Wikipedia talk:WikiProject on open proxies/Archive 3

User talk:192.114.67.114
From meta:User talk:Pathoschild:

Hello, you blocked this address as an open proxy; we have blocked it on HE WP due to the same reason.

I was told today that this IP belongs to a public library, hence the amount of vandalism. Can you check again whether this is in fact an open proxy? If it is, we'll keep it blocked. If not, we may use shorter blocks when observing vandalism.

Regards, Odedee 02:02, 18 March 2008 (UTC)

bzq-114-67-114.static.bezeqint.net (192.114.67.114): Not shown: 1693 closed ports PORT    STATE    SERVICE 22/tcp  open     ssh 80/tcp  open     http 3128/tcp filtered squid-http 8081/tcp open    blackice-icecap

PORT  STATE SERVICE    VERSION 80/tcp open http-proxy Squid webproxy 2.5.STABLE7
 * The scan results show that port 80 is open and used by a squid service. A misconfiguration or software vulnerability may leave it open to attack, but it's not necessarily an open proxy as-such. Port 8081 might be a firewall, or it might be a trojan or other vulnerability.


 * It might be open; it has been a long time since I did any open proxy scanning, so I don't remember the specifics on how to be more conclusive. Try posting a message on w:Wikipedia talk:WikiProject on open proxies with the above data, and someone there will be able to answer more definitively. — {admin} Pathoschild 21:31:26, 20 March 2008 (UTC)


 * Can anyone verify whether this address is indeed an open proxy, or have different reasoning why it should be kept blocked indefinitely? Odedee (talk) 04:38, 22 March 2008 (UTC)

200.158.136.204
I'm not sure how reliable the ClueBot reports are, but I was able to make a null edit to the sandbox using, despite User:ClueBot IV/WPOPreports/200.158.136.204 resulting in no open proxy. Spellcast (talk) 19:33, 9 April 2008 (UTC)

They are just Datacenter IPs
This is actually pretty dumb, The proxies are run on Datacenter IPs. Not residential IP addresses. There is no need for someone editing wikipedia threw a datacenter IP. Why not just block non-residental IP addresses and save yourself the headache. 99.249.175.178 (talk) 20:50, 19 April 2008 (UTC)

I'm traveling SE Asia, and I use my personal box in a German datacenter as proxy. It does make a huge difference, speed-wise. Most of the time I surf via proxy, and it's a blaze. It is not anonymising, and I wonder why such proxies are blocked at all. You can get the residential IP from the HTTP headers ("forwarded for...") and block those if someone misused editing. It's not the end of the world, but editing without proxy is so much slower for me.SimStim (talk) 13:05, 11 September 2008 (UTC)
 * They're blocked because of the abuse that comes from CGI and PHP proxies. If a hosting center has many open proxies, those cases where someone legitimately edits through their own dedicated server (which I'm assuming you're running) is rare when compared to the abuse from anonymizers. It's much better to grant IP block exemption in those rare cases instead of leaving a hosting center (known to house many illegitimate proxies) unblocked. Spellcast (talk) 12:43, 22 September 2008 (UTC)

Cluebot screwup?
I've never posted here before, but an anonymous editor has been trolling around Talk:Young Earth creationism and related articles using an astonishing number of IPs, some of which the "Tor" link reports as Tor exit nodes. The following report was generated for one of them: "% % TOR (Anonymous-proxy) Node Checker % Copyright(c) 2008, Daniel Austin MBCS % % % TOR data is 838 seconds old. % % Checking TOR status for '24.195.126.244'... ACK % This is a TOR EXIT node (details below). % IP:     24.195.126.244 %   Name:   Phreakshow %   Ports:  9001 9030 %   Flags:  Exit Fast Running V2Dir Valid"

But Cluebot flagged this as not a tor node. Did I misunderstand the table syntax? What's up? silly rabbit (  talk  ) 01:12, 21 April 2008 (UTC)
 * Apparently if ClueBot finds it's TOR blacklisted, it will still say "No open proxy". You have to click the link to the report to the DNSBL section and see for yourself. Oh, and please put a note after the || on the reports, otherwise you'll mess up the bot. Calvin 1998 (t-c) 01:27, 21 April 2008 (UTC)

