Jump to content

Wikipedia:WikiProject on open proxies/Archives/Open/2011/August

From Wikipedia, the free encyclopedia


68.68.29.65

– This proxy check request is closed and will soon be archived by a bot.

68.68.29.65 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: unblocked web proxy 1 Cheers! Feedintm (talk) 00:36, 23 April 2011 (UTC)

Confirmed. It also has a friend nearby (access link). Rangeblock? Sailsbystars (talk) 03:07, 23 April 2011 (UTC)
And a TOR node and two more suspicious IPs Special:Contributions/68.68.17.233 Special:Contributions/68.68.17.242 that get a lot of spammy listings in google searches.... Provider range is 68.68.16.0/20. Sailsbystars (talk) 03:37, 23 April 2011 (UTC)
Marking {{Template:Proxycheck|confirmed}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

208.86.2.98

– This proxy check request is closed and will soon be archived by a bot.

203.76.173.154 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
207.226.185.122 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
207.226.185.130 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
208.86.2.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
208.83.60.218 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
209.8.239.122 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
213.189.26.202 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Socking, came up on ANI, reposting here to make sure it gets appropriate attention from someone with the mop and also a second opinion. Resides on a 208.86.2.96/29 range belonging to a company that offers secure proxy services. I haven't downloaded their demo to test it, but I strongly suspect the service could be used for open proxy type abuse that would show up as edits originating from that range. Sailsbystars (talk) 10:41, 8 June 2011 (UTC)

Installed the software, IPs look as if they are single IPs, as you have multiple locations to choose where to get your connection from. I had trouble calling up the New Jersey server, though New Jersey 2 & 3 were working. Looks like a good proxy overall, too bad it costs money after the 3 day trial :) So I just need some more confirmation (aka new ones) that there are more proxies on the network and then I can do a range block. Blocked all the IPs individually. -- DQ (t) (e) 20:25, 8 June 2011 (UTC)
Marking {{Template:Proxycheck|confirmed}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

174.143.205.32

– This proxy check request is closed and will soon be archived by a bot.

67.225.232.8 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Recently blocked for a month as an open proxy; now used by an IP jumping edit warrior. Favonian (talk) 15:26, 19 June 2011 (UTC)

174.143.205.32 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Used by same IP jumping edit warrior as recently reported 67.225.232.8 (talk · contribs · WHOIS) Favonian (talk) 15:42, 19 June 2011 (UTC)

It's rackspace hosting.... I thought we already blocked their ranges because of known open proxies? Not an obvious proxy but we've seen abuse from other ranges owned by that provider.... Sailsbystars (talk) 22:31, 19 June 2011 (UTC)
Like this 174.143.241.167 (talk · contribs · WHOIS) tor node for instance.... Sailsbystars (talk)
Sailsbystars, let me know if this is not how we do things here...i'm not 100% clear on the policy, but i'm going to hit the /22 with a block because abuse + webserver in my mind = block. (same above for /17) -- DQ (t) (e) 00:54, 21 June 2011 (UTC)
Hitting the /22 is probably safe. But the rackspace hosting block is 173.143/16, which is an enormous number of IPs (65000!). Yet only 20ish of them have ever touched wikipedia and at least the two mentioned here were suspicious. Unfortunately I've got a lot going on right now offline so I don't have too much time to investigate the broader range. So go ahead and block the /22 and I'll see if I can investigate some more when I have more time in a few weeks to determine the disposition of the /16 (although anyone else is also welcome to investigate). Sailsbystars (talk) 02:01, 21 June 2011 (UTC)
Here are the recent anon contributions from the full /16 range: rangecontribs. There are only a couple of dozen edits since January 2011 from that range, and it seems possible it's all the same guy. The really bad stuff comes from 174.143.204 and 205, so the /22 is clearly a safe bet for blocking. In my opinion a one-year block of the /22 range would be fine. EdJohnston (talk) 04:26, 14 July 2011 (UTC)
Marking {{Template:Proxycheck|confirmed}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

174.139.114.107

– This proxy check request is closed and will soon be archived by a bot.

174.139.114.107 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Web host

Rangecontribs: here

According to WHOIS, this IP is part of a range belonging to VPLS Inc. d/b/a Krypt Technologies, a web hosting firm located in Orange, CA. The whole range seems to be: 174.139.0.0/16. This IP has participated in editing at Talk:Kurmi, which is an Indian caste article that has been the subject of dispute. Since this is a web host, I think it is reasonable to hardblock the whole /16 range for a year or more. Listing the IP for review here in case there are any other opinions. EdJohnston (talk) 22:25, 13 July 2011 (UTC)

I don't like the results I getting from multiple points. /16 hit for a year. -- DQ (t) (e) 13:34, 14 July 2011 (UTC)
Marking {{Template:Proxycheck|likely}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

206.217.140.226

– This proxy check request is closed and will soon be archived by a bot. ARTOFWARCENTRAL.COM

206.217.140.226 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
206.217.140.227 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
206.217.140.229 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

COLOCROSSING

216.246.49.18 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
216.246.49.20 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

These IPs seem to be allocated to COLOCROSSING, which then allocates some to ARTOFWARCENTRAL.COM.[1] That is a commercial proxying service aimed at gamers.[2] I'm guessing that the 216.246.49.XX IPs, though registered with COLOCROSSING, may also be part of the ARTOFWARCENTRAL allocation.

Reason: These are clearly the same user, who has engaged in disruptive (and also helpful) activities. Since he appears to be experienced, it's possible that he's a blocked or banned editor.   Will Beback  talk  20:57, 30 July 2011 (UTC)

Quick glance says proxy via PPTP. I would say block for abuse if they are abusive, and then if i find anything else tomorrow when i'm awake we can consider longer blocks. -- DQ (t) (e) 02:38, 3 August 2011 (UTC)
Sorry for the delay, put a rangeblock down for both sets. -- DQ (t) (e) 18:23, 11 August 2011 (UTC)
Marking {{Template:Proxycheck|confirmed}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)

178.162.134.29

– This proxy check request is closed and will soon be archived by a bot.

178.162.134.29 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Previously blocked as open proxy. Another IP, which just got blocked as an open proxy, recently did this regarding the talk page of the reported IP. I took the liberty of deleting said talk page. Favonian (talk) 08:13, 5 August 2011 (UTC)

Blocked the /26 after varying results indicating a webhost across the range. -- DQ (t) (e) 12:46, 6 August 2011 (UTC)
Marking {{Template:Proxycheck|likely}} -- DQ (t) (e) 03:47, 13 August 2011 (UTC)