I've noticed increasing levels of vandalism via anonymizing proxies. We
turned off the automatic proxy-scanning some time ago because of
complaints by the clue-deficient who saw this as potential attacks.
However, it might be a good idea to do the following:
* whenever an admin _blocks_ a user, the IP they were editing from
should be automatically proxy-scanned, and blocked indefinitely if it is
an open proxy (_in addition to_ the username/IP block that would have
By restricting proxy scans to proven vandals, this will reduce the rate
of proxy scans to a few dozen a day (from tens of thousands before), and
result in a proportionately trivial level of complaints which can safely
be auto-replied or ignored. It will also allow the reply to be very
clear: "we detected abuse from your user, verified that it was coming
from an unsecured proxy on your network, and took appropriate action".
99% of the code for this already exists, so it should be trivial to put
in place -- however, I'm aware that our heroic developers are somewhat