→62.84.94.6: close |
Darkness Shines (talk | contribs) →Tor nodes: +1 |
||
Line 105: | Line 105: | ||
Reason: [https://www.torservers.net/exits.html List of Tor nodes], can someone look and make sure all of these are blocked? I'm finding some are unblocked. -- [[User:DeltaQuad|<font color="green">DQ</font>]] [[User_Talk:DeltaQuad|<font color="blue">(ʞlɐʇ)</font>]] 02:02, 2 May 2013 (UTC) |
Reason: [https://www.torservers.net/exits.html List of Tor nodes], can someone look and make sure all of these are blocked? I'm finding some are unblocked. -- [[User:DeltaQuad|<font color="green">DQ</font>]] [[User_Talk:DeltaQuad|<font color="blue">(ʞlɐʇ)</font>]] 02:02, 2 May 2013 (UTC) |
||
:So what exactly counts as unblocked? If something is globally blocked, but only anon-blocked here should we tweak it to full local block? (e.g. [https://en.wikipedia.org/wiki/Special:BlockList?wpTarget=96.44.189.101&limit=50]) [[User:Sailsbystars|Sailsbystars]] ([[User talk:Sailsbystars|talk]]) 02:33, 7 May 2013 (UTC) |
:So what exactly counts as unblocked? If something is globally blocked, but only anon-blocked here should we tweak it to full local block? (e.g. [https://en.wikipedia.org/wiki/Special:BlockList?wpTarget=96.44.189.101&limit=50]) [[User:Sailsbystars|Sailsbystars]] ([[User talk:Sailsbystars|talk]]) 02:33, 7 May 2013 (UTC) |
||
==206.190.158.72== |
|||
{{proxycheckstatus}} |
|||
{{Proxyip4|206.190.158.72}} |
|||
<!-- Edit, add any other comments and sign --> |
|||
<!-- NOTE: If you are reporting a web-proxy *please* include the URL if known. --> |
|||
Suspicious edits. [http://en.wikipedia.org/w/index.php?title=British_Pakistanis&curid=13666767&diff=554754440&oldid=554751992 This] edit is obviously a sock. WhatismyIP says this is a Network sharing device or proxy server and has recently been reported for spamming on forums[http://whatismyipaddress.com/ip/206.190.158.72]. [[User:Darkness Shines|Darkness Shines]] ([[User talk:Darkness Shines|talk]]) 17:17, 12 May 2013 (UTC) |
|||
<!-- Edit, add any other comments and sign --> |
|||
<!-- NOTE: If you are reporting a web-proxy *please* include the URL if known. --> |
Revision as of 17:17, 12 May 2013
Index |
217.115.10.133
A user has requested a proxy check. A proxy checker will shortly look into the case. 217.115.10.133 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan Blocked same as above, but seems to be a tor exit node (see whois info and https://www.ccc.de/anonymizer/). Tijfo098 (talk) 06:02, 18 October 2012 (UTC)
- Blocked as tor. This is a small part of a wide tor project resolving to anonymizer.ccc.de, anonymizer.hamburg.ccc.de, torXX.anonymizer.ccc.de (where XX is a number from 1 to at least 33), etc., i.e., again, the tip of an iceberg. Materialscientist (talk) 05:54, 20 October 2012 (UTC)
- Indeed. A few random tests:
- tor5.anonymizer.ccc.de -> 80.237.226.75
- tor10.anonymizer.ccc.de -> 62.113.219.3
- tor15.anonymizer.ccc.de -> not registered
- tor20.anonymizer.ccc.de -> 31.172.30.3
- tor25.anonymizer.ccc.de -> not registered
- tor30.anonymizer.ccc.de -> 77.244.254.230
- They belong to various IPSs, but all are rented out to "Chaos Computer Club e.V." Tijfo098 (talk) 06:17, 20 October 2012 (UTC)
- It's a bit more tricky: you can type the url into robtext and get their ranges, but those ranges are shared and the tor takes only a small part. For example, for 217.115.10.133, only 3 nearby IPs (trial-and-error check, not 100% sure) clearly relate to tor33.anonymizer.ccc.de, many others from the range belong to something else. And as usual, such shared ranges often host other semilegal services. Materialscientist (talk) 06:21, 20 October 2012 (UTC)
- The whois info in this case is more helpful: 217.115.10.128 - 217.115.10.143 (a /28 it would seem) are all registered to CCC.de, although this is indeed less than the whole 217.115.0.0/20 Netsign PA Route. So you could issue a more discerning range block to the CCC /28. In the 80.237.226.72 - 80.237.226.79 case it's a /29 that is leased by CCC (out of the whole /17 route). If we go by the 80.237 precedent, the tor node(s) are eventually moved around the range(s) CCC rents. And it looks like the same R&I banned user was the sole editor from both of these. Tijfo098 (talk) 06:59, 20 October 2012 (UTC)