Am I at the right place?
I am an editor of the page Gundam and to my concern, there has been various non IPs coming in and drop down the same unsourced supposedly new series called Mobile Suit Gundam Aqua in which failed the google test for the English name as above and failed the Japanese(this is a Japanese meta-series) for both 機動戦士ガンダム AQUA and 機動戦士ガンダム アクア. The official site have no news about it and none of the Japanese magazines including the official Gundam ACE magazine nor the blog Gunota famous for translating Japanese news to English got the news of having such series and the next TV series is the second season of Mobile Suit Gundam 00 which is going to be aired in October 2008. Thus it is considered vandalism and have been reverted quite a few times. first edit by IP address 124.13.70.46, second edit, this time with more made up numbers by a different IP also with minimal editing history using the same hit and run tactics. Third edit indentified as vandalism by a third IP 124.13.66.111 this time only concentrated on this particular page. This time the edit is by yet another IP and is obviously different from the previous ones, yet by the WHOIS info, all are from TELEKOM MALAYSIA BERHAD. Since the vandalism is random in time, and is persistent, I see no point in semi-protecting the page for a few months only blocking this specific person who seemingly got an incorrect info and believed it in the depth of his/her heart. If I am not in the right place, please point me to the correct place, thank you. MythSearchertalk 14:32, 2 May 2008 (UTC)

Page Mess up ?
When I view the page I now see "|} |} |} |} |} |} |} |}" at the bottom. Just wondering is this actually meant to be there or has something gone wrong somewhere? Thanks.  ·Add§hore·  T alk /C ont 19:13, 19 May 2008 (UTC)
 * I think one of the bots might have done that - I've removed all but one. Calvin 1998 (t-c) 22:32, 19 May 2008 (UTC)
 * It's still not fixed. It got broke here ;) -- zzuuzz (talk) 22:39, 19 May 2008 (UTC)
 * Woo! That means I broke it :D. /me says sorry =[  ·Add§hore·  T alk /C ont 17:03, 20 May 2008 (UTC)

Another change to Proxyip2
Seems the CWI link has been borked for a while so I went ahead and made an RBL-Check tool on the toolserver. I know it needs a better template for the output, but it is working. Current RBLs it checks are:
 * ahbl - dnsbl.ahbl.org
 * apews - l2.apews.dnsbl.sorbs.net
 * cbl - cbl.abuseat.org
 * njabl - combined.njabl.org
 * nmf - no-more-funn.moensted.dk
 * spamhaus - zen.spamhaus.org
 * sorbs - dnsbl.sorbs.net
 * uceprot1 - dnsbl-1.uceprotect.net
 * uceprot2 - dnsbl-2.uceprotect.net
 * tordnsbl - tor.dnsbl.sectoor.de

Any feelings on replacing the CWI link? Any other comments about RBL additions/removals? Q T C 19:22, 20 June 2008 (UTC)

Open Proxy providers
Just wondering if there's a list of open proxy providers (like Hide My Ass) here so I can use the list to do my own banning on my website. Thanks.  Get  Dumb   01:44, 16 July 2008 (UTC)
 * Nope. There's a list of IP address marked as open proxies here right over at WikiProject on open proxies/Open that you could use (most of those probably aren't still open). No providers and/or domain names, though. Calvin 1998 (t-c) 01:57, 16 July 2008 (UTC)
 * Well I have my checking list here. If you go back to one of the old diffs you get a rough list. This has ip's and then under the ip's it has the hosts. NOTE some of the hosts ip's have changed since as i have been through every single one of these. All of these are blocked on en-wiki.  ·Add§hore·  T alk /C ont 06:43, 16 July 2008 (UTC)
 * I had a similar problem on another wiki and wrote a program to find a load of proxies blocked on Wikipedia. The list is here - it's about 33000 IPs. Hut 8.5 14:08, 19 July 2008 (UTC)
 * Tot that's quite allot of proxy ips.  ·Add§hore·  T alk /C ont 06:36, 26 July 2008 (UTC)

