Hello,
I want to discuss a problem that we face on CS Wikipedia. There is relatively frequent abuse of sockpuppets, especially for ban elusion. It is also a subject of currently running arbitration case on cswiki between me (sysop) and a vandal that creates hundreds user accounts and (aside to useful edits!) disrupts Wikipedia various ways. It is such an extensive phenomenon that editors often feel sneaking suspicion against almost all newbies. That's very bad for a wiki project. There is a common rule, that all rules and sanctions apply to *persons* and not user accounts.
However, it's often very difficult to reliably identify the person on the other end of the wire, when the persons makes some steps to hide. One way to improve the identification is the new CheckUser interface that we extensively use. God bless developers for that. However, it has no effect when the user hides behind an open proxy server. That leads us to the rule that forbids using open proxy for editing and allows sysops to block such IPs permanently. So much to the reasons why we need to proceed mass IP blocking. Now lets consider how could we do it.
According to several publicly available lists, there are about 20 (maybe 30) thousands such IP addresses. We have about 15 sysops. Not all sysops are active, not all are interested in this issue, not all have enough technical skills. This means that some sysop(s) has to perform thousands of IP blocks. More on that, consider that the sysop should examine each such address whether it is open on some port or not. It is a time-consuming and traffic-generating operation which is considered abusive by some providers. These are the reasons why we decided to use a robot to do the job quickly and not to check each address. It simply reads given lists from web, compares them to special:ipblocklist and blocks the rest.
Initially I developed and run the robot under my sysop account. It blocked about 500 IPs per night. The blocks were time limited (random interval) since there was no real check that the address is open. So if some proxy would close and disappear from the lists, the block would automatically expire. If not, the next run of the robot would block it again. Later we have improved it by creating a special account for the robot and setting him bot and sysop flags. That hided the blocks from RC page and that allowed us to use the robot through all day, not only at night when nobody edits. The same thing we did succesfully on cs Wikisource. http://cs.wikipedia.org/wiki/Wikipedie:N%C3%A1st%C4%9Bnka_spr%C3%A1vc%C5%AF/... http://cs.wikipedia.org/wiki/Wikipedista:Proxybot (pages in Czech)
We are sure that it made the vandal's life more difficult. That was our goal. Some of the IP checks on sockpuppets shown open proxy addresses that were blocked closely before the checks. Well done.
However, it has some disadvantages.
1) The biggest one is that setting the bot flag cleans the RC page but doesn't clean the block logs. The robot messes them up so much that they become nearly unusable.
2) So many blocked IPs lead to harder server-side checks performed on each edit of the wiki.
3) Some "innocent" IPs may get blocked.
4) The bot and sysop flag should not be combined. It's probably only a bug in MediaWiki that allowed us to do it. When you try to set bot flag to sysop account, the software objects. When you do it in reverse order (first the bot flag, than sysop) it succeeds. See http://cs.wikisource.org/wiki/Special:Listusers/bot that it is possible.
5) Time-limited blocks lead to repeating the same actions and in long time scale it requires hundereds of block each night. This can be avoided by infinite blocks.
In april, Anthere removed the sysop flag from Proxybot on cswiki. http://meta.wikimedia.org/wiki/Requests_for_permissions/Archive_2006/May#Des... I stoped it immediately, today it is not running even on Wikisource. Most of the IPs are blocked, some others get blocked indefinitely by a sysop's hand from time to time. But most of them are blocked for a finite period. http://cs.wikipedia.org/wiki/Special:Ipblocklist
Currently, the problems with vandals continue, but we are able to manage them. What we're afraid of is the time when the blocks expire. Let's find a better solution. For example integrating a list of open proxies directly into the Wikimedia servers instead of blocking by sysops would be a way to deal with it.
Thanks for any advice!