Wikipedia:WikiProject on open proxies/Archives/Closed/2011/August

173.246.32.0/19



 * Originally found these on James R. Fouts and had the range of 173.246.35.176/28, then looking at a whois, found that was at the very least a webhost if not containing some proxies. What does everyone else see? :P (I'd rather block a proxy range then protect this article which I am doing now) -- DQ  (t)   (e)  11:50, 27 May 2011 (UTC)
 * Hmmmm.... I did some digging on this earlier which was inconclusive, but then I found this new ipuser on the /19 which is running this software which is apparently software for running something like an internet cafe.  So I'm actually wondering if it might be a hotel or something, although they aren't running that same software.  It would also explain the diverse editing interests of the various IPs on the /28. So I'm leaning towards not-a-proxy but am not wholly convinced given that "hosting" is in the providers name. Sailsbystars (talk) 00:46, 5 June 2011 (UTC)
 * Marking unlikely -- DQ  (t)   (e)  03:47, 13 August 2011 (UTC)

195.28.75.114


Reason: Socking. I have some other thoughts behind this sock. One of the IPs hosts name has proxy right in it and has 80/443 open, but I can't get a proxy myself. Also possible that OpenSSH is at work here. I would just like some general clarification from other checkers. -- DQ  (t)   (e)  03:35, 10 June 2011 (UTC)
 * The first IP, 195.28.75.114, resolves to gw0.ruskov.net. gw = gateway, normally a sign of a closed caching proxy. It looks like a municipal wireless/hotspot IP. The second IP resolves to icm218137-orange.orange.sk - a mobile/3G provider. The third IP resolves to proxy.svkk.sk - a closed proxy belonging to a library. The edits all look relevant to the geolocation. I'm not entirely sure what's running on http://193.87.75.82 ("Stranky Svk v Kosiciach"? does that mean "unavailable outside Košice"?) but it doesn't seem to be an open proxy either. -- zzuuzz (talk) 08:04, 10 June 2011 (UTC)
 * Thanks, I obviously made this while I was tired as I don't remember seeing the "eductation" in the whois results :P. Anyway, again thanks for the look over and these results will factor into the blocks I give out. -- DQ  (t)   (e)  16:24, 10 June 2011 (UTC)
 * Marking unlikely -- DQ  (t)   (e)  03:47, 13 August 2011 (UTC)

2.138.219.49 & 2.220.204.70


The IP User:2.220.204.70 was blocked for repeatedly breaching WP:CIVIL yesterday. This IP geolocates to the UK (a BSKYB Broadband address) - today rather than filing an unblock request the preson behind the IP used 2.138.219.49 a spanish IP (Telefonica de Espana SAU) to reply to the block notice. This maybe a mistake on the part of the geolocate / reverse DNS system (I've used 3 to make sure and all 3 give the same results) or if it's right looks like proxy usage-- Cailil  talk 12:29, 25 July 2011 (UTC)
 * As a further note I have blocked 2.220.204.70 for 10 days, and 2.138.219.49 is blocked for a week currently-- Cailil  talk

Reason: Suspicious edits
 * No evidence of proxies I could find in a quick check. Neither IP is currently online at all in fact, and given that both are on dynamic ranges, there's no point in dropping a proxyblock on them.  I'll wait to close this for a few days though to see if they both stay down.  Sailsbystars (talk) 13:48, 25 July 2011 (UTC)
 * This IP is open on 21,23,80 running micro_httpd on 80. Only webpage it would load is
 * Host down.
 * -- DQ  (t)   (e)  03:08, 26 July 2011 (UTC)


 * Well I've done some more digging and it turns out both these IPs are listed as Spambots/Spammers/Scanners within CIDR/Zombies on APEWS.org and are listed on Spamhaus.org, but they are clean on all other lists -- Cailil  talk 13:09, 27 July 2011 (UTC)
 * Marking unlikely -- DQ  (t)   (e)  03:47, 13 August 2011 (UTC)