Editor blocked as an OP requests unblock
See. Blocked by Dmcdevit in June, 2007, this IP has filed a request for unblock:"I experimented with Tor a while ago and my IP was an open proxy for a short time during which I was blocked, I will not be doing this again in the future"I won't lift the block since I can't verify he is no longer running an open proxy. Does anyone know how to check this? EdJohnston (talk) 17:21, 23 July 2008 (UTC)
 * You can list it under "Requested Unblock". Hut 8.5 17:29, 23 July 2008 (UTC)
 * Added to the list. Thanks, EdJohnston (talk) 17:34, 23 July 2008 (UTC)

totally reformat?
The current format is kind of ridiculous when it comes to adding comments/closing reports. I'd probably say it might be a better idea to simply set things up like WP:AIV, WP:RFPP, or WP:AN3. That way we have direct-to-section edit links, it makes things a lot easier to both manually and autoarchive, and there aren't massive tables lurking about. At least when it comes to me, I seriously haven't been closing the ones I've checked simply because it's a pain in the ass to edit the entire page, find the thing, and try not to go cross-eyed and make the mistake of adding the wrong comment to the wrong ip. :P

I'd probably guess the sortable table format was chosen due to possible ease of sorting by class A, but I dunno about anyone else, but if I'm verifying, I definitely don't check sort order-- just order of submission. Any comments? Obviously if we change formats we'd need to make sure any bots watching the page are updated accordingly. Cheers. -- slakr \ talk / 06:29, 1 August 2008 (UTC)
 * I agree. -- zzuuzz (talk) 11:24, 1 August 2008 (UTC)
 * Support. problem is if you can convince Cobi to rewrite ClueBot IV :) Calvin 1998 (t-c) 17:58, 1 August 2008 (UTC)
 * I've been working on this - it isn't done, but you can see an example in my sandbox here: User:Cobi/WPOP Sandbox. Thoughts/comments?  -- Cobi(t 17:34, 3 August 2008 (UTC)
 * I like it! shouldnt we remove the 127.0.0.1 examples now it uses a template form? :)  ·Add§hore·  T alk /C ont 19:54, 3 August 2008 (UTC)
 * It should probably stay, it increases the chances people will do it right... Calvin 1998 (t-c) 20:04, 3 August 2008 (UTC)
 * But people wont really see that bit. They just see the bit in the edit form which tells them exactly what to do :)  ·Add§hore·  T alk /C ont 08:02, 4 August 2008 (UTC)
 * You have no idea how many people don't see the link and add one manually :( Calvin 1998 (t-c) 17:32, 4 August 2008 (UTC)
 * Good point I suppose :P  ·Add§hore·  <sup style="color:blue;">T alk /<sub style="color:blue;">C ont 19:16, 4 August 2008 (UTC)
 * Plus, for the absentminded proxy checker, it'd be a good idea to check 127.0.0.1 for open proxies every now and then. ;) :P Though, it might be an idea to simply put the examples in a comment or something... similar to how the examples show up on WP:AIV. *shrug* I also definitely like Cobi's version, as it's very user-friendly.  -- slakr  \ talk / 07:06, 5 August 2008 (UTC)
 * ... Even if an open proxy existed on localhost, it wouldn't be accessible to the world. ;) :P iptables would have something to say about it, first. (namely -j DROP :P)  ;) -- Cobi(t 07:31, 5 August 2008 (UTC)
 * If someone was so absent-minded as to not realize that 127.0.0.1 == themself, then something tells me iptables is a concept altogether new to them, as well. :P Hehe ;) -- slakr \ talk / 08:28, 6 August 2008 (UTC)
 * Is it time to implement the changes yet? Calvin 1998 (t-c) 03:31, 19 August 2008 (UTC)
 * Not yet. I've been busy getting ready for University life lately.  In a week or two I will be settled into life at college and will be able to work on it a little bit more.  -- Cobi(t 03:56, 19 August 2008 (UTC)

Proxy flood
All these IP addresses were used on this wiki by Grawp to create accounts. Some appear on blacklists or are clearly proxies by their google results, none have been checked with nmap. They are all hard blocked for 2 years. I don't know the procedure for transferring confirmed proxies to meta to get them blocked at the server side or whatever, and I don't want to flood the page, so I'm listing them here. Thatcher 00:56, 16 August 2008 (UTC)

Update: Here's a handful more from last night, and these aren't googlable either, but I've verified them myself to be wiiiide open - A l is o n  ❤ 04:19, 17 August 2008 (UTC)


 * Soon as you confirm all of them, send 'em over to the WikiProject on open proxies at meta to be global-blocked (at least I think that's what happens to them). I don't have time now. Calvin 1998 (t-c) 01:45, 18 August 2008 (UTC)
 * I've transferred the list over to Meta for appraisal - A l is o n  ❤ 05:51, 19 August 2008 (UTC)

