Neil Harris wrote:
Here are two final, but possibly less safe, heuristics:
- do an open proxy scan on any IP that does a page move
- do an open proxy scan on any IP that commits edits at faster than a
certain rate
Those might well put a spoke in certain determined vandals' activities.
Did I say final?
* Do an open proxy scan on any IP that blanks a page (ie reduces it in size by >80%, after blank-trimming is taken into account -- a very common form of idiot vandalism) * Do an open proxy scan on any IP that triggers the spam-detector (as link-spammers will often work their way round open proxy lists)
Those will auto-catch more categories of idiot vandals operating over open proxies, without too much added scan/complaints load.
Please critique and/or add to the list of plausible heuristics, with the general idea that it is never a bad idea to block an open proxy, but it is not good to scan every IP all the time.
-- N.