, I suppose, the proxy said it was its own referer) and HTTP_USER_AGENT can't exactly be depended upon, either...

Regardless, I'm sorta interested in becoming a verified proxy checker. I've written a phpBB MOD that can detect them and a stand-alone app that can (although not as well as the phpBB one can). I also, for fun, reimplemented PHP's gethostbyname function with a less tempermental and more advanced one (it checks the TXT record to see why the IP address is listed - something that DNSBL checkers based on gethostbyname kinda can't do). TerraFrost 19:27, 17 May 2006 (UTC)

Basically we do it like you describe. Also, some PHP-based proxies have a known bug where all single quotes on pages edited through the proxy are escaped with backslashes — this is considered a reliable sign of an open proxy by itself, with no additional confirmation needed. Certain types of vandalism, particularly those made with automatic proxy-using vandalbots, also serve as reliable proxy indicators. —Ilmari Karonen (talk) 11:36, 19 May 2006 (UTC)

If you have a suspicion that the IP address is being used for a proxy script, you can always 'ping -a 127.0.0.1' the IP address to get a hostname. If it resolves to an actual site (and not a router, etc), then try playing around on their domain and see if they have a proxy script. I did that to check one or two of them. -^demon[yell at me][ubx_war_sux] /15:26, 14 July 2006 (UTC)

That could, quite potentially, require a lot of playing around. All someone need do to really turn an arbitrary website into a cgi proxy is exploit a remote command execution vulnerability on that website. If they can do this, they can choose whatever name they please for the file (assuming they even bother to create one).
One thing that could be done, though, is to write a javascript that gets the current URL. If it's going through a CGI proxy, the URL should be the URL to the CGI proxy, itself. It may have a few extra parameters representing the URL the CGI proxy is accessing, but that's not a big problem.
To deal with CGI proxies that would strip away the javascript, you can always incorporate XSS-like techniques to bypass it. I say that because the solution to XSS is very similar to the way CGI proxies would strip away javascript. Both look for tags that contain javascript and remove it. Unfortunately for web app developers (and fortunately for those looking to prove something is a CGI proxy) this isn't always so easy. Quite a few XSS exploits have, in fact, relied upon rather malformed HTML - HTML that the CGI proxy isn't likely to think contains javascript even though the browser does.
Now, it's not a perfect solution. If the user disabled javascript, it wouldn't work. Neither would it work if the person who attacked some website was sending their own custom HTTP requests. It'd also have to be built into wikipedia (or rather, Mediawiki) to be effective. If there were interest in it, I could implement such a feature. I plan on implementing it for phpBB's at some later date. TerraFrost 07:18, 29 July 2006 (UTC)

[edit] Don't forget about the users in China!!!

There is one major flaw with the open proxies project: open proxies are the only way users in China can access Wikipedia!!! I live in Shanghai and I’ve been blocked twice in the last two weeks because my account uses an open proxy. Perhaps it would make more sense to block anyone who is not signed in and uses an open proxy? Even that is a problem because how can new users in China sign up. If this policy doesn’t change then Wikipedia is contributing to Internet censorship in mainland China and blocking 1.3 billion people from editing wikipedia. I understand the need to curb vandalism, but a blanket ban on open proxies is solving one problem while contributing to another. --23:33, 7 July 2006 (UTC)

http://en.wikipedia.org/wiki/Wikipedia:Advice_to_Tor_users_in_China does that help them? ShaunES 04:57, 14 July 2006 (UTC).
The addvise on that page is to use the secure wikipedia connection at:
https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page
It can take several minutes just to load up one page. It's not a solution. I live in China and open proxies are the only way I can access wikipedia sites. I don't think banning users who are signed in and use open proxies, but have no history of vandalism makes any sense. I request that consideration be made in changing this rule. Right now I'm using an open proxy, and will probably have my account banned because of that. This is highly annoying. David Straub 09:12, 7 August 2006 (UTC)
Note that the WikiProject only implements existing policy. If you wish to discuss a change to the policy itself, please do so at Wikipedia:Village pump (policy). // [admin] Pathoschild (talk/map) 17:03, 7 August 2006 (UTC)

[edit] VCN Proxychecker down

Down til I finish upgrades, probably a few hours. ShaunES 10:18, 16 July 2006 (UTC).