Proxy IP but University's IP
(I think the) most of internet systems in Chiang Mai University are using 202.28.27.3, which identified as proxy. I can setting (the webbrowser (Firefox) I using) for using 202.28.27.6 instead of 202.28.27.3. Is 202.28.27.6 a proxy likes 202.28.27.3? --Love Krittaya (talk) 08:35, 21 August 2008 (UTC)

70.86.0.0/16 - The Planet
A big range at The Planet was blocked completely. An entire /16 block.I left a message on User:Dmcdevit's talk page who did it but he doesn't look to be getting much talk in the last few months so I don't know if he is around. The Planet hosts managed servers. They do direct allocation of IPs to customers. We shouldn't block the entire netblock completely.

My servers and my 16 ips (70.86.83.48/28 or basically everything from 70.86.83.49-70.86.83.62) I was allocated a few years ago surely don't count as

70.86.0.0/16 - The Planet open proxy - web hosting company ThePlanet.com

Blocking out 65,534 ips is huge (more like a max of 16,384 in real unique ones being used though since the smallest block they give is a /29 direct allocation many with only 1 out of the 8 ips being used. Surely not many of them were hitting wikipedia since these are mostly servers. Those with open proxies should be few and far between and should be handled on a case by case basis. What is the best way to appeal this? -- Zac  Bowling  (user 08:23, 29 November 2008 (UTC)

ANI post that is said to contain open proxies
Hello proxy experts. There is a post at ANI about some IPs harassing Gwen Gale. A commenter has stated that this list includes open proxies. I don't know how to narrow the list down, so I'm just offering the link here. EdJohnston (talk) 20:59, 2 December 2008 (UTC)
 * The issue has now been taken to Requests for checkuser/IP check. EdJohnston (talk) 03:43, 4 December 2008 (UTC)

open proxy
moved from Administrators' noticeboard/Incidents:

hi! i would like to get this open http proxy blocked: cyberghostvpn.com. they say, that they don't even give the identity (i. e. IP) of their users to the authorities, if the authorities r not accusing one of their users of being terrorists... access can be free of charge... one of their users did this (a threat in german, that translates to "when i catch u, u dirty [expletive]") and the same or another of their users this (sounds like he wants to date someone in real life...)... another edit from that open proxy is disruptive, too: ... this proxy is just good for vandalism, because a supressive government could monitor the traffic to and from that open proxy, so that just leaving the area of authority of such countries can help... :-) --Homer Landskirty (talk) 07:59, 26 February 2009 (UTC)


 * i think it is necessary to block at least 2 netblocks, because they seem to use 22 (www22) or more IPs... 217.114.220.0 - 217.114.220.63, 84.19.169.240 - 84.19.169.255 --Homer Landskirty (talk) 12:29, 28 February 2009 (UTC)

Blocking for a proper period of time
After reverting vandalism by 208.131.61.33 (talk), I was going to issue a standard warning when I discovered that it had previously been blocked as an open proxy. Knowing that these might be blocked on sight, I blocked it indefinitely, after which I went to reread our policy — and discovered that "Because the IPs may eventually be reassigned or the proxies closed, blocks should not be indefinite, but in some cases can be very long term". This is the first time that I've ever encountered an IP that I knew to be an open proxy (I know what one is, but I haven't a clue how one may know whether an IP is an open proxy or not), so I'm unclear on what to do. Would someone please check this IP and modify the block to a reasonable length? Nyttend (talk) 23:33, 19 March 2009 (UTC)

Revisit the reformat?
With ClueBot not editing for a month, anybody feel like going through with the reformatting? Q T C 11:02, 22 March 2009 (UTC)

I threw together a rough mockup here. Feel free to fiddle with it. Q T C 11:44, 22 March 2009 (UTC)


 * Anybody? Otherwise I maybe just go ahead, and make it all purdy like. Q  T C 01:56, 3 May 2009 (UTC)
 * Go for it. I'll probably tweak the intro, and the template to add some favourite links. Do we have a bot to archive the requests? -- zzuuzz (talk) 09:18, 3 May 2009 (UTC)
 * Not really, but there aren't that many requests that it will be that hard to do by hand for now. Q  T C 06:10, 8 May 2009 (UTC)