- It's a bit more tricky: you can type the url into robtext and get their ranges, but those ranges are shared and the tor takes only a small part. For example, for 217.115.10.133, only 3 nearby IPs (trial-and-error check, not 100% sure) clearly relate to tor33.anonymizer.ccc.de, many others from the range belong to something else. And as usual, such shared ranges often host other semilegal services. Materialscientist (talk) 06:21, 20 October 2012 (UTC)
- Indeed. A few random tests:
Known CCC.de ranges
Tijfo098 (talk) 07:07, 20 October 2012 (UTC)
- Thanks. /29 contains only 6 IPs. If you check them individually in [1] you'll find that most of them (if not all) are already blocked one way or another, or don't clearly belong to the targeted tor. Materialscientist (talk) 07:17, 20 October 2012 (UTC)
- Which ones do not? Tijfo098 (talk) 07:21, 20 October 2012 (UTC)
- I judge that by robtex, which shows a different server for some nearby IPs in the range. Those tors usually take about 4 IPs/range, but ranges are many. Off course, we can always rangeblock a wider range if it is inactive, but then we might get justified unblock requests. Materialscientist (talk) 07:32, 20 October 2012 (UTC)
- It looks to me like the only controversy here is over the 217.115.10.135 - 217.115.10.142 range (because you blocked the lower IPs of the last /28 I listed above) The 135-142 range is listed as allocated to CCC.de in whois, but none of those IPs respond to ping (unlike the lower IPs), so it looks like there's simply no hardware behind them, just yet. Tijfo098 (talk) 08:11, 20 October 2012 (UTC)
- I judge that by robtex, which shows a different server for some nearby IPs in the range. Those tors usually take about 4 IPs/range, but ranges are many. Off course, we can always rangeblock a wider range if it is inactive, but then we might get justified unblock requests. Materialscientist (talk) 07:32, 20 October 2012 (UTC)
- Which ones do not? Tijfo098 (talk) 07:21, 20 October 2012 (UTC)
A user has requested a proxy check. A proxy checker will shortly look into the case. 95.142.164.78 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - currently blocked as an open proxy 24.205.56.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 142.165.235.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 173.62.39.33 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 189.4.11.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 174.92.139.121 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - currently blocked as an open proxy
Unregistered user using Wikipedia for personal attacks and political propaganda. Two of the addresses used have been blocked as open proxies. - Mike Rosoft (talk) 06:36, 9 November 2012 (UTC)
- A quick check didn't find anything unusual for the unblocked IPs. The last IP also looked clean. The first is an obvious open proxy. Dennis Brown - 2¢ © Join WER 14:35, 12 December 2012 (UTC)
- Following up a few months later, I don't see any common ports open for any services at this time for 174.92.139.121. Might be a candidate to unblock. Dennis Brown - 2¢ © Join WER 18:29, 18 April 2013 (UTC)
67.142.168.22 et al
A user has requested a proxy check. A proxy checker will shortly look into the case. 67.142.168.22 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 67.142.168.23 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 67.142.168.25 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan 67.142.168.27 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
All 3 4 IPs' geolocation data says "Confirmed proxy server". This, combined with several suspicious edits seem to suggest that something else is in play here.—Ryulong (琉竜) 20:42, 9 November 2012 (UTC)
- The range 67.142.168.16/28 has been blocked by User:Coren - "Webhost/server farm hosting proxies". - Mike Rosoft (talk) 20:57, 24 November 2012 (UTC)
