On Sun, Jun 8, 2008 at 4:26 PM, Platonides Platonides@gmail.com wrote:
As for doing it for any open proxy, if you know how to do it, please share it. I think it was proposed a long time ago to automatically scan for open proxys. Don't know it if was really done, but it's certainly impossible to do now.
You just do a portscan. It's fairly straightforward. (Also not *totally* reliable, but what is in life?) Wikimedia could then maintain its own DNSBL, if it were feeling nice. Each view would trigger a portscan on that IP, although no more than once every X days. Any hit would be added to a table of proxies that would be checked on edits, etc.
This would happen asynchronously, because portscans take time. That's not really a problem effectiveness-wise; even on a fresh hit, at most one quick edit should be able to get through before the IP gets blocked.
This would all require a substantial amount of server setup, and would be considerably more complicated than just writing an extension. Probably the web servers are firewalled such that they can't portscan, and even if not, people's firewalls would freak out and block them. (Although that might not matter, since the actual traffic goes through the Squids. Doesn't really matter if the Apaches get blocked.)
Of course, you could also use an existing DNSBL, but those aren't necessarily reliable. An in-house solution might be a better idea here.
enwikipedists are too blockist...
Which says to me that vandalism handling needs to be made easier.