Wikipedia:Requests for checkuser/Case/82.201.156.201

''The following discussion is preserved as an archive of a Request for checkuser. Please do not modify it .''

82.201.156.201



 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Code letter: G
 * Supporting evidence:
 * Supporting evidence:

In a recent WP:SSP case, I was advised by both Rlevse and Rudget to file an RFCU for 82.201.156.201 and related IP socks.

A spammer who is using a large and expanding number of Egyptian IP addresses is repeatedly adding links to three domains electojets.com, elect.awardspace.com/stepper/, and 1lo.info/stepping that have been identified by consensus on Talk:Electric motor as spam per WP:EL. One of the domains, electojets.com, is identifiable with an Egyptian registration: Abdoh Ali Mohamed, Hay Swesri, Nasr City, Cairo, Egypt.

All three domains have been spam-blacklisted on en-wiki, but this is no longer effective because the spammer has started using a url hiding service to beat the spam blacklist, planting disguised links to the domains.

The spammer is waiting to see what we do (see his/her comment at WP:SSP). - Neparis (talk) 01:04, 13 March 2008 (UTC)
 * I'm not sure of what you are looking for here, since you obviously already have the IPs? I have asked for thee smileurl addition in the meta spam blacklist, meanwhile. -- lucasbfr  talk 12:22, 13 March 2008 (UTC)
 * Indeed, we know the IPs, but an RFCU would confirm whether the IPs have the same user-agent (as well as the same other data logged by the servers, unmentioned here per WP:BEANS). Both Rlevse and Rudget recommended to take this to RFCU. With the almost absolute certainty that a positive RFCU would provide, stronger measures, such as carefully crafted range-blocks or other more technical methods, could be considered. Weaker measures, such as blacklisting, have not stopped the spammer. He/she will keep beating the blacklist by continually renaming the blogs, using new hiding services, and serving the blogs from bare IPs. Thanks all the same for taking smileurl to the blacklist. - Neparis (talk) 14:29, 13 March 2008 (UTC)


 * I looked at a couple, the user agent is too generic to be of much use, and you already have the IP addresses. There is nothing I can tell you that would help you make a range or other block that you can not already get from the IPs. Thatcher 18:32, 13 March 2008 (UTC)
 * Thanks for checking. Pity the ua is too generic. I take it none of the other log data had significant matches? The corresponding IP address blocks look like:
 * 41.232.0.0 ↔ 41.239.255.255
 * 62.135.0.0 ↔ 62.135.127.255
 * 62.139.0.0 ↔ 62.139.255.255
 * 82.201.128.0 ↔ 82.201.255.255
 * 84.36.0.0 ↔ 84.36.255.255
 * 196.200.0.0 ↔ 196.207.255.255
 * 213.212.192.0 ↔ 213.212.255.255
 * 217.52.0.0 ↔ 217.55.255.255
 * Would you recommend selecting some / all for range blocking? Are there any non-spam contributions at all to Wikipedia from within these IP address blocks? If none, there might not be much if any collateral damage from range blocks. - Neparis (talk) 20:07, 13 March 2008 (UTC)


 * Frankly it doesn't seem like a frequent enough problem to warrant large range blocks (13 edits so far this year). We can only range block a /16 anyway, and you've got some much larger ranges in there. It would probably be less disruptive to just watch the page, and when the guy starts up again, have it semi-protected for a week or so. Thatcher 01:54, 14 March 2008 (UTC)


 * Ok, that makes sense. You said above that you had had a look at a couple of the IPs, and determined that the u-a's were too generic to be of much use. Does that mean — sorry if this seems like a silly question (hope not) — that you ran a checkuser on a couple of the IPs? If so, did none of the other (non user-agent) data in the logs for these IPs show any significant matches? Many thanks, Neparis (talk) 02:02, 14 March 2008 (UTC)


 * There wasn't really any useful information returned that isn't already obvious--the web site owner keeps trying to add his site and keeps changing IPs. So just keep reverting and if it gets hit more than a couple times in the same day, ask for protection at WP:RFPP. Thatcher 04:03, 15 March 2008 (UTC)


 * I understand. My question, however, was: is it correct that you checkuser'd a couple of the IPs to determine that the user-agent was too generic to be of much use? I hope my question makes sense. - Neparis (talk) 15:50, 16 March 2008 (UTC)

''The above discussion is preserved as an archive of the Request for checkuser. Please do not modify it. Subsequent requests related to this user should be made above, in a new section.''