Well I went ahead and did it. Page could use some cleanup, lots of old requests, need to figure out a sorting for 'em. Q T C 07:36, 18 May 2009 (UTC)

Category:Tor exit nodes
I've recently cleaned this category of the IPs that were no longer blocked, so what is left are 200 IPs that (as of the last time KrimpBot touched them) are asserted to no longer be Tor exit nodes, but some are still blocked. Some were re-blocked after the bot touched them, or after someone unblocked based on the bots assertion... Anyhow... I'm not too familiar how to check if they are still actually an open proxy other than the tor node checker which I'm not sure is accurate? I'm rambling here. Perhaps someone should go through the category and clean it out, unblocking those that are no longer open proxies, or replacing former tor with blocked proxy for those that are. best, – xeno  ( talk ) 20:18, 25 March 2009 (UTC)


 * FWIW, I got an open bot request here to pickup where the old bot left off. Just waiting on BAG. Q  T C 22:08, 25 March 2009 (UTC)
 * I would advise caution and some manual checking of IPs which have been repeatedly blocked as open proxies, blocked by checkusers, or blocked with pertinent comments by blocking admins. A fair few of these IPs are multiple types of open proxy, open proxies most of the time, and/or still open proxies which will fail normal Tor checks or port scans. -- zzuuzz (talk) 22:29, 25 March 2009 (UTC)
 * The bot wont touch blocks, all it does is fixes/changes the template wrt the Tor node categories. Right now the templates are misleading since they're 6 months out of date. All blocking/unblocking should be manually reviewed anyways. It's just replacing KrimpBot. Q  T C 23:15, 25 March 2009 (UTC)
 * Yea, that's what I figured. so I'll probably just let you guys handle it, I just noticed that the category was bloated as the bot wasn't keeping up. – xeno  ( talk ) 03:47, 26 March 2009 (UTC)
 * Yep, I'll help go through them. It'll probably take slightly longer than a few days. -- zzuuzz (talk) 13:37, 26 March 2009 (UTC)

Alright, I'm withdrew the bot request for now till we figure out the best way to handle 'em. Pretty much 99% of the ones listed in Category:Unblocked_Tor_exit_nodes aren't exit nodes anymore, so those likely can be cleaned out. I'll make a list and post it. Q T C 13:48, 26 March 2009 (UTC)
 * I find that the templates and categories are only really useful for long term blocked proxies, if that helps. I'd also just like to point out that Category:Open proxies blocked on Wikipedia has many of the same problems. -- zzuuzz (talk) 13:53, 26 March 2009 (UTC)

Alright, it's a slightly large page Q  T C 17:14, 26 March 2009 (UTC)

Started working through Category:Unblocked_Tor_exit_nodes, 'bout a quarter of the way through the 2's. 22:34, 27 March 2009 (UTC)

Alright, I've: Unfortunately that means Blocked former is back up to 401. That means these will (likely) have to be sorted through to figure out the block reason to see if it was WRT tor or something else. Blocked Tor is now down to 76 entries.
 * Nulled (used tlx) on all the Not an Exit Node, and Not Blocked entries in all three categories
 * Sorted everything else into Category:Blocked Tor exit nodes or Category:Blocked former Tor exit nodes.

Since the Unblocked Tor edit nodes is effectively redundant due to TorBlock, I've nom'ed it here. What's left is to figure out what to do with the remaining categories, keep top level, kill subs? keep all? something else? Q T C 10:51, 28 March 2009 (UTC)

Blocked but still vandalism from this address?
is blocked but there is still vandalism from this address, why is that? Thanks. Dougweller (talk) 05:20, 4 May 2009 (UTC)
 * The address was unblocked a few months ago. Shubinator (talk) 06:04, 4 May 2009 (UTC)

Verified Users
Anybody opposed to cleaning out the 'verified users' list? It's pretty out of date. Q T C 06:13, 8 May 2009 (UTC)

Wikiproject discussion on Meta
I'm not sure how many of you all are active on Meta but I have requested that the project be marked inactive due to little to no interest from Meta editors. Nakon 00:13, 13 May 2009 (UTC)


 * Can't say I'm active at all on Meta, but if it needs more eyes, I can help out. Q  T C 07:15, 13 May 2009 (UTC)