Sigh, best laid plans... Down til... I dunno, maybe later tonight, maybe tommorow night. ShaunES 12:30, 16 July 2006 (UTC).
Hardware kersploded :( ShaunES 12:56, 19 July 2006 (UTC)

[edit] King County Libraries blocked?

Last time I tried to edit from a computer at the Bothell branch of the King County Libraries, I got blocked as being from an open proxy. Next time I'm over there, I'll try it again, so I have the IP handy. —The preceding unsigned comment was added by SarekOfVulcan (talkcontribs).

[edit] REorganizing

Here's osme idea. How about we get rid of the sectioning commands and start using the in-places comments on the main table, as t's being done now? It makes things easier to work with (no more moving around text snippets, just add the note), and the current system makes almost impossible to find archived stuff. -- Drini 02:29, 15 August 2006 (UTC)

The sections streamline the process of dealing with open proxies. Using a single list would make moving confirmed reports to the MetaProject quite difficult, for example. // [admin] Pathoschild (talk/map) 03:45, 23 August 2006 (UTC)

[edit] Tor bot

Would an automatic script to check for open Tor proxies be of use to this project? It would simply acquire a new Tor address at regular intervals and do pattern matching for block notices on the output of edit attempts on a predetermined safe page. If the notices are absent, the IP is considered open and a post is placed in the "Alerts" section for review.

I have no idea if there's already anything in place to do this, so sorry if it's a waste of time. Having just discovered how easy it is to do this with shell scripts, Tor proxy detection is the only application I currently have in mind for such a bot. -- Omicronpersei8 (talk) 08:34, 22 August 2006 (UTC)

It'd be useful indeed. // [admin] Pathoschild (talk/map) 04:38, 23 August 2006 (UTC)

Okay, I'm willing to work on a bot proposal, but there's still a lot of stuff I'm not sure of. For starters, how can these nodes be verified by project members as Tor proxies? The VCN tool seems incapable of doing this, and no one on the main page has done anything with the IPs I've listed, so I'm not sure there is an easy way. The design of Tor seems to make this process difficult by definition. I could have the bot post to a page in its userspace using a Tor IP, but that model for proxy reporting would make it very easy for fakers to get legitimate IPs blocked. -- Omicronpersei8 (talk) 06:52, 24 August 2006 (UTC)

Tor is a bloody nightmare. The only lookup-based Tor node detection thing I've found was at http://www.ippages.com, but, they only allow you to lookup a I think 10 IPs a day unless you pay for it. If there's a less-restricted similar service like that, that's one way to possibly verify it. And then there's this... http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?addr=1 but, I have no clue what purpose it serves. Those tools could be good for verification. --Signed and Sealed, JJJJust (T C) 07:02, 24 August 2006 (UTC)
There is a dynamically updated list of Tor exit nodes at Tor Network Status (noted by JJJJust above). A previous bot detected open proxies by attempting to edit through them; see Fvw's discontinued POPBot. Since such a bot could not edit through legitimate IP addresses, it'd be impossible to trick it into false positives. // [admin] Pathoschild (talk/map) 23:39, 24 August 2006 (UTC)
That's a perfect resource, guys -- thank you. I thought I connected to an open proxy yesterday that was not listed there, but I may have been mistaken, as the list seems pretty complete right now. I will continue to monitor for discrepancies for a while. At any rate, I will need to rethink how to set up the bot now, and it may need to be programmed to work with meta projects somehow. -- Omicronpersei8 (talk) 02:42, 25 August 2006 (UTC)

[edit] Tor bot continued

So, hi again, and here are the ideas I have in mind so far: User:Cronbot/sb

To summarize, the bot will do timed Tor path refreshes and will try to post through the exit nodes it finds. It will do this because the Harvard list is incomplete and does not list all open exit nodes on the Tor network, and while you can filter your exit path by node nicknames, I don't think you can do it by IP. Thus, this method of proxy discovery will require the brute force approach. The bot will verify that it is who it says it is (while posting through proxy IPs) using PGP signatures. In addition to that, it will routinely check the block logs of IPs on the Harvard list and report if one of them is open and unblocked (I currently see no reason or practicality behind doing direct connections to nodes that can be more easily and quickly checked through Special:Log pages).

