freakofnurture wrote:
On 3/22/06, Wwwwolf wrote:
All right, so my guess is there's some Bloody Idiot in the neighborhood who runs a Tor node, 80/tcp traffic comes out of that host and gets intercepted and forwarded by the ISP's proxy (that *every* customer is forced to use, I remind you again).
In other words, the blocked IP is, in my educated guess, *not* the Tor node. It just unwittingly hides a Tor node behind it.
This sounds quite plausible. I've encountered a similar situation with 213.42.2.11 and 213.42.2.21, which are proxies used by a large ISP in the United Arab Emirates. Some customer of that ISP apparently has a proxy trojan on their computer, and so we keep getting open proxy vandalism from those IPs, which can't be blocked without major collateral damage.
I believe MediaWiki does have a list of "known" proxies that can be trusted to supply a valid X-Forwarded-For header. As the whois records for 213.216.199.14 seem legit, and the proxy appears to provide the necessary headers, I personally see no reason not to add it to the list.