Wikipedia:Bots/Requests for approval/TorNodeBot


 * The following discussion is an archived debate. Please do not modify it. To request review of this BRFA, please start a new section at WT:BRFA. The result of the discussion was Symbol oppose vote.svg Withdrawn by operator.

TorNodeBot
Operator:

Automatic or Manually assisted: Automatic

Programming language(s): PHP

Source code available: http://toolserver.org/~mpdelbuono/torbot.txt

Function overview: Blocks unblocked TOR nodes as anonymous only, account creation blocked

Links to relevant discussions (where appropriate): No public discussions regarding the bot directly, but this is in response to a discussion on IRC regarding WP:Sockpuppet investigations/Zealking

Edit period(s): Continuous

Estimated number of pages affected: Initial estimates suggest about 100 IPs in the first hour, however this is likely to drop off after the initial spike. All depends on the TOR network status.

Exclusion compliant (Y/N): N (not applicable)

Already has a bot flag (Y/N): N

Function details:

The bot scans the current TOR network to get a list of potential IPs that are exit nodes. After establishing a list of possible IPs for exit nodes (which is approximately 1400 at last check), it checks each IP against the official TOR tracker via DNSEL. If DNSEL confirms that this is a TOR exit node which has access to Wikipedia, the bot will block the IP anonymous-only, account creation blocked for 3 months.

While this is supposed to be handled by the TOR extension in Wikipedia, some vandals have found a way to avoid this extension. As a result, this bot is necessary to deal with ongoing issues as indicated in the above WP:SPI link.

Discussion
Support approval -- This dude is giving our SPI clerks premature grey hair. Auntie E. (talk) 18:29, 25 April 2010 (UTC)
 * Normally I'd want this request to sit for a while and gather comments from other users, especially considering it is an adminbot, but due to the urgency of the task I'm approving this for a trial. Please run the bot as long as you need, I was thinking somewhere in the range of 25 to 50 blocks. &mdash; The Earwig   (talk)  18:32, 25 April 2010 (UTC)
 * I have flagged TorNodeBot as an administrator for the trial. The account remains not flagged as a bot for the duration of the trial, so that it can be closely watched for mistakes. --Deskana (talk) 18:33, 25 April 2010 (UTC)

Note: Some may inquire as to why some of the blocked IPs do not actually show up as TOR nodes on our various TOR checking utilities. I have investigated all of these (few) apparent mis-hits. What is being detected are "temporary" TOR exit nodes, that is, users that publish a server but then later turn off their computer/TOR connection. The following is a quote from DNSEL's specification:

"After a Tor server op turns off their server, it stops publishing server descriptors. We should consider that server's IP address to still represent a Tor node until 48 hours after its last descriptor was published."

Since the tool checkers only detect current TOR nodes, any case where a TOR exit node was detected, but later disabled after being blocked, would show up as not being a TOR node. It is, in fact, these "temporary" TOR nodes that are the most dangerous to Wikipedia, because blacklists are unlikely to have them at the time of abuse.

I have manually checked all of these through the most appropriate mechanism, dig, querying DNSEL manually. In all of these cases, the tracker at torproject.org confirms that this IP was a tor exit node with access to Wikipedia within the last 48 hours.

To confirm yourself, the command is as follows:  (for a given host IP 1.2.3.4 – Note the IP is reversed). An A record response of 127.0.0.2 indicates that the node is/was recently a TOR exit node with access to Wikipedia. -- Sh i r ik ( Questions or Comments? ) 19:25, 25 April 2010 (UTC)
 * Note: Since this means that these IPs are likely to be tor exit nodes, but currently offline, I have adjusted the code such that it will keep an eye on those IPs for them to open up again, but it will test each potential TOR node by trying to connect to it. It will only block if it can successfully connect to the node. -- Sh i r ik ( Questions or Comments? ) 19:40, 25 April 2010 (UTC)

The following is the output from the most recent trial. You will note that it did skip a few IPs that it was unable to connect to, but it keeps an eye on them.

