Ilmari Karonen wrote:
Ilmari Karonen wrote:
Actually, [[MediaWiki:Blockiptext]] is probably one place where this also ought to be advertised.
...done. Improvements welcome.
Should there be some specific place where admins can report ISP proxies so that a developer can check them, with a list of proxies that have already been checked and found wanting?
May I suggest http://meta.wikimedia.org/wiki/Talk:XFF_project ?
An admin doing vandal blocking generally can't tell if a proxy provides XFF headers or not, but I understand that the headers are logged in the database where developers (and those with CheckUser privs?) can access them.
You need either shell access or cooperation from someone behind the proxy. Only a single IP is recorded in the database, that's what Special:CheckUser gives access to. The entire XFF header for each POST request is stored in a text format log on NFS, that's what developers need to check.
Note that the log might not tell you the difference between fradulent XFF headers and real ones. For that I mostly rely on reverse DNS. I also use DNS to list proxies which have never made an edit to Wikipedia, and IP addresses reserved by the ISP for proxies that don't exist yet.
The method can be summarised as follows:
1) Find a proxy IP. I've done this in two ways: by user reports and searching IPs marked {{SharedIP}} on en. 2) Do reverse DNS. If it looks like a proxy, continue, otherwise stop. 3) If the hostname contains a number (e.g. bbcache-8.singnet.com.sg), change it until you find the edges of the range. 4) Search the XFF log. a) If the proxy is forwarding for private addresses, add the range to [[/RFC 1918]]. b) If the proxy is not giving XFF headers, send them an email asking them to change their configuration. c) If the proxy is giving valid XFF headers, add the range to the list.
-- Tim Starling