I started the layout I linked to above because I'm not sure how well this bot would play with the current proxy listings. Obviously, in this state, it would be better linked to or transcluded, as there are somewhat unresolvable differences in the table setups by design, mainly because of the PGP sigs and the "recheck" parameter columns. If you read the link, I think I've gone into adequate preliminary detail on the bot's functions.

Please feel free to let me know if this was a stupid idea, a good idea that went awry, or if I misunderstood things altogether. -- Omicronpersei8 (talk) 13:48, 3 September 2006 (UTC)

By the way, this is being done in Python through the pywikipedia framework on a home Linux box. -- Omicronpersei8 (talk) 13:50, 3 September 2006 (UTC)
Another dynamic list you may find useful is at proxy.org/tor.shtml. This list includes the servernames, which will help if the bot will be connecting through them. // [admin] Pathoschild (talk/map) 00:20, 6 September 2006 (UTC)
Wedged-in afterthought that should have prefaced the cruft below: I've set up the bot to not connect to public nodes but just check their block logs and report in bright red letters. Is that enough? -- Omicronpersei8 (talk) 07:22, 6 September 2006 (UTC)
That looks like a good supplement to the Harvard list for "public" nodes. I'm still seeing "private" nodes, however – exit nodes not present on either of those lists – in my local runs. I'm having a little dilemma right now because of this, because I noticed that a few of the nodes that formerly did not show up on private lists now do; so I'm not sure if my PGP scheme is necessary or if it's just a matter of "wait and it will pop up".
Another thing I should probably note is that these are big lists and I don't want to hammer/spam this site too much. At a constant rate of one IP block status check every sixty seconds, we're talking about 14+ hours just to finish one capture of the Harvard list.
I guess whether these "stealth" nodes absolutely need to be blocked as soon as possible is up to OP project members, and whether the bot's page access/edit frequency is acceptable is up to the server admins. Just checking the public lists seems like an acceptable anti-Tor system, and would be even better with the discovery scheme, but the latter is possibly unnecessary and definitely inadequate as the sole proxy-checking method. But at any rate, if checking public nodes takes so long, doing the other type of checks in the background can be a good supplement, as long as it doesn't eat up bandwidth or anything. So... comments?
Just so everyone knows, I have not taken this to WP:BRFA yet or finished a proposal. This is something that really needs to go through a few generations of code and testing first, but if it's wanted, that shouldn't mean more than a few weeks. -- Omicronpersei8 (talk) 07:10, 6 September 2006 (UTC)

Well, I felt inspired, so I went ahead and churned out an extremely long and over-wrought proposal. I haven't really heard any objections here regarding the concept of the bot, so I guess I'll go ahead and put the request up. Not like I can't trim down the features later if some of them are deemed extraneous. -- Omicronpersei8 (talk) 14:25, 6 September 2006 (UTC)

[edit] Unused template?

Is Wikipedia:WikiProject on open proxies/result-closed even used anymore when reviewing an IP? --Signed and Sealed, JJJJust (T C) 08:31, 23 August 2006 (UTC)

Ideally, it should be used to notify users who've placed an alert on this page of the result. In practice, I think I'm the only user who ever bothered to do so. // [admin] Pathoschild (talk/map) 23:30, 24 August 2006 (UTC)

[edit] Verified user

How would I become a verified user? Do I just add myself to the list? See User talk:Tawker#WP:OP Prodego talk 15:07, 27 August 2006 (UTC)

Essentially, a member administrator verifies that you seem reliable. You should have a working knowledge of open proxies, anonymity networks, range blocking, et cetera. We're very short on administrators on sister projects, so it'd be nice if you administrated elsewhere. All that said, the only real qualification is to be reliable enough that we can block hundreds of addresses on your word. I've added you to the list. // [admin] Pathoschild (talk/map) 02:09, 6 September 2006 (UTC)
I assume I'm going to need similar verification if people are to take my bot's postings as valid. -- Omicronpersei8 (talk) 06:38, 6 September 2006 (UTC)

[edit] Be careful of the "gcapmedia" unblock requests...

