On Tue, Nov 22, 2011 at 7:46 AM, Tim Starling tstarling@wikimedia.org wrote:
On 22/11/11 23:34, Chad wrote:
On Tue, Nov 22, 2011 at 7:12 AM, Tim Starling tstarling@wikimedia.org wrote:
The user's IP address was a Tor exit node. I blocked the IP address in iptables, but when I found out it was an exit node, I also disabled account creation entirely, so that we could stop the vandalism by user account locks. It remains disabled for now.
I don't suppose we could block Tor indefinitely from write actions on BZ?
We can't even block Tor from write actions in MediaWiki, despite having an extension which is meant to do exactly that. See bug 30716. I haven't found any robust way to do it for Bugzilla or Apache, and we should probably fix our own software before we try patching someone else's.
I saw that bug this morning. The script that used to run on check.torproject.org seems to be available[0] but I haven't tried it yet. At a quick glance, it needs at least one or two fixes--such as loading the exit data from an HTTP request, rather than reading a file on the system. If it indeed works, it should be trivial to set this script up to run for us.
-Chad
[0] https://svn.torproject.org/svn/check/trunk/cgi-bin/TorBulkExitList.py