Dear fellow list subscribers,
li: is in very great danger. We are only three, and we have to cope with an apparently intelligent an extremely aggressive vandal, who contantly changes his IP addresses and contantly comes up emptiing pages. He simply wants our project to be completely destroyed! And I'm not kidding.
We must take an emergency measure: block ALL open proxies. Only that can prevent the guy from constantly returning and practicing his infamous deeds. But we don't know for heaven's sake how to do that. If anyone of you does, could s/he PLEASE tell me as soon as possible how?
With desparate regards, Wouter
_________________________________________________________________ Nieuw: Beeld en geluid met MSN Messenger 7.0 http://messenger.msn.nl/
Wouter Steenbeek wrote:
We must take an emergency measure: block ALL open proxies. Only that can prevent the guy from constantly returning and practicing his infamous deeds. But we don't know for heaven's sake how to do that.
I'm sure that any lists of open proxies he has available, will be available to you. Try to Google for them and block all their IPs.
Unfortunately, that's all the advice I can give. I'd hate to see an active project go to waste because Wikimedia folk are too slow to react, or because the software doesn't have adequate tools to fight organised vandalism. How many active vandals does it take for a smaller Wikipedia to receive attention and assistance? :/
Timwi
Timwi wrote:
Wouter Steenbeek wrote:
We must take an emergency measure: block ALL open proxies. Only that can prevent the guy from constantly returning and practicing his infamous deeds. But we don't know for heaven's sake how to do that.
I'm sure that any lists of open proxies he has available, will be available to you. Try to Google for them and block all their IPs.
Unfortunately, that's all the advice I can give. I'd hate to see an active project go to waste because Wikimedia folk are too slow to react, or because the software doesn't have adequate tools to fight organised vandalism. How many active vandals does it take for a smaller Wikipedia to receive attention and assistance? :/
Cough ..... There are wikimedians whose provider forces them behind an open proxy and who do not have the financial means to change provider.
Me
Waerth/Walter
Yes, but when a relatively small project such as li: is forced to choose between denying access to a group of potential contributors and saving itself from complete chaos at the hands of a maniacal vandal, the logical choice is to ban (at least temporarily) all proxies.
My personal suggestion is to ban ALL IPs except those of known legitimate contributors for a period of perhaps 1 month. After this, unban them and see if anything happens.
Mark
On 23/05/05, Walter van Kalken walter@vankalken.net wrote:
Timwi wrote:
Wouter Steenbeek wrote:
We must take an emergency measure: block ALL open proxies. Only that can prevent the guy from constantly returning and practicing his infamous deeds. But we don't know for heaven's sake how to do that.
I'm sure that any lists of open proxies he has available, will be available to you. Try to Google for them and block all their IPs.
Unfortunately, that's all the advice I can give. I'd hate to see an active project go to waste because Wikimedia folk are too slow to react, or because the software doesn't have adequate tools to fight organised vandalism. How many active vandals does it take for a smaller Wikipedia to receive attention and assistance? :/
Cough ..... There are wikimedians whose provider forces them behind an open proxy and who do not have the financial means to change provider.
Me
Waerth/Walter _______________________________________________ Wikipedia-l mailing list Wikipedia-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikipedia-l
Timwi wrote:
Walter van Kalken wrote:
Cough ..... There are wikimedians whose provider forces them behind an open proxy and who do not have the financial means to change provider.
What are these providers? I'm sure Wikimedia can exert some pressure to get them to make the proxies less open.
Brion regularly sends complaint letters to apparently relevant parties. The success rate is not very confidence-inspiring.
A significant number of providers *just don't care*.
--Jimbo
On 6/4/05, Jimmy Wales jwales@wikia.com wrote:
Brion regularly sends complaint letters to apparently relevant parties. The success rate is not very confidence-inspiring.
A significant number of providers *just don't care*.
This cuts both ways. Mindspillage and I edit from a roadrunner cable modem a lot of the time, and a few months ago we received an IP listed in one of the openproxy lists.