...a WoW sockpuppet (From back before he claimed to quit) said he worked for them. I'm paranoid, as you've probably noticed. 68.39.174.238 00:37, 9 September 2006 (UTC)

[edit] Google Web Accelerator

I would like to propose that we rangeblock all known IP addresses used by Google Web Accelerator because it is in effect, an open proxy. There's been a noticeable increase of unblock requests over the last week coming from people who've been autoblocked for vandalism by accounts using the accelerator. I've started a page at Wikipedia:Advice to Google Web Accelerator users (WP:GWA) which I hope to add screenshots and instructions detailing how users can exclude wikipedia.org from their accelerator settings soon. Perhaps we can use a link to this webpage as the block message? -- Netsnipe 07:28, 28 September 2006 (UTC)

[edit] Backlog

This page's backlog is not helped by the fact that it is bloody intimidating. Where's the usability study!
brenneman {L} 05:52, 7 October 2006 (UTC)

[edit] Indefinite blocking

Even these IPs will eventually be re-assigned elsewhere. Why not block for 3 years? —Centrxtalk • 19:02, 14 October 2006 (UTC)

[edit] Project directory

Hello. The WikiProject Council has recently updated the Wikipedia:WikiProject Council/Directory. This new directory includes a variety of categories and subcategories which will, with luck, potentially draw new members to the projects who are interested in those specific subjects. Please review the directory and make any changes to the entries for your project that you see fit. There is also a directory of portals, at User:B2T2/Portal, listing all the existing portals. Feel free to add any of them to the portals or comments section of your entries in the directory. The three columns regarding assessment, peer review, and collaboration are included in the directory for both the use of the projects themselves and for that of others. Having such departments will allow a project to more quickly and easily identify its most important articles and its articles in greatest need of improvement. If you have not already done so, please consider whether your project would benefit from having departments which deal in these matters. It is my hope that all the changes to the directory can be finished by the first of next month. Please feel free to make any changes you see fit to the entries for your project before then. If you should have any questions regarding this matter, please do not hesitate to contact me. Thank you. B2T2 14:38, 26 October 2006 (UTC)

[edit] Unsecured routers

There's been a guy from Australia vandalizing and posting complaints, each time from a new IP. Many of them show up on Multi-RBL's redlists, but some are not listed and pass the VCN proxychecker too. He said at one point, By the way, unsecured wireless and default admin router passwords are great. [2]. I can tell he is from Australia as his original contribs, before he got blocked and started acting out, are from Internode in Adeliade, Aus. What should I do with US and UK IPs he posts from that are not on any blacklists? They must be some kind of unsecured connection somewhere. Thatcher131 03:53, 11 November 2006 (UTC)

Based on his comment, these would be simple home networks to which he is gaining access. A possibility is to send a message to the ISP informing them that one of their customers has this insecure network, and they should contact the customer to have them correct the problem. An obvious solution—and the ISP is not necessarily going to respond or do anything about your report—would be to ban the IP for a month or two; they are open proxies but which are non-trivially accessible. Unfortunately, however, this would only work for insecure wireless networks; presuming the vandal is intelligent, because he has admin access to the router, he can simply reset the connection to obtain a new IP address from the ISP, so a ban here would only work for a couple days perhaps. I guess informing the ISP is the only permanent solution, we can do this with a form letter sent to the e-mail address listed in whois, specifying the date&time and IP. —Centrxtalk • 04:31, 11 November 2006 (UTC)
Do you have a form letter, and should I give you the IPs or should I do it myself? Thatcher131 05:01, 11 November 2006 (UTC)
I looked at Wikipedia:Abuse reports, but Wikipedia:Abuse reports/Boilerplate messages is no good, though there must be others. It can be something as simple as:

Sir:

I am administrator on Wikipedia, a multilingual project to create a complete and accurate open-content encyclopedia. The English-language version may be viewed on the Web at http://en.wikipedia.org/.

It has come to our attention that a user of your network may be running an insecure wireless access point or a router with a manufacturer-default password, which has been used by a third party to submit bogus changes on a mass scale over a long period of time.