- Being a confirmed proxy server isn't a problem by itself. This is a very odd range to have for farming, owned by DirecPC. Dennis Brown - 2¢ © Join WER 14:43, 12 December 2012 (UTC)
203.174.79.131
– This proxy check request is closed and will soon be archived by a bot. 203.174.79.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan I got one of those "somebody tried to get your password" media wiki emails, and it said this IP was the source of the request Trying, however incompetently, to hack an admin account seems pretty abusive to me, the geolocation says this is a confirmed proxy server in Japan. Beeblebrox (talk) 16:57, 31 January 2013 (UTC)
- Inconclusive Something is very fishy with this IP. It comes from an electric power company in Japan.... it's clearly some sort of gateway server, but it's not obviously open. Sailsbystars (talk) 05:22, 5 February 2013 (UTC)
- It's been assigned to something akin to a hotel per the latest WHOIS
--184.6.222.14 (talk) 23:57, 7 May 2013 (UTC)
- Not a hotel, data-hotel.net is the name of the ISP that provides service to the power company. I don't see any open ports either. Sounds like an employee, not a remote user. Likely an internal firewall/gateway. Dennis Brown - 2¢ © Join WER 00:47, 8 May 2013 (UTC)
83.170.64.0/19
– A proxy checker has placed this case on hold pending further information or developments. 83.170.64.0/19 · contribs · block · log · stalk · Robtex · whois · Google See User talk:Bigpresh. Range was blocked as an open proxy in Dec. 2011. JohnCD (talk) 17:05, 27 March 2013 (UTC)
- I'm at work now so I can't do any serious checking. I was involved in the original block and there were definitely strong reasons to consider it a proxy at the time discussion 2 discussion 1. However, if they're now serious about nuking proxies on their net, that can only be a plus. Sailsbystars (talk) 17:51, 27 March 2013 (UTC)
- I'm going to leave a note on the user's talk page. Sailsbystars (talk) 07:25, 28 March 2013 (UTC)
- Query: has anyone else heard more from this user? My conversation on the user page hasn't gotten a response, nor have I heard anything via email? Sailsbystars (talk) 02:24, 10 April 2013 (UTC)
62.84.94.6
– This proxy check request is closed and will soon be archived by a bot. 62.84.94.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Currently anonblocked, and confirmed proxy which is already blocked on commons, arwiki, frwiki, and ruwiki. FunPika 12:31, 10 April 2013 (UTC)
- Inconclusive - It's in several proxy lists, but it resolves to cachebox.lynx.net.lb, which implies that its a caching proxy for a specific ISP, not an open proxy that anyone can abuse. I found one alleged proxy mechanism, but it didn't work for me. The anonblock seems to be the appropriate solution here. The RU wiki proxy listed entrance server for this IP (62.84.73.100) seemed to work but didn't actually change my IP. Sailsbystars (talk) 17:51, 10 April 2013 (UTC)
- Only 8082 looks possible, and that isn't an open port at the time I checked. Dennis Brown - 2¢ © Join WER 18:35, 18 April 2013 (UTC)
- Checked again today, same thing. Dennis Brown - 2¢ © Join WER 00:48, 8 May 2013 (UTC)
Tor nodes
A user has requested a proxy check. A proxy checker will shortly look into the case. 96.44.189.98 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: List of Tor nodes, can someone look and make sure all of these are blocked? I'm finding some are unblocked. -- DQ (ʞlɐʇ) 02:02, 2 May 2013 (UTC)
- So what exactly counts as unblocked? If something is globally blocked, but only anon-blocked here should we tweak it to full local block? (e.g. [2]) Sailsbystars (talk) 02:33, 7 May 2013 (UTC)
206.190.158.72
A user has requested a proxy check. A proxy checker will shortly look into the case. 206.190.158.72 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan Suspicious edits. This edit is obviously a sock. WhatismyIP says this is a Network sharing device or proxy server and has recently been reported for spamming on forums[3]. Darkness Shines (talk) 17:17, 12 May 2013 (UTC)