On Sun, Jun 8, 2008 at 4:26 PM, Platonides <Platonides(a)gmail.com> wrote:
As for doing it for any open proxy, if you know how to
do it, please
share it. I think it was proposed a long time ago to automatically scan
for open proxys. Don't know it if was really done, but it's certainly
impossible to do now.
You just do a portscan. It's fairly straightforward. (Also not
*totally* reliable, but what is in life?) Wikimedia could then
maintain its own DNSBL, if it were feeling nice. Each view would
trigger a portscan on that IP, although no more than once every X
days. Any hit would be added to a table of proxies that would be
checked on edits, etc.
This would happen asynchronously, because portscans take time. That's
not really a problem effectiveness-wise; even on a fresh hit, at most
one quick edit should be able to get through before the IP gets
blocked.
This would all require a substantial amount of server setup, and would
be considerably more complicated than just writing an extension.
Probably the web servers are firewalled such that they can't portscan,
and even if not, people's firewalls would freak out and block them.
(Although that might not matter, since the actual traffic goes through
the Squids. Doesn't really matter if the Apaches get blocked.)
Of course, you could also use an existing DNSBL, but those aren't
necessarily reliable. An in-house solution might be a better idea
here.
enwikipedists are too blockist...
Which says to me that vandalism handling needs to be made easier.