[Foundation-l] One week later and I am still blocked, nobody is doing a fucking thing

Tim Starling tstarling at wikimedia.org
Sun Feb 18 19:38:23 UTC 2007

Ronald Beelaard wrote:
> *** This post is intended for people with some basic technical expertise ***
> The facts:
> 1. Waerth has posted this
> http://img151.imageshack.us/img151/8069/stillblocked1cv4.jpg as "evidence".
> Everyone, at any place in the world, can find lists of open proxies that
> have been blocked on nl:w: (see
> http://nl.wikipedia.org/wiki/Categorie:Wikipedia:Open_proxies). An IP can be
> picked from those lists and any browser can be configured to use that number
> as proxy. The port is not published, but some ports could be obvious and
> after some trial and error one could find a working combination. Regardless
> the geo location of the IP tried as proxy. Make the screenshot and here you
> are.

I don't think there's any need to start on the conspiracy theories. You
blocked several True Internet proxy IPs, such as,,,,,, and

> 2. Waerth has disclosed in the Dutch village pump this list
> http://nl.wikipedia.org/wiki/Wikipedia:Lijst_van_geblokkeerde_exit_servers
> to be my source for blocking "the whole of Thailand". However, this page
> lists the exit nodes of cascaded open proxies as these are discovered by my
> scanning program and is generated automatically. Besides the blocking of
> these exit nodes is done by a bot with a standard phrase in the remark
> field. The readable text is "Open proxy - Nadere informatie". The clickable
> part brings you to: http://nl.wikipedia.org/wiki/Wikipedia:Blockreason3

Cascaded open proxies? Do you mean to say that you are blocking these
secure ISP proxies because there is an open proxy behind them, on a
customer computer?

> 3. The screenshot above is NOT the result of being blocked by one of the
> exit nodes as referred to in 2 (btw a similar mechanism is used when
> auto-blocking TOR exit nodes, obviously with slightly different text), but
> the result of a manual block of a (normal) open proxy. Such type of open
> proxies are only blocked in the case of noticed vandalism of any kind.

We often see vandalism from shared IPs. That's why we have the trusted XFF

> 4. From a mail sent this morning by Waerth to various people, I have derived
> the originating IP. This IP is currently not and has never been blocked in
> the past (except maybe autoblocks). Some weeks ago I've spent considerable
> time to figure out what IP's could possibly be used by Waerth's provider as
> a cache. One such IP has been unblocked then as a precaution, although it
> was very unlikely this one could be the source of any trouble.

He's accessing the web through a load-balanced cluster of HTTP proxies. It
should be obvious that whatever IP address you see on mail is not going to
be the same as the one you see on Wikipedia, unless the XFF list is
properly configured.

Please read http://meta.wikimedia.org/wiki/XFF_project if you haven't done
so already.

-- Tim Starling

More information about the foundation-l mailing list