Directory

⚓ T380917 Ability to configure a wiki to auto block open proxies
Page MenuHomePhabricator
Create Task
Maniphest T380917

Ability to configure a wiki to auto block open proxies
Open, Stalled, Needs TriagePublicFeature
Actions

Description

Why

  • Since ST47ProxyBot (userpage, block log) has stopped blocking open proxies on English Wikipedia, I assume the amount of LTA-related proxy vandalism and abuse has increased. In particular, I wonder if the MidAtlanticBaby LTA would be stopped if this bot were still running.

What

  • Pick a MediaWiki extension (AutoModerator? TorBlock?) or create an extension to add the following functionality to:
    • Config variable such as $wgBlockOpenProxies = true
    • When set to true on a wiki, duplicates the functionality of ST47ProxyBot, which checked some kind of third party open proxy list, then blocked IP addresses for 14 days, 1 year, 2 years, or sometimes a different duration, depending on whether or not they were on that list, what type of proxy they were, and maybe an additional factor
    • The algorithm appears to be "a combination of open-source intelligence, blocklist APIs, and port scanning/fingerprinting". (More details.)
  • Alternatively: use AbuseFilter variables based on IP reputation data T354599: [EPIC] Provide IP reputation variables in AbuseFilter

Notes

  • cc @Samwalton9-WMF and @kostajh, since this overlaps with some of your work (AutoModerator, IPInfo). cc @ST47, original bot maintainer.
  • if we implemented this via a hook that stops the attempted action, we could avoid spamming the block log, which was a downside of ST47ProxyBot
  • search keyword: VPNGate

Related Objects

Event Timeline

Novem_Linguae created this task.Nov 26 2024, 8:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 26 2024, 8:25 PM
Novem_Linguae renamed this task from Feature request: ability to configure a wiki to auto block open proxies to Ability to configure a wiki to auto block open proxies.Nov 26 2024, 8:27 PM
Novem_Linguae changed the subtype of this task from "Task" to "Feature Request".
kostajh added a comment.EditedNov 26 2024, 8:30 PM

I assume the amount of LTA-related proxy vandalism and abuse has increased

I am not sure about this assumption. It would be great to have some data on it. For example, we can see the number of blocks drop off when ST47ProxyBot goes offline in March:

image.png (944×954 px, 71 KB)

and the rate of reverts stays about the same

image.png (784×950 px, 66 KB)

as do page protections

image.png (784×950 px, 71 KB)

@Novem_Linguae for this task, my suggestion is that we solve it via T354599: [EPIC] Provide IP reputation variables in AbuseFilter, especially as there is some work underway now for that feature as part of FY2024-25 WE4.2 work stream. If we then find that the AbuseFilter approach is not sufficient, we could look at achieving this task in a different way.

Hey_man_im_josh subscribed.EditedNov 26 2024, 8:40 PM

I certainly have felt like the bot's absence has had a negative effect on Wiki. One example is, during my NPP work, I patrol redirects. Every day this last week or two I'm finding at least 5-10 unreviewed redirects as the result of caste / clan related articles being redirected by IPs which have often ended up blocked as proxies by the time I find the redirect. I bet I'm missing quite a few as well with other editors marking those redirects as reviewed, whereas I'm reverting the BLARs which typically have very misleading edit summaries. Definitely some edits in contentious areas taking place that might not have otherwise.

kostajh attached a referenced file: F57750328: image.png. (Show Details)Nov 26 2024, 8:43 PM
kostajh attached a referenced file: F57750327: image.png. (Show Details)
kostajh attached a referenced file: F57750325: image.png. (Show Details)
A_smart_kitten subscribed.EditedNov 26 2024, 8:44 PM

@kostajh, FYI, the files you've linked to are currently showing as restricted.

edit: not any more :)

kostajh added a comment.Nov 26 2024, 8:45 PM
In T380917#10359516, @Hey_man_im_josh wrote:

I certainly have felt like the bot's absence has had a negative effect on Wiki. One example is, during my NPP work, I patrol redirects. Every day this last week or two I'm finding at least 5-10 unreviewed redirects as the result of caste / clan related articles being redirected by IPs which have often ended up blocked as proxies by the time I find the redirect. I bet I'm missing quite a few as well with other editora marking those redirects as reviewed, whereas I'm reverting the BLARs which typically have very misleading edit summaries. Definitely some edits in contentious areas taking place that might not have otherwise.

Ack, thanks for this. We will hopefully have some mechanism in place to allow for mitigating actions from anonymous proxies and proxies by name via subtasks of T354599: [EPIC] Provide IP reputation variables in AbuseFilter.

kostajh added a comment.Nov 26 2024, 8:49 PM
In T380917#10359546, @A_smart_kitten wrote:

@kostajh, FYI, the files you've linked to are currently showing as restricted.

edit: not any more :)

Yeah, sorry about that!

Novem_Linguae updated the task description. (Show Details)Nov 26 2024, 8:56 PM
Novem_Linguae added a project: MediaWiki-extension-requests.
Izno subscribed.Nov 26 2024, 9:48 PM
HouseBlaster subscribed.Nov 26 2024, 10:50 PM
Bugreporter subscribed.EditedNov 27 2024, 1:03 AM

$wgBlockOpenProxies

This is indeed a feature in older MediaWiki: https://www.mediawiki.org/wiki/Manual:$wgBlockOpenProxies (removed in T56597). A number of related settings still exists in master version of MediaWiki, such as $wgEnableDnsBlacklist and $wgProxyList (which provides indirect support of third party open proxy list). See also T76301: Remove all proxy blocking functionalities from mediawiki core

Bugreporter added a comment.Nov 27 2024, 1:04 AM

Note in Wikimedia it is much better that proxies be globally blocked.

DreamRimmer subscribed.Nov 27 2024, 1:07 AM
Nemoralis subscribed.Nov 27 2024, 3:49 AM
1AmNobody24 subscribed.Nov 27 2024, 6:06 AM
Clearfrienda subscribed.Wed, Nov 27, 11:11 PM
Johannnes89 subscribed.Sun, Dec 1, 12:15 PM
kostajh updated the task description. (Show Details)Mon, Dec 2, 9:07 AM

@Novem_Linguae can we mark this as stalled while Trust and Safety Product Team is working on shipping T354599: [EPIC] Provide IP reputation variables in AbuseFilter? If we find that AbuseFilters using IP reputation data are not sufficient for this problem, we could think about a dedicated extension.

Novem_Linguae changed the task status from Open to Stalled.Mon, Dec 2, 9:11 AM

OK. Marking as stalled.

I definitely like having this ticket to centralize discussion. This will probably come up in the future. Thanks for your input so far.

Novem_Linguae updated the task description. (Show Details)Tue, Dec 17, 10:45 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits