Well, as you may or may not have noticed, our facilities for dealing with users vandalizing from open proxies is quite... limited. We can block the IPs that edit, but that doesn't stop the thousands of other IPs that could vandalize as well.
As such, I'd like to propose a solution, should the community agree. Before I propose the solution, however, allow me to tell you about a little page on the wiki called MediaWiki:Anonrights. This page allows sysops to remove rights from anons during times of attack, notably the ability to edit and create accounts, and even read the wiki should things start to get DDOS-y. To remove a right, all a sysop needs to do is edit that page and add the right to remove in a bulleted list, e.g. "* edit" or "* createaccount". To give the right back, the sysop just edits the page again and removes that line.
Now for the proposed solution: MediaWiki offers the ability to check every editor's IP against an online blacklist of known open proxies. Should an IP match the blacklist, the user is given the generic "You are blocked from editing" message and cannot proceed. These restrictions apply to both logged-in and logged-out editors, but certain groups can be made exempt via the "proxyunbannable" right.
Since enabling this constantly could prove to be disruptive to many editors (as some people require proxies in order to edit, such as from a school perhaps), we haven't enabled it yet. Enabling it only during attacks would require someone with server access to be on standby 24/7, which is an unlikely scenario. What I'd like is for sysops to enable and disable the open proxy check at will, via an interface much like the MediaWiki:Anonrights page, and this is how: The blacklist will be enabled, but EVERY user (even logged out ones) will be given the "proxyunbannable" right. This means that even if a user matches a blacklist entry, they can still edit. In times of emergency, sysops can go to the MediaWiki:Anonrights page and add in a bullet stating "* proxyunbannable" to fully enable the blacklist for logged out users.
What say you?
Allowing sysops to block open proxies during attacks
3 posts
• Page 1 of 1
Allowing sysops to block open proxies during attacks
by Skizzerz » Wed Jun 23, 2010 4:21 pm
Dunno what to put here...
-
Skizzerz - Administrator
- Posts: 190
- Joined: Thu Mar 08, 2007 9:45 pm
- Location: Wisconsin, United States
Re: Allowing sysops to block open proxies during attacks
by prod » Sat Jun 26, 2010 1:48 pm
How do we enable this? Built in, or extension?
- prod
- Administrator
- Posts: 165
- Joined: Sun Oct 08, 2006 12:18 am
Re: Allowing sysops to block open proxies during attacks
by Skizzerz » Sat Jun 26, 2010 1:52 pm
- Code: Select all
$wsEnableSorbs = true; //1.15 and lower
$wgEnableDnsBlacklist = true; //1.16+
$wgGroupPermissions['*']['proxyunbannable'] = true; //removable via MediaWiki:Anonrights
Dunno what to put here...
-
Skizzerz - Administrator
- Posts: 190
- Joined: Thu Mar 08, 2007 9:45 pm
- Location: Wisconsin, United States
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