As this is a security vulnerability under your network, coming from an otherwise anonymous IP, we ask that you please contact this customer and inform them how to properly secure their home network. The IP addresses and the dates and times on which it was used are as follows:

2005-06-18 14:37 (UTC): xxx.xxx.xxx.xxx . . .

Yours sincerely,

Your real name


However, keep in mind this person may not be telling the truth. If it is the IPs in the temp page you created, these do not look like typical home computers. In fact, they all resolve to domain names of hosting providers or odd websites. Also, 66.79.168.59 (talkcontribsWHOISRDNSRBLsblock userblock log) is an open proxy of the typical kind; there may be others, I haven't checked them all yet. —Centrxtalk • 08:20, 11 November 2006 (UTC)

Then, this should still be reported to the others, but it would be a different letter. —Centrxtalk • 08:22, 11 November 2006 (UTC)
Well, maybe it would be better in this case to just report it to his home ISP. I'm pretty sure I know what that was, based on whre he was editing from before he got mad and started acting out. This has got to be a TOS violation if not illegal. Thatcher131 08:24, 11 November 2006 (UTC)

[edit] Need help

Hi, could someone please look into the account being listed as an open proxy for DNS errors for the user name User:Snowolfd4 There are 3 cases pending, WP:PAIN, WP:AN/I and now under ArbComm. Kindly help as it is pending for quite some time. Thanks Sudharsansn (talk contribs) 06:26, 23 November 2006 (UTC)

I kindly request someone to look into it. Vandalism continues in WP:NCSLC page and also other member pages and it is strongly suspected that this could provide vital clues about who is behind this series of vandal attacks. Thanks Sudharsansn (talk contribs) 12:58, 26 November 2006 (UTC)

[edit] account using an open proxy?

This doesn't quite fit the format here or at WP:RFCU, but... I notice that todays' contribs from Manticorn (talk · contribs · logs · block user · block log) include a lot of backslashing, so he's probably using a proxy. Could someone find out the IP he's using and block it as an open proxy? FreplySpang 16:01, 23 November 2006 (UTC)

I've reported this in the "Requests for IP check" section of WP:RFCU - thanks to user:pgk for sending me there. FreplySpang 16:16, 23 November 2006 (UTC)
I'm particularly amused that he's come back as 'Blancamant' to edit this page - with even more backslashes.... [3]. FreplySpang 16:36, 23 November 2006 (UTC)

[edit] wikibooks' suspected proxies

Hi... we seem to have a proxy vandal periodically hitting wikibooks, and when I check the IP talks here on wikipedia, some are already noted as proxies, some have no edits, and in one case it had no edits on the first check, but then later seems to have come and vandalized here. We're a bit understaffed, so would there be any problem with us listing these here for checking up on? --SB_Johnny|talk|books 17:22, 1 December 2006 (UTC)

  • I don't think it would a problem, but you would still need a Wikibooks admin to do the blocking so it may not save much effort.
  • FYI: You can use a free port scanner like nmap to check for open proxies.
  • In any event, talk to User talk:Pathoschild, who is involved with inter-wiki/meta matters related to open proxies.
Centrxtalk • 23:57, 5 December 2006 (UTC)

[edit]edit] ISP Proxy in the UAE

Please stop blocking IPs from the United Arab Emirates. The Regulatory Authority REQUIRES that internet connections go through the telecom providers proxy filter, so we have no legal choice in the matter. These IPs are assigned dynamically (and frequently change while connected) so if one user abuses an IP, by blocking it all that happens is that the next user on that IP is affected. Not the original spammer or abuser. I disconnected and reconnected several times to get through with an IP that is not blocked so I can edit this page. This admin appears to be particularly enthusiastic about blocking UAE based IPs with his/her name appearing several times when I attempted to edit pages...

"Your account or IP address has been blocked from editing. You were blocked by Naconkantari for the following reason (see our blocking policy):

open proxy or zombie (see WikiProject on open proxies for information) Your IP address is 195.229.241.182."

Thank you —The preceding unsigned comment was added by Localzuk (talkcontribs) 15:02, 10 December 2006 (UTC).