POST: http://en.wikipedia.org/w/api.php?action=login&format=php (0.259978055954 s) (105 b) POST: http://en.wikipedia.org/w/api.php?action=login&format=php (0.342412948608 s) (256 b) Array12.161.212.22 does not appear to be a TOR node. 82.243.189.153 does not appear to be a TOR node. 62.2.182.82 does not appear to be a TOR node. 85.214.71.145 does not appear to be a TOR node. 81.169.184.38 does not appear to be a TOR node. 74.104.155.198 does not appear to be a TOR node. 120.50.40.184 does not appear to be a TOR node. 98.19.216.5 does not appear to be a TOR node. 68.4.213.246 does not appear to be a TOR node. 69.164.192.167 does not appear to be a TOR node. 87.206.182.57 does not appear to be a TOR node. 80.101.128.228 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 82.247.118.177: Will block AO/ACB GET: http://en.wikipedia.org/w/api.php?action=query&prop=info&intoken=edit&titles=Main%20Page&format=php (0.217422962189 s) (340 b) POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.309595108032 s) (251 b) 78.35.100.136 does not appear to be a TOR node. 84.74.99.107 does not appear to be a TOR node. 84.245.33.183 appears to be blocked. Skipping. 79.242.62.80 does not appear to be a TOR node. 85.214.101.91 does not appear to be a TOR node. 87.185.202.2 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 75.30.97.142: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.548299789429 s) (249 b) 195.242.152.250 does not appear to be a TOR node. 88.117.117.107 does not appear to be a TOR node. 79.103.54.30 does not appear to be a TOR node. 72.55.174.112 appears to be blocked. Skipping. 89.12.139.159 appears to be blocked. Skipping. 76.161.33.170 does not appear to be a TOR node. 76.161.33.58 does not appear to be a TOR node. 98.141.220.226 does not appear to be a TOR node. 129.25.11.27 does not appear to be a TOR node. 188.40.77.107 appears to be blocked. Skipping. 97.117.99.105 does not appear to be a TOR node. 80.197.5.166 does not appear to be a TOR node. 82.66.212.76 does not appear to be a TOR node. 124.87.246.229 does not appear to be a TOR node. 87.118.93.122 does not appear to be a TOR node. 85.201.198.206 does not appear to be a TOR node. 76.121.168.82 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 80.86.105.59: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.567147016525 s) (249 b) 92.143.103.55 does not appear to be a TOR node. 62.197.40.155 appears to be blocked. Skipping. Checking TOR ports Found unblocked tor node 81.174.66.93: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.352092981339 s) (249 b) 66.90.104.9 appears to be blocked. Skipping. 89.245.89.175 does not appear to be a TOR node. 118.209.172.115 appears to be blocked. Skipping. 85.214.152.119 does not appear to be a TOR node. 82.181.161.18 does not appear to be a TOR node. 64.85.168.43 does not appear to be a TOR node. 69.165.165.126 does not appear to be a TOR node. 118.168.201.22 appears to be blocked. Skipping. 80.239.147.18 appears to be blocked. Skipping. 80.239.147.19 does not appear to be a TOR node. 80.239.147.20 does not appear to be a TOR node. Checking TOR ports IP 85.216.7.172 was listed as a TOR node, but is not responding. Deferring. 208.177.109.254 does not appear to be a TOR node. 217.13.196.70 does not appear to be a TOR node. 84.23.64.114 does not appear to be a TOR node. 207.112.105.217 does not appear to be a TOR node. 86.137.13.115 appears to be blocked. Skipping. 81.57.79.150 does not appear to be a TOR node. 91.54.102.38 does not appear to be a TOR node. 62.141.42.186 appears to be blocked. Skipping. 83.171.189.131 does not appear to be a TOR node. 95.208.86.127 does not appear to be a TOR node. 91.152.2.241 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 67.160.172.165: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.330924987793 s) (251 b) 217.172.186.125 does not appear to be a TOR node. 84.19.167.105 does not appear to be a TOR node. 92.229.32.129 does not appear to be a TOR node. 216.224.124.124 appears to be blocked. Skipping. 78.105.250.195 does not appear to be a TOR node. 203.45.38.36 does not appear to be a TOR node. 94.72.198.24 does not appear to be a TOR node. 92.241.165.77 appears to be blocked. Skipping. 212.112.241.44 does not appear to be a TOR node. 97.107.142.133 does not appear to be a TOR node. 86.197.152.232 does not appear to be a TOR node. 83.133.119.213 does not appear to be a TOR node. 91.58.3.100 does not appear to be a TOR node. 82.95.118.50 does not appear to be a TOR node. 174.37.99.107 does not appear to be a TOR node. Checking TOR ports IP 93.146.181.237 was listed as a TOR node, but is not responding. Deferring. 74.207.233.40 does not appear to be a TOR node. 95.208.229.55 does not appear to be a TOR node. 209.59.209.188 does not appear to be a TOR node. 216.195.133.27 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 71.17.49.157: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.418141126633 s) (249 b) 212.13.194.142 does not appear to be a TOR node. 74.241.58.146 does not appear to be a TOR node. 70.85.129.120 does not appear to be a TOR node. 67.102.179.29 does not appear to be a TOR node. 72.70.43.234 does not appear to be a TOR node. 173.203.117.173 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 216.24.174.245: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.307591915131 s) (251 b) Checking TOR ports Found unblocked tor node 202.186.28.214: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.303987026215 s) (251 b) 88.198.16.100 does not appear to be a TOR node. 204.13.164.27 does not appear to be a TOR node. 174.34.146.248 does not appear to be a TOR node. 91.149.187.155 does not appear to be a TOR node. 174.102.204.241 does not appear to be a TOR node. 87.69.140.45 does not appear to be a TOR node. 84.202.12.104 does not appear to be a TOR node. 80.190.250.90 does not appear to be a TOR node. 188.40.43.120 does not appear to be a TOR node. 75.75.254.205 does not appear to be a TOR node. 75.75.254.207 does not appear to be a TOR node. 213.239.201.240 does not appear to be a TOR node. 85.214.65.74 does not appear to be a TOR node. 71.32.58.121 does not appear to be a TOR node. 212.42.236.140 appears to be blocked. Skipping. 