User talk:ST47

Thursday

13

February
2025

07:46 UTC

Archives

0x00

0|1|2|3|4|5|6|7

8|9|A|B|C|D|E|F

0x10

0|1|2|3|4

My Talk Page

My Contributions

♥ẽ

Wikipedia block

you have blocked my IP from editing on English Wikipedia because of an open proxy, however I have acquired global IP block exempt status, but your block overwrites it, but only sometimes so I would like a local exception as well so I can edit at all times PharaohCrab (talk) 18:37, 4 February 2025 (UTC)[reply]

Administrators' newsletter – February 2025

News and updates for administrators from the past month (January 2025).

Administrator changes

Euryalus

CheckUser changes

Oversighter changes

Technical news

Administrators can now nuke pages created by a user or IP address from the last 90 days, up from the initial 30 days. T380846
A 'Recreated' tag will now be added to pages that were created with the same title as a page which was previously deleted and it can be used as a filter in Special:RecentChanges and Special:NewPages. T56145

Arbitration

The arbitration case Palestine-Israel articles 5 has been closed.

Sent by MediaWiki message delivery (talk) 15:28, 5 February 2025 (UTC)[reply]

The Signpost: 7 February 2025

Recent research: GPT-4 writes better edit summaries than human Wikipedians

News and notes: Let's talk!

Opinion: Fathoms Below, but over the moon

In the media: Wikipedia is an extension of legacy media propaganda, says Elon Musk

Community view: 24th Wikipedia Day in New York City

Arbitration report: Palestine-Israel articles 5 has closed

Traffic report: A wild drive

* Read this Signpost in full * Single-page * Unsubscribe * Sent manually via MediaWiki message delivery (talk) 05:46, 7 February 2025 (UTC)[reply]

Proxies and blocks

Hi! I'm trying to do some research involving enwiki block logs. Proxy blocks were, of course, a large percentage of overall blocks, and then they suddenly dropped off last spring. I hear from Izno that this was because your bot, which had been doing a lot of these blocks, turned off. Total blocks went from about a half million per month to about 11,000.

I'm just trying to get a handle on the story behind the bot -- why you created it, how it worked (in basic terms), where the lists of proxies came from, where I might find some relevant discussions about it (like about preemptively blocking proxy IPs), and why you shut it down.

Also a courtesy ping to Slakr who looks to have run a similar bot until 2020.

Much appreciated! — Rhododendrites ^talk \\ 03:52, 10 February 2025 (UTC)[reply]

@Rhododendrites: So while I can't speak for ST47's bot, mine went offline when the server it was on was abruptly yoinked by the dedicated-hosting provider as part of decommissioning a datacenter. Unfortunately I was given little warning and sorta just postponed setting it all back up due to other stresses (and depression) happening in life. When nobody burned down my talk page with urgency, and then when I heard someone else took up the task, I deprioritized it and shelved it, as real-life priorities were of greater importance to me.

As for its genesis in the first place, it arose from a side-wide, constant, difficult-and-time-consuming-to-cleanup, proxy-hopping series of massive vandalism attacks that started a month or so prior to its official BRFA (when it was just me stopping the hemorrhage ASAP by blocking via my account in true WP:IAR fashion). I surmised the troublemakers weren't, themselves, mass-scanning the internet for proxies just to vandalize Wikipedia—that would take a modicum of talent, skill, and/or effort, which usually leads someone away from that path in the first place—and instead they must have been finding proxy lists that were publicly posted and scraping them. So I automated finding those lists preemptively (and dangerously better, bypassing all of those sites' countermeasures to prevent that), while also confirming anything blocked was actually usable at the same time, thereby ensuring the right entry IP and port information was stored in the block messages for admins to later check and verify unblock requests, should the proxy later close and someone be affected by a stale block (which was rare, given initial block durations).

This stopped the attack dead in its tracks, and the rest is history.

With any luck, it's not currently needed at the moment or there's another solution in place, but I do stand at the ready to spin it all back up if ever it recurs and/or if the existing solutions are insufficient for other reasons (e.g., stopping that method of attack had the spillover benefit of also stopping a lot of low-investment sockpuppetry). It's, at worst, a day of work, and I actually do have some spare time now.

So lemme know if that's ever the case via email, talk page, maybe even people like Reedy (who might still know how to contact me via alternate means :P); flood all of them, if you want. I'm not as active as I used to be, but I will 100% drop everything to respond to any emergency like that again, happily.

Cheers =) --slakr^\ talk / 02:27, 11 February 2025 (UTC)[reply]

Thanks, Slakr. I'm trying to wrap my head around the implications for stopping preemptive blocking. Are the lists of proxies still somehow integrated so that, for example, an edit filter might flag if the IP a known proxy? Would we expect to see a surge in vandalism (and vandalism blocks) that would've been preempted? Is it possible we'd see a larger number of people editing while circumventing censorship? Are these efforts helped or hampered by the various project the foundation has cooking regarding anonymity? — Rhododendrites ^talk \\ 15:34, 12 February 2025 (UTC)[reply]

@Rhododendrites: I created it because we have seen a persistent pattern of our most sophisticated LTAs (including those who are the most damaging in terms of harassing and stalking contributors) using open proxies to essentially ignore blocks. It worked using a combination of web scraping, port scanning, attempting to access the Wikipedia API via proxies (which returns the IP that Wikipedia sees), and using the block functions in pywikibot. The ways it found lists of proxies are private due to WP:BEANS. Discussions would be in the WP:BRFAs for this bot and ProcseeBot. Finally, I shut it down because it was consuming a large percentage of my NAS' computing resources and generating a large number of talk page complaints and unblock requests, largely because blocking is flawed as a solution to this problem: dynamic IPs mean that block expiration will rarely coincide with an IP stopping to be a proxy, and dialing in that time requires resources to run multiple scanners and a database to facilitate re-checking and unblocking. Unfortunately, WMF has resisted expanding the excellent TorBlock to also use commercially-available threat intelligence feeds from people who are actually qualified to run this kind of scanning, leaving projects vulnerable to block evasion from vandals who can find the right VPN apps. ST47 (talk) 03:45, 13 February 2025 (UTC)[reply]

In case it is news, User:MolecularBot (BRFA) is being developed by MolecularPilot. When running, it would maintain a list of exit IP addresses used by VPNgate. An admin bot could use that list to block the known proxies. Johnuniq (talk) 05:07, 13 February 2025 (UTC)[reply]

The coding is all done, all that's needed now is community approval as to the policy for blocking (i.e. how long, which setting etc.), I've been preparing an draft guideline to be sent to WP:VPP for review but it's not done yet and also I need to ask for permission from the WMF to run on Cloud VPS (not tool forge as I can't open vpn connections from there). :) MolecularPilot ^{🧪️✈️} 05:09, 13 February 2025 (UTC)[reply]