David Gerard wrote:
Neil Harris (usenet@tonal.clara.co.uk) [050121 22:55]:
I've noticed increasing levels of vandalism via anonymizing proxies. We turned off the automatic proxy-scanning some time ago because of complaints by the clue-deficient who saw this as potential attacks. However, it might be a good idea to do the following:
- whenever an admin _blocks_ a user, the IP they were editing from
should be automatically proxy-scanned, and blocked indefinitely if it is an open proxy (_in addition to_ the username/IP block that would have been applied) By restricting proxy scans to proven vandals, this will reduce the rate of proxy scans to a few dozen a day (from tens of thousands before), and result in a proportionately trivial level of complaints which can safely be auto-replied or ignored. It will also allow the reply to be very clear: "we detected abuse from your user, verified that it was coming from an unsecured proxy on your network, and took appropriate action".
Oh, yes *please*!
- d.
And I've just realized that this will also have another advantage: legitimate policy-compliant users using open proxies (for whatever reason) won't get automatically banned: they will still be able to edit, so we default to being permissive. The moment that proxy is used for abuse, though, that's another open proxy blocked for good.
More possible heuristics: scan editing IPs for open proxies if the page they are editing has been protected in the recent past, or if the admin revert function has recently been used on that page. This will catch proxy-hopping users who engage in edit wars (Israel/Palestine, Fascism, GW Bush...), but again only add a very small number of scans to the overall total.
As in earlier proposals, we can add a recent-scans record, so an IP won't be scanned more than say once a day, no matter what happens.
-- N.