82.243.210.76 appears to be blocked. Skipping. Checking TOR ports Found unblocked tor node 83.161.251.214: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.309699058533 s) (251 b) 95.56.92.75 does not appear to be a TOR node. 200.58.118.143 does not appear to be a TOR node. 85.214.68.105 does not appear to be a TOR node. 76.10.176.79 does not appear to be a TOR node. 74.207.249.11 does not appear to be a TOR node. 74.207.247.39 does not appear to be a TOR node. 67.212.93.230 does not appear to be a TOR node. 92.243.8.139 does not appear to be a TOR node. 92.243.8.139 does not appear to be a TOR node. 71.178.19.93 does not appear to be a TOR node. 66.250.216.134 does not appear to be a TOR node. 78.46.246.116 does not appear to be a TOR node. 209.20.75.107 does not appear to be a TOR node. 84.19.164.176 does not appear to be a TOR node. 83.248.88.17 does not appear to be a TOR node. 85.4.10.100 does not appear to be a TOR node. 80.9.162.118 does not appear to be a TOR node. 90.184.156.230 does not appear to be a TOR node. 62.80.200.184 does not appear to be a TOR node. 92.195.43.236 does not appear to be a TOR node. 99.204.108.224 does not appear to be a TOR node. 84.60.39.14 does not appear to be a TOR node. 188.40.84.150 does not appear to be a TOR node. 24.83.51.227 does not appear to be a TOR node. 178.191.5.15 does not appear to be a TOR node. 85.31.187.225 appears to be blocked. Skipping. 75.127.181.106 appears to be blocked. Skipping. 76.105.159.99 does not appear to be a TOR node. 77.127.146.13 appears to be blocked. Skipping. 70.36.146.189 appears to be blocked. Skipping. 64.90.29.217 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 75.101.91.44: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.317540884018 s) (249 b) 217.160.111.190 does not appear to be a TOR node. 192.251.226.206 appears to be blocked. Skipping. 192.251.226.206 appears to be blocked. Skipping. 109.87.243.149 does not appear to be a TOR node. 188.40.172.119 does not appear to be a TOR node. 159.149.105.57 does not appear to be a TOR node. 87.227.83.103 does not appear to be a TOR node. 217.150.250.224 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 71.43.23.242: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.315424919128 s) (249 b) 92.227.134.189 does not appear to be a TOR node. 91.18.124.144 does not appear to be a TOR node. 213.251.167.55 does not appear to be a TOR node. 87.171.80.239 does not appear to be a TOR node. 72.149.199.227 does not appear to be a TOR node. 81.90.234.64 does not appear to be a TOR node. 161.53.29.203 does not appear to be a TOR node. 69.39.49.200 does not appear to be a TOR node. 91.121.107.91 does not appear to be a TOR node. 82.47.214.148 does not appear to be a TOR node. 212.187.20.144 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 80.216.40.208: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.30492401123 s) (250 b) 79.231.80.193 does not appear to be a TOR node. 85.176.152.101 does not appear to be a TOR node. 88.198.172.198 does not appear to be a TOR node. 84.19.166.178 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 174.142.75.26: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.36267209053 s) (250 b) Checking TOR ports Found unblocked tor node 89.16.175.194: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.369550943375 s) (250 b) 81.214.61.135 does not appear to be a TOR node. 77.184.12.188 does not appear to be a TOR node. 194.231.186.250 does not appear to be a TOR node. 79.194.2.138 does not appear to be a TOR node. 88.72.238.60 does not appear to be a TOR node. 217.83.64.46 does not appear to be a TOR node. 216.139.240.0 does not appear to be a TOR node. 76.104.132.98 does not appear to be a TOR node. 66.226.74.121 does not appear to be a TOR node. 93.97.239.3 does not appear to be a TOR node. 95.211.24.122 does not appear to be a TOR node. 174.26.75.212 does not appear to be a TOR node. 89.253.87.40 does not appear to be a TOR node. 148.88.190.145 does not appear to be a TOR node. 92.229.20.64 does not appear to be a TOR node. Checking TOR ports Found unblocked tor node 95.211.84.146: Will block AO/ACB POST: http://en.wikipedia.org/w/api.php?action=block&format=php (0.309539079666 s) (250 b) 87.234.239.110 does not appear to be a TOR node. 85.125.223.198 does not appear to be a TOR node. 98.190.217.23 does not appear to be a TOR node. 92.161.180.191 does not appear to be a TOR node. 84.22.122.5 appears to be blocked. Skipping. 163.25.104.5 does not appear to be a TOR node. 88.198.45.235 does not appear to be a TOR node. Checking TOR ports IP 93.74.124.162 was listed as a TOR node, but is not responding. Deferring. 188.97.5.131 does not appear to be a TOR node. 65.112.61.162 does not appear to be a TOR node.