Comment originally added by User:195.229.241.180, moved from project page, by Localzuk. Aecis Dancing to electro-pop like a robot from 1984. 15:05, 10 December 2006 (UTC)
FWIW, I think Saudi Arabia has a national firewall also. --A. B. (talk) 20:24, 13 December 2006 (UTC)

[edit] Verified users

I am interested in becoming a verified user, and would like to know how you go about this, as it says you need to be added by a verified admin. Do I simply need to contact one of said admins, or is there another way? Thanks. ><RichardΩ612 ER 18:33, 11 December 2006 (UTC)

P.S. I am able to check proxies efficiently by crossreferencing various tools, and am able to do so quickly. I have good knowledge of IT and open proxies, DNS, etc. ><RichardΩ612 ER 19:04, 11 December 2006 (UTC)
I'm also leaning more about becoming a verified user and I imagine some other WikiProject Spam volunteers would be also.‎ For starters, do you have any material I could review? --A. B. (talk) 20:27, 13 December 2006 (UTC)
Since I just added 82 103 new candidates to your backlog, I suppose I owe some sort of payback ... --A. B. (talk) 20:28, 13 December 2006 (UTC)
Alternately, if you don't want to add me as a verified user, point me in the direction of how best to use the tools and I will try to "pre-digest" my reports to give you a higher rate of positives. --A. B. (talk) 16:24, 14 December 2006 (UTC)
It is most likely that no admins have read this yet. DarthVader 22:12, 14 December 2006 (UTC)

I'm also interested in becoming an approved user, as I maintain a number of spamtraps for spambots, most of whom may be editing through proxies. MER-C 10:19, 21 December 2006 (UTC)

Recently, the proxies have just been evaluated and dealt with by the 3 or 4 admins who have been active; it does not appear to have been active as a "project" for a few months, but it would be good to make it efficient and have a well-defined system. I am sure we can trust your honesty, but I am not sure how technical competence was verified or how it should be verified. User:Pathoschild, User:Voice of All, or User:Mackensen may have some idea. —Centrxtalk • 10:47, 21 December 2006 (UTC)

If you understand the basics for open proxies or have a good set of service/port and port scanning then you may want to talk to a verified user on IRC or something. They can give you a green light. Preferably, you should let them add your name (though I added mine after talking to Tawker). Voice-of-All 19:36, 21 December 2006 (UTC)

[edit] 69 IP address added related to Talk:John Lott vandalism

See the talk page discussion at Talk:John Lott#Only 25 out of 94 open proxies hitting NPOV section were ever blocked indefinitely.

This represents many months worth of open proxy abuse of this page. The page was finally semi-protected again this week.

I am 99% confident that ≥95% of the IP addresses I've listed are open or anonymizing proxies. A look at the talk page's edit history and a few of the diffs for anon IPs editing the NPOV section will make this clear.

I'd start with these out of the 3 batches of IP addresses I recently added:

  • 21 IP addresses flagged by Shadowbot; Completewhois excerpts at temporary user sandbox subpage
  • 13 previously warned spam anon - Completewhois data warrants closer look - open proxies
  • 69 open proxy suspects - John Lott talk page discussion

--A. B. (talk) 16:35, 14 December 2006 (UTC)

[edit] 21 address added as a batch after flagging by Shadowbot

Shadowbot warns editors that add links to sites previously identified as spammy and then reverts their addition. Not every editor it flags is a bad faith spammer.

As part of WikiProject Spam, I listed the last 250 editors warned on a temporary user subpage (User:A. B./Sandbox3) and have been analyzing the data for trends.

146 of the editors used anonymous IP addresses. I ran them through Completewhois to come up with the 21 addresses I just added.

I am not a Completewhois wiz, so I listed excerpts from the reports on that subpage in this section. I suggested you check the Completewhois excerpts first to save yourself time; you may decide some aren't worth checking after looking at the excerpts.

Thanks for your valuable work: one abusive open proxy makes a lot of work to clean up until it's blocked. --A. B. (talk) 16:48, 14 December 2006 (UTC)

[edit] Might be helpful...

