Wikipedia:Sockpuppet investigations/2601:206:4003:28B0:997E:8738:3095:E423/Archive

Suspected sockpuppets
Nearly identical edits to same pages. IP user has been blocked several times already. Also, see 2601:206:4003:28B0:9467:F3FA:3578:6704 — JlACEer ( talk ) 23:28, 19 March 2022 (UTC)

Comments by other users
''Accused parties may also comment/discuss in this section below. See Defending yourself against claims.''

, seems clear that the activity at 2601:206:4280:85B0:DC71:8EDD:F723:E6B1 is nearly identical to what occurred from the 2601:206:4003:28B0 range. All these edits, some of which involve massive changes, are getting reverted (at least in these examples). The only other alternative to blocking the IP range temporarily is to protect each and every page they keep coming back to. What are we missing? --GoneIn60 (talk) 17:54, 23 March 2022 (UTC)


 * The problem is, the enclosing range is 2601::/20, which is a really big range to block. Actually, I don't think the software will allow blocking anything bigger than a /32.  Blocking individual IPs as they pop up is basically useless since they turn over so fast. -- RoySmith (talk) 18:24, 23 March 2022 (UTC)
 * Totally agree that blocking individual IPs is pointless. What if we just focus on the global prefixes 2601:206:4280 and 2601:206:4003 which is /48? It would still be a bit of whack a mole, but so far we've only seen two different prefixes at this level. Just a thought. --GoneIn60 (talk) 18:34, 23 March 2022 (UTC)
 * A /48 is still pretty big. If I did the math right, that's 1,208,925,819,614,629,174,706,176 IP addresses.  Is there some specific list of pages that are being abused here? -- RoySmith (talk) 19:13, 23 March 2022 (UTC)
 * Thoughts ? Looks like only 3-4 articles are being repeatedly disrupted, so perhaps that's the better option. Or if we stick with range blocks, we can consider reducing the block ranges to 2601:206:4280:85B0 and 2601:206:4003:28B0 (/64). Maybe try page protection first? --GoneIn60 (talk) 19:59, 23 March 2022 (UTC)
 * Sounds like page protection is the way to go. I should have time tomorrow to look at WP:RFPP and see what is involved. I guess need to brush up on sockpuppetry as well. I figured any block evasion by using a different IP was considered a sock — didn't realize it only applied to named users.— JlACEer  ( talk ) 21:46, 23 March 2022 (UTC)

Clerk, CheckUser, and/or patrolling admin comments
-- RoySmith (talk) 20:16, 23 March 2022 (UTC)
 * this looks like perfectly normal use of dynamic IPs on a wide range. I'm not seeing how blocking them does anything useful. -- RoySmith (talk) 01:16, 20 March 2022 (UTC)
 * I'm going to close this SPI. I don't mean to dismiss the concerns raised here, but more or less by definition, if there's no user accounts involved, it can't be socking, so not appropriate for SPI.  My suggestion would be to come up with a list of the most commonly affected pages and make a request at WP:RFPP to have those pages semi-protected.  If you like, ping me in your request so I can stay aware of the progress.  In general, RFPP moves a lot faster than SPI, so it's really the right place for these sorts of issues.