This kept me from logging into a couple of IRC networks from home, but it wasn't a huge inconvenience to me because I could just ssh into something elsewhere on the internet.
It had been listed almost a year before we'd received the address, and of course we are not running an open proxy. The requirement from the open proxy list to be delisted was for someone authoritative for the netblock to contact them, so they ignored all contact from me. Even after I ran into an engineer from my upstream at NANOG I was unable to get them to send a darn email. ... Eventually we got a new IP and the problem was gone.
Had we been joe random, unable to just come from another IP, and had wikipedia been using that open relay list you very likely would have lost a contributor.
I think we must ultimately accept that blocking can not exclude someone from our community, and that is it not desirable to use it as a punitive measure, and only somewhat effective as a technical measure. Jumping through huge hoops to close every loophole will, ultimately, be as futile as a vandal trying to keep his bad edits in... and likely to cause lots of harm to others.
Gregory Maxwell (gmaxwell@gmail.com) [050605 07:37]:
I think we must ultimately accept that blocking can not exclude someone from our community, and that is it not desirable to use it as a punitive measure, and only somewhat effective as a technical measure. Jumping through huge hoops to close every loophole will, ultimately, be as futile as a vandal trying to keep his bad edits in... and likely to cause lots of harm to others.
Yeah. We can ban people for ten lifetimes of the Universe, but, basically, it's just not technically possible to keep someone from editing Wikipedia if they *really want to*. All we can do is keep them from wreaking damage until they get bored.
- d.
Jimmy Wales wrote:
Brion regularly sends complaint letters to apparently relevant parties. The success rate is not very confidence-inspiring. A significant number of providers *just don't care*.
Then make them care. Hack something into MediaWiki that allows us to display a pre-set message to non-logged-in users with certain IPs or within certain IP ranges. Use that to encourage users who are forced behind an open proxy to switch provider, implicitly mumbling something about their management. Keep telling the providers that we're actively doing this to their users. When they start losing customers, they will start caring.
Timwi
On 6/4/05, Timwi timwi@gmx.net wrote:
Then make them care. Hack something into MediaWiki that allows us to display a pre-set message to non-logged-in users with certain IPs or within certain IP ranges. Use that to encourage users who are forced behind an open proxy to switch provider, implicitly mumbling something about their management. Keep telling the providers that we're actively doing this to their users. When they start losing customers, they will start caring.
It's pretty arrogant to think that providers will actually lose customers due to this, it's far more likely that we'll lose users and editors.
Even in the case that a customer would be annoyed enough at the provider (rather than us), there are many people who don't have a choice.
On 04/06/05, Gregory Maxwell gmaxwell@gmail.com wrote:
On 6/4/05, Timwi timwi@gmx.net wrote:
Then make them care. Hack something into MediaWiki that allows us to display a pre-set message to non-logged-in users with certain IPs or within certain IP ranges. Use that to encourage users who are forced behind an open proxy to switch provider, implicitly mumbling something about their management. Keep telling the providers that we're actively doing this to their users. When they start losing customers, they will start caring.
It's pretty arrogant to think that providers will actually lose customers due to this, it's far more likely that we'll lose users and editors.
Even in the case that a customer would be annoyed enough at the provider (rather than us), there are many people who don't have a choice. _______________________________________________ Wikipedia-l mailing list Wikipedia-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikipedia-l
Oh crap. Sorry for sending an empty message.
Anyhow.
While what you say is true, do you believe that it's a nessecary sacrifice in emergency situations?
Mark
On 04/06/05, Mark Williamson node.ue@gmail.com wrote:
On 04/06/05, Gregory Maxwell gmaxwell@gmail.com wrote:
On 6/4/05, Timwi timwi@gmx.net wrote:
Then make them care. Hack something into MediaWiki that allows us to display a pre-set message to non-logged-in users with certain IPs or within certain IP ranges. Use that to encourage users who are forced behind an open proxy to switch provider, implicitly mumbling something about their management. Keep telling the providers that we're actively doing this to their users. When they start losing customers, they will start caring.
