User talk:208.147.18.9

Hello, and thank you for your contributions to Wikipedia. I've noticed that you have been adding your signature to some of your edits to articles. This is a common mistake to make and has probably already been corrected. Please do not sign your edits to article content, as the article's edit history serves the function of attributing contributions, so you only need to use your signature to make discussions more readable, such as on article talk pages or project pages such as the Village Pump. If you would like further information about distinguishing types of pages, please see What is an article? Again, thank you for contributing, and enjoy your Wikipedia experience! Thank you. Iggy (Swan) 16:27, 15 April 2019 (UTC)

This clearly indicates that this IP is a proxy. 331dot (talk) 06:48, 16 April 2019 (UTC)

No it doesn't, but proves what I stated. I am in Tafuna (Western District) AS on a Static IP (that I cannot change, and if I were on a proxy I wouldn't bother with this hasel and harrassment). WIMIA is known for false positives on international IP's:

Check, only the WIMIA is positive, and the ISP is BlueSky AS: https://whatismyipaddress.com/proxy-check  208.147.18.9 (talk) 07:23, 16 April 2019 (UTC)


 * The page you link to saying that it "clearly indicates that this IP is a proxy" is whatismyipaddress.com saying that it is a "Network sharing device or proxy". That is not proof that the IP address is hosting an open proxy, for two reasons. (1) "Network sharing device or proxy" covers a wide range of things, not all of which are open proxies. There are many people whose only access to the internet is via some sort of proxy, including everybody in some countries where the internet is set up as proxy servers. (2) whatismyipaddress.com is notoriously unreliable, frequently giving false positives. (Indeed, the web site whatismyipaddress.com itself says "Some tests may result in a false positive for situations where there the IP being tested is a network sharing device. In some situations a proxy server is the normal circumstance (AOL users and users in some countries)." At the most whatismyipaddress.com can be useful as a pointer to cases where it is worth following up with more reliable checks; it is nowhere near enough on its own to justify blocking.


 * You placed the block. I have not been able to find any evidence at all that this IP address is currently hosting an open proxy. Do you have any solid evidence? The editor who uses the pseudonym "JamesBWatson" (talk) 14:00, 16 April 2019 (UTC)
 * I based my decision on IPQualityScore. On the other hand, this tool seems to indicate that IPQualityScore is the only source reporting the IP as a proxy. Any experts listening in? Favonian (talk) 15:55, 16 April 2019 (UTC)


 * I temporarily removed the following message, timed at 19:24, 16 April 2019, while I did a more thorough check with nmap, but the end result was no different from what I got first time, so I am now restoring the message. The editor who uses the pseudonym "JamesBWatson" (talk) 13:29, 17 April 2019 (UTC)


 * Thanks for that information. Here are my thoughts on it. It is not quite true that IPQualityScore is the only source reporting the IP as a proxy, as cbl also reports it, and says "If this IP address is NOT a shared hosting IP address, this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed." However, that web site hedges what it says with various caveats about false positives, making it difficult to know how much weight to give it. IPQualityScore only says that it is a proxy, not that it is an open proxy. As you know, other checks are negative. Nmap indicates that there are no open ports on that IP address, which means that the IP address can't possibly be hosting an open proxy now (though of course it could be doing so intermittently). I can't find any listing of the IP address on any site listing open proxies, but it could be just an exit node for a proxy where the input is on a different IP address. The IP address is blocking pings, but it's impossible to know why it has been set up to do that. Considering everything that I have seen, including both what you have provided and what I have found myself, it seems to me that the evidence about whether it is a proxy or not is highly equivocal, but even if it is there is really no evidence that it is an open proxy, which is what we need to concern ourselves about. I am therefore inclined to unblock. If you think I shouldn't, please let me know. Also, anyone else's thought on the matter would be welcome. The editor who uses the pseudonym "JamesBWatson" (talk) 19:24, 16 April 2019 (UTC)


 * As mentioned here, I have no objections to unblocking the IP. Favonian (talk) 13:41, 17 April 2019 (UTC)
 * Ahem, pending possible further investigation/discussion per latest remarks below. Favonian (talk) 13:43, 17 April 2019 (UTC)


 * I'm not able to dedicate any real bandwidth to this right now - but it looks like recently this ip was compromised. It appears that this may have been resolved around 2 weeks ago now. That would explain the IPQS hit, and any proxy-like behavior. SQL Query me!  04:42, 17 April 2019 (UTC)

I did a port scan and saw "All 1000 scanned ports on 208.147.18.9 are filtered", i.e. everything looks locked down. I concur with SQL's findings above, it looks like this was a compromised host but has since been locked down. --Yamla (talk) 13:33, 17 April 2019 (UTC)


 * Thank you, and . However, checking the link that SQL gives now, I find it currently says "This IP address was detected and listed 295 times in the past 28 days, and 2 times in the past 24 hours. The most recent detection was at Wed Apr 17 08:35:00 2019 UTC +/- 5 minutes" (my emphasis) so it seems that perhaps the problem has not been resolved after all. It also says "This IP address was self-removed 1 times in the past week. This IP address was self-removed 1 times in the past 24 hours." Can the person who made this unblock request please comment on that? I guess that if this is a private static IP address then you will know about the self-removals. If you can clear that up then unblocking may perhaps be acceptable, but at present there has to be some doubt. The editor who uses the pseudonym "JamesBWatson" (talk) 13:40, 17 April 2019 (UTC)


 * A couple more comments for the person who has requested this unblock.
 * 1) I appreciate that it must be frustrating that this is taking so long to get resolved. I hope we can sort it out without too much more delay. If you can give some answer to my request for comment above, that may help to speed things up.
 * 2) You say "if I were on a proxy I wouldn't bother with this hasel and harrassment", but very often open proxies are running on compromised computers without the knowledge of their owners. That means that even if you are not using a proxy, your IP address may be used by a proxy running on your computer. If you haven't already done so, you would be well advised to have your computer checked for viruses and trojans. The editor who uses the pseudonym "JamesBWatson" (talk) 14:01, 17 April 2019 (UTC)
 * I've been watching this request. It appears to be listed on the CBL still, with detections as recently as today. SQL Query me!  23:46, 30 April 2019 (UTC)