Wikipedia:WikiProject on open proxies

Source: Wikipedia, the free encyclopedia.
    WikiProject on open proxies

    The WikiProject on open proxies seeks to identify, verify and block

    open proxies and anonymity network exit nodes. To prevent abuse or vandalism, only proxy checks by verified users
    will be accepted. All users are welcome to discuss on the talk page, report possible proxies, or request that a blocked IP be rechecked.


    Reporting

    Please report IP addresses you suspect are open proxies below. A project member will scan or attempt to connect to the proxy, and if confirmed will block the address.

    File a new report here
    I.
    For block requests:

    Verify that the following criterion has been met:

    • The IP has made abusive contributions within the past week
    For unblock requests:

    Verify that the following criteria has been met:

    • No current criteria
    II.

    For block requests Replace "IP" below with the IP address you are reporting.


    For unblock requests Replace "IP" below with the IP address you are reporting.


    III. Fill out the resulting page and fill-in the requested information.
    IV. Save the page.
    Verified Users/Sysops Templates
    • IP is an open proxy {{Proxycheck|confirmed}} for confirmed open proxies and Tor exit nodes.
    •  Likely IP is an open proxy {{Proxycheck|likely}} for likely open proxies and Tor exit nodes.
    •  Possible IP is an open proxy {{Proxycheck|possible}} for possible open proxies and Tor exit nodes.
    •  Unlikely IP is an open proxy {{Proxycheck|unlikely}} for unlikely open proxies and Tor exit nodes.
    • Not currently an open proxy {{Proxycheck|unrelated}} for IP's confirmed not to be an open proxy or Tor exit node.
    • Inconclusive {{Proxycheck|inconclusive}} for IP's that are inconclusive.
    • no Declined to run a check {{Proxycheck|decline}} to decline a check.
    • Open proxy blocked {{Proxycheck|blocked}} for open proxies and Tor nodes that have been blocked. Please add this if you block the IP.

    Requests

    165.85.64.0/22

    – A proxy checker has requested a second opinion on this case.

    Reason: Amazon AWB. 165.85.64.0 - 165.85.66.255 are all registered to Amazon AWB, hence the /22 range in this report. BLP disruption caught by filter log. 73.67.145.30 (talk) 16:45, 28 April 2023 (UTC)[reply]

    209.35.227.0/24

    – A proxy checker has requested a second opinion on this case.

    Reason: VPN. Perimeter 81. 73.67.145.30 (talk) 18:43, 15 May 2023 (UTC)[reply]

    •  Confirmed While the range is announced by Perimeter 81, and a large portion of it seems to be empty per Spur and Shodan, there are IP ranges within that are active on Perimeter 81's VPN product. However that product is aimed at businesses, with pricing to match. This seems similar to the Zscaler, McAfee WGCS cases that are also open at present. A softblock on the range might be appropriate however, the one contributor who was active on 15 May 2023 was using an IP that's part of their VPN range. While I've tried to pin down the exact range for just the IPs that are part of their VPN offering, it seems somewhat spread out throughout it with gaps, so it might be more expedient to just block it in its entirety. Flagging this for a 2O though, while we figure out how to handle this particular type of VPN provider. Sideswipe9th (talk) 00:22, 19 July 2023 (UTC)[reply]

    46.102.156.0/24 and 94.177.9.0/24

    – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

    https://www.alwyzon.com/en
    

    Reason: Both ranges belong to Hohl IT e.U. aka (Alwyzon) which is an Austrian provider of dedicated servers. Matthew Tyler-Harrington (aka mth8412) (talk) 03:45, 22 June 2023 (UTC)[reply]

     Confirmed as to the ranges with "Customers" in the name (/26), but I didn't check them all. This might also be a job for the ASNbot (AS40994) @AntiCompositeNumber:Mdaniels5757 (talk • contribs) 00:36, 8 December 2023 (UTC)[reply]

    157.167.128.0/24

    A user has requested a proxy check. A proxy checker will shortly look into the case.

    Reason: Cloud server/VPN. This is an odd one, because the IP range geolocates to Turkey, and is listed as a VPN network; but most of the edits are to Turkish-related articles. Is this some sort of corporate cloud network? 2601:1C0:4401:F60:8C11:4CC3:7E71:B4CE (talk) 20:54, 13 August 2023 (UTC)[reply]

    My reading is that this is a user or users in Turkey editing via a connection belonging to an enterprise, perhaps a business or a public body, that subscribes to cybersecurity services offered by Forcepoint. It looks to me like a corporate proxy. The contributions suggest a stable connection with largely unproblematic edits and I would not be inclined to take any action at this time. Malcolmxl5 (talk) 02:05, 20 January 2024 (UTC)[reply]

    5.42.72.0/21

    – A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

    Reason: IP range belongs to webhosting/VPN service. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 18:34, 20 August 2023 (UTC)[reply]

     Confirmed along with most things in [1]. Perhaps User:AntiCompositeNumber could add this (ASN 210644) to User:AntiCompositeBot/ASNBlock? — Mdaniels5757 (talk • contribs) 00:28, 8 December 2023 (UTC)[reply]

    65.151.155.241

    A user has requested a proxy check. A proxy checker will shortly look into the case.

    Reason: WHOIS reports "Network sharing device or proxy server"; Spur says "belongs to a call-back proxy network". Suspicious edits like https://en.wikipedia.org/w/index.php?title=Talk:HTTP_cookie&diff=prev&oldid=1145743447Bri (talk) 16:28, 3 January 2024 (UTC)[reply]

    @Bri: IP is an open proxy, but not in active use: last edits were ~6mo ago, so I think no action is needed. If a passing admin wants to block I won't object though. — Mdaniels5757 (talk • contribs) 01:10, 4 January 2024 (UTC)[reply]
    @Mdaniels5757. These types of proxies are rarely blocked for more than a few days. As they have been inactive for months, I'm inclined take no action. Malcolmxl5 (talk) 23:53, 9 March 2024 (UTC)[reply]

    212.82.69.130

    A user has requested a proxy check. A proxy checker will shortly look into the case.

    Reason: Made a unconstructive edit. Has a history of reverted edits. SPUR says Residental/Call-Back Proxy. Nobody (talk) 09:12, 5 March 2024 (UTC)[reply]

    41.215.169.49

    – A proxy checker has requested a second opinion on this case.

    41.215.169.49 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

    Reason: ACC request - Looks to a CGNAT belonging to Airtel Ghana (mobile operator). If cannot unblock, please soften down to AO - RichT|C|E-Mail 23:25, 5 March 2024 (UTC)[reply]

    Unfortunately this seems to fall in the 'secret-sauce' portion of the bot, since it looks like there was spam activity in the past, but not seeing anything current, so would love some feedback from @ST47:. Q T C 23:25, 6 March 2024 (UTC)[reply]

    202.134.9.141

    – A proxy checker has requested a second opinion on this case.

    202.134.9.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

    Reason: Same proxy sock that got blocked earlier for both ban evasion and editing with proxy. [2] He is still socking to restore the same article.[3][4] Ratnahastin (talk) 15:22, 8 March 2024 (UTC)[reply]

    There’s a lot of blocks in the history, the most recent is a 3 month /12 block in September for block evasion. Malcolmxl5 (talk) 11:06, 13 March 2024 (UTC)[reply]

    Automated lists and tools

    • User:AntiCompositeBot/ASNBlock maintained by User:AntiCompositeBot is a list of hosting provider ranges that need assessment for blocks that is updated daily. Admins are encouraged to review the list and assess for blocks as needed. All administrators are individually responsible for any blocks they make based on that list.
    • ISP Rangefinder is a tool that allows administrators to easily identify and hard block all ranges for an entire ISP. It should be used with extreme caution, but is useful for blocking known open proxy providers. All administrators are individually responsible for any blocks they make based on the results from this tool.
    • IPCheck is a tool that can help provide clues about potential open proxies.
    • Bullseye provides information about IPS, including clues about potential open proxies.
    • whois-referral is a generic WHOIS tool.
    • Range block finder finds present and past range blocks.

    See also

    Subpages
    Related pages
    Sister projects (defunct)