Tim Starling wrote:
The proxy blocker works by attempting to send a proxied request for Special:Blockme via the target computer. Special:Blockme will block the address if the originating IP matches the IP in the query string.
Isn't this really quite insecure? You've already mentioned the problem that someone can thus block someone else by tricking them into viewing a page with an embedded image. Another insecurity is that anyone can block a shared computer.
My suggestion would be to have the Proxy Prober (I'll call it that for lack of an established term) send not just the to-be-blocked IP address, but also the entire ban-reason string through the proxy. This means that someone would have to fake the reason string, or else sysops will be able to unblock them easily.
Another thing I would like to suggest, and I've actually suggested that before, is that the reason string should include the port number, so that any sysop can check if the IP is still an open proxy.
Thanks, Timwi