Neil Harris wrote:
And, just to link several discussion threads together, how about a nice hook routine, set_BOPM_candidate(), that could be called from various places in the code to mark an IP as eligible for a BOPM scan?
How about an offline script that anyone can run to check IPs for being an open proxy? That way it's not Wikimedia's responsibility because the "portscans" will be coming from Wikimedians' own home computers.
A failed BOPM scan would then apply only a _short term_ IP block to the open proxy: perhaps a week
I don't like this because then vandals only need enough proxies to fill a week, and then they can re-use the old ones because the blocks will expire.
Instead, I think they should be blocked indefinitely, but anyone wishing to edit from such an IP should get a sensible message about the open-proxy problem and NOT a screen telling them they're "blocked".
Timwi