[WikiEN-l] X-Forwarded-For
brewhaha%40edmc.net
brewhaha at edmc.net
Mon Jan 26 01:38:12 UTC 2009
"George Herbert" <george.herbert at gmail.com> wrote in message
news:38a7bf7c0901192006p3fe2a3ft987dfeea3a11f6d0 at mail.gmail.com...
> On Sun, Jan 18, 2009 at 6:36 PM, Christopher Grant
> <chrisgrantmail at gmail.com
>> wrote:
>
>> We have bots that do that, grawp still gets through(part of the reason is
>> that these proxies need to be blocked globally or else grawp can still
>> abuse
>> SUL and TOR to create accounts and make the required 10 edits before he
>> has
>> to find an unblocked proxy on enwiki).
>> - Chris
>>
>> On Mon, Jan 19, 2009 at 11:25 AM, K. Peachey <p858snake at yahoo.com.au>
>> wrote:
>>
>> > >can continue to use unblocked proxies until we block them all. (
>> > >Blocking *all* proxies is nigh on impossible because computers get
>> > >comprimised daily... So new "open proxies" are created daily.)
>> > Maybe it would if we could hook someone like
>> > <http://www.1freeproxy.com/feed/atom/> (rss feed for just proxies) in
>> > so that they are automatically blocked, which i believe is Wikipedia's
>> > policy anyway.
>>
>
>
> Perhaps we could add a front-end proxy check to all connections from
> previously unknown IPs.
>
> If the account isn't on the known proxy users exemption list, then zap the
> IP...
I am not sure what you mean. I imajin that checkusers can construct a list
of accounts that were created from a particular IP#. If not, then that would
be a useful tool. Under dynamic IP, it would be nothing but clues that do
not go together in a reliable manner, and IP# reassignments would be a
headache for the tool designer in any case.
Or are you guessing that proxies are identifiable as such. They are not.
Start with the case of a living proxy. HTTPS is the main reliable manner of
verifying anyone's identity, and it offers a level of inconvenience to
openning accounts and ensuring the privacy of the private partner to your
public key. There is a proposed modification of protocol for HTTP,
"X-Forwarded-For". It is actually a remake of a STANDARD header that Lynx
can send, but does not send by default (AFAIK, Explorer does not support
e-mail addresses in HTTP headers). If an ISP filled out the e-mail address,
then that could work with a higher degree of authenticity, and it would hav
to be restricted to sites that hav the right to demand it, somehow. It is
something of a technical nightmare, because the software for inserting this
header is not common, and the privacy measures are another ball of string.
To demand it, we would technically be requiring all ISPs to be _active mod_
proxies. Similarly, to demand HTTPS would require certificate authorities.
[[Digital Signature]] [[Secure wikipedia]]
_______
http://ecn.ab.ca/~brewhaha/Privileged%20Information%20for%20Newbies.HTM
More information about the WikiEN-l
mailing list