On 7/2/05, Timwi timwi@gmx.net wrote:
Why are we blindly using this SORBS list if it is that bad? It is trivial to check if a certain IP-address/port combination is still an open proxy, so when someone edits from that IP, just check it and unban it if it isn't...?
Well my impression was that SORBS was designed to be used by email servers... where it really isn't acceptable to stall the pipeline to make a test... and in that role it is fairly acceptable: I'd use it to add some spam assassin points but not block outright.
It's not like testing is all love and flowers.. generally if you run your own tester you can expect a fair number of angry emails as your probes trigger off peoples stupid personal firewalls. Perhaps that would be mitigated if we only executed that test if someone failed the SORBS list... a quick freshmeat search yields a half dozen proxy testers that we could use.
If we added the proxy tester for sorbs we could also address another problem. Right now when an admin believes (i.e. not necessarily backed up with anything measured beyond editing pattern) that an IP address is an open proxy, we are implementing indefinite blocks in many cases. We could provide our users with the proxy check tool to have a lot more confidence that it really is an open proxy and It would be nice if rather than blocking the user we placed them on our own 'sorbs list'... where they would be tested when they try to edit.
As it stands right now, there are addresses blocked from open proxies.. but eventually those addresses will belong to someone else, and when they try to edit wikipedia they will be told to contact an admin who might not even be active in our community a year from now.