It's pretty arrogant to think that providers will actually lose customers due to this, it's far more likely that we'll lose users and editors.
Even in the case that a customer would be annoyed enough at the provider (rather than us), there are many people who don't have a choice. _______________________________________________ Wikipedia-l mailing list Wikipedia-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikipedia-l
-- SI HOC LEGERE SCIS NIMIVM ERVDITIONIS HABES QVANTVM MATERIAE MATERIETVR MARMOTA MONAX SI MARMOTA MONAX MATERIAM POSSIT MATERIARI ESTNE VOLVMEN IN TOGA AN SOLVM TIBI LIBET ME VIDERE
On 6/4/05, Mark Williamson node.ue@gmail.com wrote:
Oh crap. Sorry for sending an empty message. Anyhow. While what you say is true, do you believe that it's a nessecary sacrifice in emergency situations? Mark
Agreed, but we should acknowledge the risks brought on by our haste by using temporary blocks, and demonstrate our attempts at fairness and good faith by leaving a note on the talk page.
For users which we don't expect to change between many addresses we could do longish blocks, say 6months. For users who can obviously change among many IPs, we should short blocks, ideally no longer than 48 hours.
I think that depends on the Wikipedia.
48 hours is always ideal, but if it's a vandalbot on a small Wikipedia (as is the case at li:), a period of a few weeks is better.
Mark
On 04/06/05, Gregory Maxwell gmaxwell@gmail.com wrote:
On 6/4/05, Mark Williamson node.ue@gmail.com wrote:
Oh crap. Sorry for sending an empty message. Anyhow. While what you say is true, do you believe that it's a nessecary sacrifice in emergency situations? Mark
Agreed, but we should acknowledge the risks brought on by our haste by using temporary blocks, and demonstrate our attempts at fairness and good faith by leaving a note on the talk page.
For users which we don't expect to change between many addresses we could do longish blocks, say 6months. For users who can obviously change among many IPs, we should short blocks, ideally no longer than 48 hours.
It's pretty arrogant to think that providers will actually lose customers due to this, it's far more likely that we'll lose users and editors.
Even in the case that a customer would be annoyed enough at the provider (rather than us), there are many people who don't have a choice. ___________________________
Like in my case. Switching provider would cost me my combinationcontract through which I get mobele phone, landline and internet combined with a good discount. I wouldn't be able to pay for all 3 if I had to pay seperate. There are more people like me in that situation
Waerth/Walter
*disclaimer* Sorry for bringing it up time and time and time again.
Timwi wrote:
Then make them care. Hack something into MediaWiki that allows us to display a pre-set message to non-logged-in users with certain IPs or within certain IP ranges. Use that to encourage users who are forced behind an open proxy to switch provider, implicitly mumbling something about their management. Keep telling the providers that we're actively doing this to their users. When they start losing customers, they will start caring.
In some cases they might, but don't assume a free market exists everywhere. In many cases the *reason* the provider doesn't care is that they have a *monopoly* and customers have no choice about it. Talk to Waerth in Thailand about this problem, he's quite eloquent in explaining it.
--Jimbo
In some cases they might, but don't assume a free market exists everywhere. In many cases the *reason* the provider doesn't care is that they have a *monopoly* and customers have no choice about it. Talk to Waerth in Thailand about this problem, he's quite eloquent in explaining it.
Huh who me ......... ;) Anyway, related question: anyone has a reliable SMTP server that actually sends all your mail out instead of missing 10 - 20% ???
Waerth / Walter van Kalken in Bangkok, Thailand
"Walter van Kalken" walter@vankalken.net wrote in message news:42A50775.9010101@vankalken.net... [snip]
Huh who me ......... ;) Anyway, related question: anyone has a reliable SMTP server that actually sends all your mail out instead of missing 10 - 20% ???
Platform? I'll assume as a good Wikipedian youre after free software?