What is an open proxy?
Hmmm? GeorgeLouis (talk) 06:47, 6 June 2009 (UTC)
 * See Open proxy. It's a computer which anyone can use to edit Wikipedia. -- zzuuzz (talk) 09:16, 6 June 2009 (UTC)

Thank you so much. GeorgeLouis (talk) 17:59, 6 June 2009 (UTC)

How to
Since requests on WikiProject on open proxies/Unblock seem to have a bit of a delay, and I imagine I'm not the only one clueless about proxies, it would be nice if somebody who knows how to determine whether or not a proxy is still active would write up a how-to for the rest of us. I attempted to find this through a Google search but didn't find anything useful. -- auburn pilot  talk  02:16, 12 June 2009 (UTC)


 * Main tool of trade is likely nmap and then something like telnet. A rough guide for nmap can be found here or here. Guess somebody could throw up a rough guide eventually.  Q  T C 05:23, 12 June 2009 (UTC)


 * I've started a basic how to at User:Zzuuzz/Guide to checking open proxies, though it hasn't got around to checking unblock requests specifically, it should be helpful. Feel free to add to it. -- zzuuzz (talk) 19:09, 19 October 2009 (UTC)

Archive bot
Is the archive bot still working? It doesn't seem to be... Calvin 1998 (t·c) 19:31, 12 June 2009 (UTC)
 * I'll fix it. -- Cobi(t 21:27, 12 June 2009 (UTC)
 * Ok, I just set up archival ... /Unchecked reports are archived to:
 * WP:WikiProject on open proxies/Archives/Open/2009/June, if they have.
 * WP:WikiProject on open proxies/Archives/Inconclusive/2009/June, if they have.
 * WP:WikiProject on open proxies/Archives/Closed/2009/June, if they have ❌.
 * WP:WikiProject on open proxies/Need Blocking, if they have.
 * /Need Blocking reports are archived to:
 * WP:WikiProject on open proxies/Archives/Closed/2009/June, if they have ❌.
 * /Unblock reports are archived to:
 * WP:WikiProject on open proxies/Archives/Unblock/2009/June, if they have.
 * WP:WikiProject on open proxies/Archives/Unblock/2009/June, if they have.
 * WP:WikiProject on open proxies/Archives/Unblock/2009/June, if they have ❌.
 * WP:WikiProject on open proxies/Archives/Unblock/2009/June, if they have.
 * The date will automatically update to be the current year and month. I also transcluded /Need Blocking on the front page.  -- Cobi(t 23:17, 12 June 2009 (UTC)
 * Any chance to get it to handle and/or  ??  Q  T C 05:13, 14 June 2009 (UTC)
 * Sure, will do. -- Cobi(t 07:10, 14 June 2009 (UTC)

Devil's Advocate
It's interesting to reflect that the fundamental strapline is:


 * "Welcome to Wikipedia, the free encyclopedia that anyone can edit."

Someone asked by the question if that is, indeed a Mission Statement for Wikipedia, then there is a non sequitur in blocking Open Proxies.

Not sure if I agree with that reasoning or not, but it is an interesting question! Marcfarrow (talk) 21:17, 16 July 2009 (UTC)
 * Rationale. Q  T C 22:10, 17 July 2009 (UTC)

WP:OPD
Discussion on the Bot-owners noticeboard regarding the usefullness of this page, does anybody use it? Is it relevant? Still wanted? Q T C 03:12, 4 December 2009 (UTC)

Need help in identifying and unblocking former Google Web Accelerator proxies
This might be old news, but I noticed that Google Web Accelerator has been discontinued, and many sources have shown that the proxies have been taken down. See and. Can some admins help me search for and unblock these IPs? I am not enough to unblock these IPs by myself. Jesse Viviano (talk) 19:35, 10 February 2010 (UTC)
 * See this for why this is now an urgent issue. Jesse Viviano (talk) 19:43, 10 February 2010 (UTC)
 * Unblocking willy-nilly might not be a good idea because some of these IPs can be used as mobile proxies. Jesse Viviano (talk) 17:11, 11 February 2010 (UTC)
 * Easy solution, wait till somebody actually needs to edit through the range. OverlordQ (talk) 05:01, 12 February 2010 (UTC)

ERSCA proxies
Whittled the list from here from ~840 down to about 80 unique working and currently unblocked CGI proxies and blocked them all. Q T C 06:30, 2 March 2010 (UTC)

