As reported on wikipedia-l, zh was the subject of a large-scale automated attack. Approximately 3000 pages were deleted over the last two days. I just wanted to point out that this could have been prevented by the use of an appropriately configured proxy scanner.
Scanning for proxies may require some administrative overhead in terms of replying to automatically generated intrusion detection messages, and in obtaining an understanding from Verio and any other upstream network service providers. But it would certainly have its benefits.
Our response to this in human terms was less than ideal, but I'll post my thoughts on that to wikipedia-l.
-- Tim Starling
I will talk to my contact at our ISP, to see what can be done about allowing us to run our proxy scanner. We'd always want to keep our scans to a minimum, just to avoid lots of headaches. But my *huge* concern is that people not start firewalling us for this, that'd be very bad.
--Jimbo
Tim Starling wrote:
As reported on wikipedia-l, zh was the subject of a large-scale automated attack. Approximately 3000 pages were deleted over the last two days. I just wanted to point out that this could have been prevented by the use of an appropriately configured proxy scanner.
Scanning for proxies may require some administrative overhead in terms of replying to automatically generated intrusion detection messages, and in obtaining an understanding from Verio and any other upstream network service providers. But it would certainly have its benefits.
Our response to this in human terms was less than ideal, but I'll post my thoughts on that to wikipedia-l.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Jimmy Wales wrote:
I will talk to my contact at our ISP, to see what can be done about allowing us to run our proxy scanner. We'd always want to keep our scans to a minimum, just to avoid lots of headaches. But my *huge* concern is that people not start firewalling us for this, that'd be very bad.
--Jimbo
Hello Jimmy,
A possible solution is that your ISP directly forward such abuse requests to a mailling list like abuse@wikimedia.org . I am already willing to answer such emails (I have been an abuse engineer for a big ISPs before).
Also, all IPs assigned in north america are stored in the ARIN database, the block of our server is: http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-207-142-131-0-1
Maybe your isps could divide this block and create a new one named for example WIKIMEDIA-207.142.131.192-207.142.131.255 and list abuse@wikimedia.org as an abuse contact as well as abuse@monsterpipes.com .
cheers,
wikitech-l@lists.wikimedia.org