List of open web proxies. 24.50.211.226 05:07, 17 December 2006 (UTC) (Nwwaew (Talk Page) (Contribs) (E-mail me) not logged in)

[edit] Automation

I've become interested in open proxies since noting that some of the more abusive spammers reported at WikiProject Spam use open proxies.

There are multiple lists of open proxy servers on the web -- I downloaded one the other day and have been working my way through the list I keep of repeat spammers and using Completewhois.

It's laborious and I'm happy to do it on an intermittent basis for a few minutes a day while I'm waiting on a boring conference call or a coffee pot. It occurs to me, however, that there might be a way to automate all or much of the process. "All" might involve dumping a list into some sort of script that would run checks, evaluate them to some criteria, and post the confirmed guilty to a block list. "Much" might consist of "predigesting" a lot of the checking process to produce a list summarizing evidence for for the listed IP addresses into tables. A verified user might then be able to click a "proxy-block" link similar to the existing standard "block" link admins use but with the added functionality that it would trigger a bot to list the IP addresses as confirmed open proxies on the open proxy list and post notices on the talk/user pages.

If this could be done, verified users potentially could process hundreds or thousands of blocks a week or month. It wouldn't stop serious spammers, vandals and attackers from continuing to abuse Wikipedia using open proxies, but it up the ante and would slow them down. They'd spend more time hassling with getting an open proxy resulting in a little less time for writing diatribes, posting spam, etc.

This also would free up volunteers here to focus on less drudgery-oriented tasks and more on overall judgment and strategy issues.

All this is just a thought. I'm not an admin, verified user or developer, just a guy that thinks the Wikipedia community has some really clever technical people who can probably figure out ways to do this without requiring a fundamental change to the Media-Wiki software. I know the use of the new spam IRC channel and the Shadowbot are increasing the productivity of the WikiProject Spam community, allowing them to look at more complex spam efforts. --A. B. (talk) 19:13, 17 December 2006 (UTC)

I agree, it seems pretty silly to me that this hasn't been automated yet as someone could easily make a bot that monitors AIV and checks reported IP's to see if they are open proxies and of course checks OP and checks if the reported IP's are open proxies. Yonatanh 20:32, 26 January 2007 (UTC)

[edit] Helping out

I'd like to help out here on WP:OP, is it possible for a regular user like me to do that? I feel like I have sufficient knowledge in this area to help out. Yonatanh 20:36, 26 January 2007 (UTC)

Go ahead and check some (3 or 4) (from the top down please), and I will check you. If know what you are doing, you can be added to the verified user list. I am not liking the prospect of going through the whole list alone, so... Prodego talk 02:28, 27 January 2007 (UTC)

I did the first 3, could you look them over? Also, how do you determine an IP to be a "possible" proxy? Yonatanh 03:08, 27 January 2007 (UTC)

A port scan revealed ports 21 and 22 were open. However, I couldn't connect, so because of the use for spamming, I consider it a possible open proxy. Ehh, wrong one. It probably is the same as the others, a proxy on a dynamic range. Prodego talk 03:15, 27 January 2007 (UTC)

[edit] Should I remove them?

I placed two requests, but now, I realised that maybe my system has bypassed the proxy connection, connecting on my regular ISP, which suggest the connection was never done on the two IP. Should I remove or leave both connections there? Fad (ix) 00:38, 10 February 2007 (UTC)

If you don't think they're open proxies after all, feel free to remove them. —{admin} Pathoschild 01:02:51, 15 February 2007 (UTC)

[edit] Help

I'd like to get involved with the project, is there any specific area I can help out in? Shadow1 (talk) 12:56, 14 February 2007 (UTC)