With that I'm going to say and I am going through the last set of results now. -- Sh i r ik ( Questions or Comments? ) 19:55, 25 April 2010 (UTC)
 * I checked all the IPs and see 100% accuracy according to https://www.dan.me.uk/torcheck. The only unusual one was 202.186.28.214, but I determined this is running on a slightly nonstandard port, but is still an open TOR node. -- Sh i r ik ( Questions or Comments? ) 20:00, 25 April 2010 (UTC)


 * 1) Has anyone filed a bug report about the TorBlock extension not catching these?
 * 2) Did anyone ask the Toolserver admins about whether or not this violates TS rule number 4?
 * 3) Is anyone planning on mentioning this at some community forum? Or are we disregarding the entirety of the bot policy for this?
 * Mr.Z-man 20:32, 25 April 2010 (UTC)

My response: --Deskana (talk) 20:42, 25 April 2010 (UTC)
 * 1) No. I'm not familiar with the bug reporting process, and have been extremely busy today, so don't have the time to do bring myself up to speed with it. I was going to do so tomorrow, after I've handed the draft of my dissertation in.
 * 2) Shirik says that the bot only scans one or two ports, so I assume that it does not disrupt another network. However, you are right insofar as nobody has explicitly asked the toolserver admins.
 * 3) Given the urgency of the situation with respect to the user that is vandalising and taking up a lot of our time, this was intended to be a quick stop-gap measure. It's my hope that this bot is quickly made redundant by a fix to the torblock extension, thus making extended community discussion redundant.


 * With regards to the toolserver comment: I have talked to the toolserver admins and they're inclined to dislike the activity pending a discussion on the mailing list. This is not an issue as I have a server on which this can run. As for the problem with the TorBlock extension, I essentially echo what Deskana said. -- Sh i r ik ( Questions or Comments? ) 20:47, 25 April 2010 (UTC)


 * Comment: I don't doubt the urgency of this situation, but still have misgivings about the way this is being rushed through without proper discussion. The situation of a non-admin operating an adminbot will make many editors understandably uneasy. &mdash; Martin (MSGJ · talk) 21:07, 25 April 2010 (UTC)
 * I'm sure, though now it seems that there wasn't any point even filing this request, since we'll probably end up having the tor block extension fixed before we actually get this bot "approved". In future, I know how to handle such situations. --Deskana (talk) 21:15, 25 April 2010 (UTC)
 * Comment I do not disagree with you that it could make some people uneasy, and I want the community's input on this. I apologize that this seems rushed and fragmented, but half of the discussion about this has occurred on BAG's IRC channel and half of it has occurred here. One of the things that has come up in IRC that has not yet been transcribed here is how to inform the community about this ongoing discussion; I do agree it is advisable to keep the community informed of this. Where to bring this up, though, has as of yet been left open. Should you have any suggestions, please feel free to throw them out there. -- Sh i r ik ( Questions or Comments? ) 21:16, 25 April 2010 (UTC)

Given the lack of response from anyone regarding whether or not the TorBlock extension has an open bug, I have filed issue 23321 regarding the problem. -- Sh i r ik ( Questions or Comments? ) 21:30, 25 April 2010 (UTC)

Werdna has made a fix to the problematic component that was causing the TorBlock extension to not operate properly. Accordingly, this bot should no longer be necessary and I'm going to withdraw it. Thanks! -- Sh i r ik ( Questions or Comments? ) 23:28, 25 April 2010 (UTC)
 * The above discussion is preserved as an archive of the debate. Please do not modify it. To request review of this BRFA, please start a new section at WT:BRFA.