On Mar 20, 2004, at 11:29, Walter Vermeir wrote:
I have discovered there is now a robot active on I believe all Wikipedias whit the name "Proxy blocker".
It blocks automaticly all users who are using a open proxy server.
It looks like a action form the English Wikipedia.
Tim plugged this experimentally into the wiki in response to a massive spambot attack a few days ago that worked through open proxies. It's not a vigilante robot, but an automated part of the wiki that runs a check when a given IP address first makes an edit. (This should have been announced; if it wasn't, I hope Tim will remember to do so next time.)
Of course if any wikis decide they don't want this, we'll be happy to disable it for you.
I should point out that _proxies_ are not a problem, but _open proxies_ are often a serious security risk. They are usually simply misconfigured, and like open mail relays are taken advantage of by spammers and malware to disguise their attack vector. A proxy meant as a firewall but left completely open may also allow external attackers to get at internal servers which were intended to be better secured.
This is likely a violation of the blocking policy on most Wikipedias so inform your users about this and discuss it.
To trigger the Proxy Blocker go to http://www.publicproxyservers.com and use a "transparent" proxy.
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
On Mar 20, 2004, at 11:29, Walter Vermeir wrote:
I have discovered there is now a robot active on I believe all Wikipedias whit the name "Proxy blocker".
It blocks automaticly all users who are using a open proxy server.
It looks like a action form the English Wikipedia.
Tim plugged this experimentally into the wiki in response to a massive spambot attack a few days ago that worked through open proxies. It's not a vigilante robot, but an automated part of the wiki that runs a check when a given IP address first makes an edit. (This should have been announced; if it wasn't, I hope Tim will remember to do so next time.)
Of course if any wikis decide they don't want this, we'll be happy to disable it for you.
I should point out that _proxies_ are not a problem, but _open proxies_ are often a serious security risk. They are usually simply misconfigured, and like open mail relays are taken advantage of by spammers and malware to disguise their attack vector. A proxy meant as a firewall but left completely open may also allow external attackers to get at internal servers which were intended to be better secured.
A suggestion: instead of blocking auto-detected open proxies indefinitely, they should only be blocked for a limited period such as one week. This will mean that they will automatically drop out of the block list if they get fixed, but they will still only need re-testing at most once a week if not fixed. Otherwise, the block list may grow to be very long over time, making it awkward to manage, as almost all the entries on it will be permanently blocked proxies.
-- Neil
On Mar 21, 2004, at 14:03, Neil Harris wrote:
A suggestion: instead of blocking auto-detected open proxies indefinitely, they should only be blocked for a limited period such as one week. This will mean that they will automatically drop out of the block list if they get fixed, but they will still only need re-testing at most once a week if not fixed. Otherwise, the block list may grow to be very long over time, making it awkward to manage, as almost all the entries on it will be permanently blocked proxies.
Agreed; I'm quite surprised it's listed as indefinite now.
-- brion vibber (brion @ pobox.com)
Neil Harris wrote:
A suggestion: instead of blocking auto-detected open proxies indefinitely, they should only be blocked for a limited period such as one week. This will mean that they will automatically drop out of the block list if they get fixed, but they will still only need re-testing at most once a week if not fixed. Otherwise, the block list may grow to be very long over time, making it awkward to manage, as almost all the entries on it will be permanently blocked proxies.
Alternative suggestion: Keep the blocks themselves as "indefinite", but run an extra cron job in the background which goes through the list of IPs that were banned by ProxyBlocker and checks if they are still open proxies, and if not, lifts the ban.
This way, you would prevent the following from happening: Suppose someone has a list of hundreds of open proxies. They can rotate through them, have them all banned in sequence, and by the time they get to the last, the ban on the first one will have expired again.
Timwi
On Mar 21, 2004, at 20:31, Timwi wrote:
Alternative suggestion: Keep the blocks themselves as "indefinite", but run an extra cron job in the background which goes through the list of IPs that were banned by ProxyBlocker and checks if they are still open proxies, and if not, lifts the ban.
This way, you would prevent the following from happening: Suppose someone has a list of hundreds of open proxies. They can rotate through them, have them all banned in sequence, and by the time they get to the last, the ban on the first one will have expired again.
...and it's automatically blocked again when used. What's the problem?
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
On Mar 21, 2004, at 20:31, Timwi wrote:
Alternative suggestion: Keep the blocks themselves as "indefinite", but run an extra cron job in the background which goes through the list of IPs that were banned by ProxyBlocker and checks if they are still open proxies, and if not, lifts the ban.
This way, you would prevent the following from happening: Suppose someone has a list of hundreds of open proxies. They can rotate through them, have them all banned in sequence, and by the time they get to the last, the ban on the first one will have expired again.
...and it's automatically blocked again when used. What's the problem?
OK, maybe I'm not understanding quite right how this ProxyBlocker works. Does it actually scan the IP address of all contributors prior to accepting an edit? If so, doesn't that slow editing down considerably?
I thought it checked the IP later, so everyone could always make at least one edit.
Timwi
wikitech-l@lists.wikimedia.org