<threadjack>I'd like to get involved as well. So, er, same question as above.</threadjack> PTO 21:18, 14 February 2007 (UTC)
If you are adept with PHP and mySQL, the upcoming proxy database is slowly nearing completion and would benefit from a second (or third) developer.
Do you have knowledge of or experience with open proxies? In particular, do you understand the differences between anonymizing networks, open proxies, and zombie computers, and are you familiar with the necessity of proof described at WP:OP#Block? It's essential that possible open proxies not be blocked, since they'll also be blocked on all participating wikis. If you do understand all of this (or study up on it), we also need help confirming and blocking open proxies. :) —{admin} Pathoschild 01:02:11, 15 February 2007 (UTC)
Heh heh, seems like this place isn't for me... :D. Thanks for the help, though. PTO 04:38, 15 February 2007 (UTC)
You're welcome. :) —{admin} Pathoschild 05:02:08, 15 February 2007 (UTC)
I've got a fair amount of knowledge. <tangent>I run a Tor router, so I'm familiar with that aspect of open proxies.</tangent> But I've also looked at the Automation section above, and I think that I might be able to do something similar to that, provided that there is a need for it. I've also got some experience with MySQL, since Shadowbot has a MySQL database behind it. Shadow1 (talk) 13:08, 16 February 2007 (UTC)
I've verified you for the local chapter of the project. If you're interested in helping develop ProxyDB, please leave a message on my discussion page. :) —{admin} Pathoschild 02:02:47, 18 February 2007 (UTC)
Thanks, I'll take a look. Shadow1 (talk) 20:38, 19 February 2007 (UTC)

[edit] Anonymous editing sites

Hi. I have listed six IPs from anonymous proxy websites that were open and have now been blocked. Is the correct procedure to list them here (so that they can be reported to other Wikimedia projects) or do I just block them and move on with life? I took a look and most of what is talked about here seems to be geared towards zombie/hacked machines that require investigation as opposed to simple, straight forward anonymizers. Should I report such sites here or just block? --BigDT 06:11, 17 February 2007 (UTC)

Hello. It is even more important to block those, since they're easier to find and use. Please do list them here. —{admin} Pathoschild 02:02:33, 18 February 2007 (UTC)

[edit] RSS (etc) feeds?

Does anyone have a tool that's keeping an eye on feeds like the ones on http://tfcsi.info/ ? --jpgordon∇∆∇∆ 04:47, 21 February 2007 (UTC)

[edit] Which backlog tag to use?

Should we use {{Adminbacklog}} or {{Backlog}} when there is a backlog? Jesse Viviano 18:08, 27 February 2007 (UTC)

There are ways non-admins can help, but the backlog essentially requires someone with the ability to block (and anyway most people, admins or not, who would be "experienced" enough to clean up an article would have no idea what to do to check an open proxy). —Centrxtalk • 18:11, 27 February 2007 (UTC)
That is, this is a back-end task that is totally unlike anything else listed by {{backlog}}, and even if someone were competent to do it, they would need to be specifically trusted in order to be at all useful. —Centrxtalk • 18:22, 27 February 2007 (UTC)

[edit] Suggestion for a subpage

It would be nice if someone created a subpage of Wikipedia:WikiProject on open proxies to show others how to check for proxies manually (besides web-based CGI proxies, which anyone with average Joe computer smarts can check). I would like to check them, but I do not know how to scan them manually. Jesse Viviano 21:07, 8 March 2007 (UTC)


[edit] Can someone help me out?

Not listing this on the project page, because I'm not sure I understand what an open proxy is - hence plea for help. I've been plagued by a certain banned user who never edits twice from the same IP (though always from Israeli service providers). Is he simply switching computers, or is he using an open proxy? The following are IPs that have all been used to vandalise my user page in a familiar fashion:

And the following IPs were not engaged in vandalism, but were all used by the same person I suspect of being behind the vandalism (signed manually):

(The first 4 IPs contributed to pages that have since been deleted, that's why nothing shows up on the contributions page).

Said user has also employed up to 45 registered sockpuppets, but checkusers conducted to confirm this have been inconclusive (See: Wikipedia:Long term abuse/Israelbeach).--woggly 07:38, 19 March 2007 (UTC)

The first ones all appear to be normal computers. I've blocked the last 5, which are all listed in multiple blacklists as open proxies. --Michael Billington (talkcontribs) 02:13, 25 March 2007 (UTC)
Thank you!--woggly 12:08, 25 March 2007 (UTC)

[edit] Coordinated attack on my user page, please look into this

I've added these to the project page where it will hopefully be noticed (If I don't get around to checking them myself first) --Michael Billington (talk) 12:43, 31 March 2007 (UTC)