If you would like to become a verified user, please read the main page
This instruction on the verified users page has always made me laugh. Is it supposed to be so obscure? Anyway I've set out some more information for people wanting to help out, at WikiProject on open proxies/verification. Please improve, comment, etc. -- zzuuzz (talk) 07:10, 27 April 2010 (UTC)


 * It would be nice if someone could also write up an "Administrator instructions" and link to it at the top-right hand corner of the page, similar to how it's done at Administrators' noticeboard/Edit warring and other noticeboards that require admin attention. -- &oelig; &trade; 01:44, 25 July 2010 (UTC)

Open_proxy_detection
So that list is continually updated with information regarding proxies, yet no action is taken... What exactly is the purpose of that page if no one ever uses it? Should this project start blocking proxies identified by that list? Netalarm talk 19:52, 10 October 2010 (UTC)
 * The list also contains non-proxies, ex-proxies, and possible proxies, and requires careful interpretation and confirmation. It is monitored, and the IPs listed on it should definitely NOT be blocked simply because they are on it. -- zzuuzz (talk) 20:04, 10 October 2010 (UTC)
 * Right, it's a general list of suspected proxies, but should someone be reviewing them for confirmed proxies? Netalarm talk 20:06, 10 October 2010 (UTC)
 * It is monitored. -- zzuuzz (talk) 20:08, 10 October 2010 (UTC)
 * Hmmm... You're saying that every change (new IP) is checked to see if it's an open proxy manually? That seems to be a lot of work. Netalarm talk 20:11, 10 October 2010 (UTC)
 * With experience you don't need to do that. -- zzuuzz (talk) 20:18, 10 October 2010 (UTC)

Cool. So I guess this is closed. *Moves on to other things* =P Netalarm talk 20:20, 10 October 2010 (UTC)

What's up with those IPs?
I'm finding surprisingly many IPs lately that are used by presumably the same banned user, but my usual methods don't give me anything conclusive. For example the following four: What are those? They are blacklisted in some spam lists (see the robtex links), but I don't know how to interpret that. Thanks, Amalthea  16:03, 20 October 2010 (UTC)
 * The blacklists are mostly just saying that they're dynamic IPs. There are two Miami Comcast IPs - that may not be a coincidence. Beyond that, at a guess, assuming they're the same user (!) I'd say they are used by an anonymising application. Not sure which one though. -- zzuuzz (talk) 19:35, 20 October 2010 (UTC)
 * There are anonymizers that use standard ADSL lines? That's annoying. Brexx (who this most likely is) used such services before, but so far they were usually recognizable as such. Thanks, Amalthea  10:44, 21 October 2010 (UTC)

Vandalism
I reported the IPs used by an editor to edit war on Cinnamon Gardens. Checking the edit histories of these IPs I see that they also posted to the articles listed below, mostly edit warring and silly vandalism. In most cases they were aimed against User:Cossde. The editor also posted a message on a user's talk page. Should I ask for semi-protection of these articles or should I check their edit histories to find more IPs to report?

Articles: Lalith Kotelawala, List of Royal College Colombo alumni, Royal College Colombo, Maumoon Abdul Gayoom, Thurstan College, Rajakeeya Mawatha, Polonnaruwa Rajakeeya Madya Maha Vidyalaya, Dinamina, Ritigala, Kidney stone, Velayudham, List of schools in Sri Lanka, Thai name, Rajakeeya Maha Vidyalaya -Telijjawila, Polonnaruwa Rajakeeya Madya Maha Vidyalaya, T.B. Kehelgamuwa, Siva Selliah, Golu, Lalith Kotelawala, Rajakeeya Mawatha, Deshamanya, Rajakeeya Mawatha, List of The Suite Life of Zack & Cody episodes, "The High School, Dublin", Prison rape, Royal Preparatory School, Edgware, Panadura Rajakeeya Vidyalaya, Multi boot.