"Walter van Kalken" walter@vankalken.net wrote in message news:42928814.2020301@vankalken.net...
Timwi wrote:
[snip]
Cough ..... There are wikimedians whose provider forces them behind an open proxy and who do not have the financial means to change provider. Me
Does blocking an open proxy stop logged-in users as well?
Sounds like a bug to me: surely this isn't how it's **meant** to happen?
Phil Boswell (phil.boswell@gmail.com) [050525 23:02]:
"Walter van Kalken" walter@vankalken.net wrote in message news:42928814.2020301@vankalken.net...
Cough ..... There are wikimedians whose provider forces them behind an open proxy and who do not have the financial means to change provider.
Does blocking an open proxy stop logged-in users as well? Sounds like a bug to me: surely this isn't how it's **meant** to happen?
http://bugzilla.wikimedia.org/show_bug.cgi?id=550
Everyone thinks it's a good idea - get coding!
- d.
Phil Boswell wrote:
Does blocking an open proxy stop logged-in users as well?
Sounds like a bug to me: surely this isn't how it's **meant** to happen?
You *do* realize it's trivial to create an account, and that not blocking logins would completely nullify any benefit of blocking the IP, right?
-- brion vibber (brion @ pobox.com)
"Brion Vibber" wrote in message news:4294D865.4050108@pobox.com...
Phil Boswell wrote:
Does blocking an open proxy stop logged-in users as well?
Sounds like a bug to me: surely this isn't how it's **meant** to happen?
You *do* realize it's trivial to create an account, and that not blocking logins would completely nullify any benefit of blocking the IP, right?
Not exactly: it would transform the problem of an anonymous user hitting-and-running through what I presume would be a series of IP addresses into the different problem of a logged-in user who can be blocked individually.
OK, so they could create a whole load of them, but in the meantime the well-behaved users using that range of IP addresses would still be able to gain access to the wiki. And the process of detecting sock-puppets and blocking them is well-known...a pain-in-the-fundament but well-known.
Maybe there could be some sort of alarm when a new account is created through an IP address known to be a problem?
Is there a log of new accounts? Is it possible for someone **somewhere** to note which IP address was used to create an account?
SideNote: I just looked at [[en:Special:Listusers]]. The first 15 entries have names which the wiki apparently can't parse since they just show as "User:" with no linking. From there up to #225 the names begin with punctuation and several are IMNSHO clear candidates for WP:RFC (I'm not alone, the first one I checked has been blocked :-). Are there tools for clearing this sort of thing up? Also, this page would be more useful if it listed, for example, first edit and most recent edit...possibly "blocked" status also. Are these data which would be available if someone yelled "write it yourself" at me?
Wouter Steenbeek wrote:
Dear fellow list subscribers,
li: is in very great danger. We are only three, and we have to cope with an apparently intelligent an extremely aggressive vandal, who contantly changes his IP addresses and contantly comes up emptiing pages. He simply wants our project to be completely destroyed! And I'm not kidding.
We must take an emergency measure: block ALL open proxies.
As I understand it, we are using the SORBS proxy blacklist service to block all open proxies, except on zh.* and th.*
-- brion vibber (brion @ pobox.com)
Wouter Steenbeek wrote:
Dear fellow list subscribers,
li: is in very great danger. We are only three, and we have to cope with an apparently intelligent an extremely aggressive vandal, who contantly changes his IP addresses and contantly comes up emptiing pages. He simply wants our project to be completely destroyed! And I'm not kidding.
Suggestion
Since all of you guys seem to have modrights why not protect all pages for a couple of days, you guys can still edit but he can't :)
Walter/Waerth
Walter van Kalken wrote:
Suggestion
Since all of you guys seem to have modrights why not protect all pages for a couple of days, you guys can still edit but he can't :)
And nor can any new contributors. The small Wikipedias need all the growth they can get! :/
(and the software needs a "revert all this user's edits and ban them" feature mumble mumble)
wikipedia-l@lists.wikimedia.org