Neil Harris wrote: (re proxy-scanning on demand)
And I've just realized that this will also have another advantage:
legitimate policy-compliant users using open proxies (for whatever
reason) won't get automatically banned: they will still be able to
edit, so we default to being permissive. The moment that proxy is used
for abuse, though, that's another open proxy blocked for good.
More possible heuristics: scan editing IPs for open proxies if the
page they are editing has been protected in the recent past, or if the
admin revert function has recently been used on that page. This will
catch proxy-hopping users who engage in edit wars (Israel/Palestine,
Fascism, GW Bush...), but again only add a very small number of scans
to the overall total.
As in earlier proposals, we can add a recent-scans record, so an IP
won't be scanned more than say once a day, no matter what happens.
Here are two final, but possibly less safe, heuristics:
* do an open proxy scan on any IP that does a page move
* do an open proxy scan on any IP that commits edits at faster than a
Those might well put a spoke in certain determined vandals' activities.