TFD (talk) 19:11, 6 November 2010 (UTC)
 * It takes at least two to edit war. I've semi'd two of the frequent targets because it's plain disruptive, but the others probably haven't been too affected. It's usually not that helpful to look too far back into edit histories for open proxies. -- zzuuzz (talk) 19:43, 6 November 2010 (UTC)

I checked a few of the IPs that were grouped as "not proxies" with Symantec. Most of them came up with messages such as "The IP address 123.231.115.184 was found to have a negative reputation. Reasons for this assessment include: •The host is unauthorized to send email directly to email servers." Is that sufficient reason to mistrust them? TFD (talk) 17:20, 7 November 2010 (UTC)
 * No. You'll find many IPs end up on one blacklist or another - dynamic IPs especially. But from what I understand of that particular check result, all it means is that the DNS records for the IP address make it look like a residential IP address, or that rDNS hasn't been set up at all. If it was sending email recently that may indicate a problem, but not otherwise. -- zzuuzz (talk) 18:18, 7 November 2010 (UTC)

collateral damage seems to be spiking the last few days
We seem to be getting a lot of requests at Category:Requests for unblock the last few days from users caught up in various large scale blocks of proxies. Most of us who patrol that category are more inclined towards examining behavior than tech stuff, so it would be really helpful if someone active here could monitor the category. If you use this script it is easy to tell who is not directly blocked. Thanks. Beeblebrox (talk) 00:02, 24 January 2011 (UTC)
 * This is still going on, we've got blocked user talking about using a squid. I don't know what that means or if it is a valid objection to the three year long direct block of their ip so I can't evaluate their request. Beeblebrox (talk) 23:57, 30 January 2011 (UTC)
 * I looked at the request you are referring to. is saying that s/he's a proxy server to a limited number of computers, not to the entire internet.  If true, that shouldn't be a problem and s/he can be unblocked.  Unfortunately the server is down right now so I cannot check out the story.  However, in the requestor's favor, the ip is not in any proxy blacklists.  Sailsbystars (talk) 02:58, 31 January 2011 (UTC)
 * Also, it's useful if any blockedproxy ips requesting unblock are listed at WikiProject on open proxies. That way they can be checked in an organized fashion. Sailsbystars (talk) 03:07, 31 January 2011 (UTC)

User talk:207.170.247.22
While driving around town last night in my car and waiting to pick someone up, I logged onto an unsecure network, then proceeded to navigate to Wikipedia (while logged out), where I received one of the "You have new messages (etc...)" notices, so I was curious and found out about this IP address. I was nowhere near CWI, and I was definitely not logged into CWI's network, I am questioning whether the claim (on the talk page) is accurate about CWI owning the IP address. I brought it up at the Admins' Noticeboard, but ended up moving it to Jayron32's talk page (please take time to read that please), since it was just the two of us talking. Does the tag on the IP address need to be changed to reflect the current WHOIS data? – AJLtalk 00:23, 11 May 2011 (UTC)
 * Background
 * Now to the relevant part


 * The first thing to notice is that the Whois provides a ReferralServer. Using a proper Whois tool you get:

network:Network-Name:College-of-Western-Idaho-207-170-247-20 network:IP-Network:207.170.247.20/30 network:Org-Name:College of Western Idaho network:Street-Address:2223 W AIRPORT WAY network:City:BOISE ...
 * That's fairly authoritative, from the ISPs internal records, but I suppose it's possible that it's a bit out of date.
 * The second thing is the geolocation, which coincides with the college. Never trust geolocation, because it's very often based on the headquarters of the ISP (ie the college). Most AOL IP addresses (many millions of them) are geolocated to a town in Virginia with a population of a few thousand.
 * This leaves the question of why you found a college IP address where think it shouldn't be. It's possible that the college has actually assigned an IP address to someone in the neighbourhood, through twtelecom. It's also possible that there is a school (facility, library, etc) nearby which uses the college network. Many educational networks are shared like this. Another alternative is that you logged into a network which passes all its web traffic through proxy servers belonging to the college (or school). My guess would be that you were near a school on the network, and that the tag is correctly placed. -- zzuuzz (talk) 07:50, 11 May 2011 (UTC)


 * Alright then, thank you for your time. – AJLtalk 01:46, 12 May 2011 (UTC)

WIMIA test for detecting proxy servers
Hi, have you already added the WIMI test to detect proxy servers? It seems to be a very powerful check. --198.182.37.200 (talk) 12:33, 15 July 2011 (UTC)

New templates
We got some new templates in per Sailsbystars and myself talking, only partly done to finish tomorrow. -- DQ  (t)   (e)  03:33, 13 August 2011 (UTC)