Wikipedia:WikiProject on open proxies/Requests/Archives/14
This is an archive of past discussions on Wikipedia:WikiProject on open proxies. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current main page. |
216.52.207.75
– This proxy check request is closed and will soon be archived by a bot.
- 216.52.207.75 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits from open corporate proxy. GabeMc (talk|contribs) 19:30, 3 October 2013 (UTC)
- Not a corporate proxy, but a Zscaler-owned proxy, which should be super hard blocked (no editing even by admins). --Bigpoliticsfan (talk) 13:13, 14 November 2013 (UTC)
- I've blocked the range. Callanecc (talk • contribs • logs) 11:14, 28 January 2014 (UTC)
86.174.59.175
– This proxy check request is closed and will soon be archived by a bot.
- 86.174.59.175 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits
192.151.243.61
– This proxy check request is closed and will soon be archived by a bot.
- 192.151.243.61 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Confirmed proxy server[1]--Fareed30 (talk) 16:23, 4 October 2013 (UTC)
- Unlikely IP is an open proxy Maybe we should have an edit note here that clearly states whatismyipaddress is useless for proxy/not proxy. Anyway, this one was a bit weird, it looks like a Thai broadband provider. While there is abnormally high level of internet activity from this IP in general, it appears to be down right now. I doubt you'll find anything when it comes back up. Sailsbystars (talk) 05:19, 16 October 2013 (UTC)
198.7.58.96
– This proxy check request is closed and will soon be archived by a bot.
- 198.7.58.96 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits
- I received a password reset email from this IP and its WHOIS information indicates that it belongs to a webhosting company and may be a proxy server.—Ryulong (琉竜) 14:00, 14 October 2013 (UTC)
- Likely IP is an open proxy Almost certainly an open proxy. My guess is its some sort of web proxy, but I can't find the exact mechanism. I thought we had rangeblocked this ISP for a history of similar problems. Sailsbystars (talk) 14:44, 15 October 2013 (UTC)
- That statement by a verified proxy-check user, plus my own discovery that it is listed as an IP used by www.leaseweb.com, is enough for me. I have blocked the IP address. JamesBWatson (talk) 23:06, 22 November 2013 (UTC)
193.164.114.34
– This proxy check request is closed and will soon be archived by a bot.
- 193.164.114.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits Zad68
13:42, 15 October 2013 (UTC)
- Unlikely IP is an open proxy No visible proxy mechanisms, and it appears to be a normal residential IP. Sailsbystars (talk) 14:39, 15 October 2013 (UTC)
72.66.30.115
– This proxy check request is closed and will soon be archived by a bot.
- 72.66.30.115 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan User has been making borderline-abusive edits; while this seems like a standard IP from a large provider I don't know just by looking and I have some suspicions that he may be editing from a location other than where the IP resolves to. Daniel Case (talk) 02:58, 16 October 2013 (UTC)
- Unlikely IP is an open proxy I looked into it as best I could... no sign of a proxy on common proxy ports, no tor, and nothing out of the ordinary on the best proxy checking tool of them all (google). Sorry... Sailsbystars (talk) 05:01, 16 October 2013 (UTC)
113.37.88.34
– This proxy check request is closed and will soon be archived by a bot.
- 113.37.88.34 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Claims, very defiantly, that it's not an open proxy. Daniel Case (talk) 13:55, 18 October 2013 (UTC)
- However, it is a Confirmed sockpuppet of the banned user who had been using it shortly before, so I'm going to decline the unblock based on that. If this isn't a proxy, feel free to shorten the block. Reaper Eternal (talk) 16:01, 18 October 2013 (UTC)
- I did some poking... Doesn't seem to be any evidence of a proxy to me, so maybe shorten to 6 months or a year in case the ip changes hands? Sailsbystars (talk) 17:02, 18 October 2013 (UTC)
- Yeah, I can't find anything either now that I'm on my home connection. I've shortened it to a three month
{{checkuserblock}}
for abusive sock puppetry. Thanks. Reaper Eternal (talk) 01:31, 19 October 2013 (UTC)- Okay, I'll mark this as closed, everything seems to be resolved. Sailsbystars (talk) 06:33, 20 October 2013 (UTC)
- Yeah, I can't find anything either now that I'm on my home connection. I've shortened it to a three month
- I did some poking... Doesn't seem to be any evidence of a proxy to me, so maybe shorten to 6 months or a year in case the ip changes hands? Sailsbystars (talk) 17:02, 18 October 2013 (UTC)
197.210.248.31
– This proxy check request is closed and will soon be archived by a bot.
- 197.210.248.31 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits — Preceding unsigned comment added by Jamesx12345 (talk • contribs)
- User:Jamesx12345, could you shed some light on the reasons for your suspicions? At the moment there is no technical evidence for or against a proxy as the host is down.... and I'm trying to determine if it's worth the effort to delve deeper. The reasons for your suspicion are not obvious to me.... Sailsbystars (talk)
- It's from this report. There isn't a long pattern of abuse, so if it isn't strikingly clear it's not really worth making any special efforts to find out what it is. Jamesx12345 08:32, 20 October 2013 (UTC)
- ARGGGGGGGGGGGGHHHHHHHHHHHHHHHHHH. This is frustration with the whatismipaddress.com, not with you. Their proxy detection is utter rubbish, but it leads many well-meaning users to this page unnecessarily. I think I will poke a friendly admin to add an appropriate edit notice to this page. Thanks for clarifying! Sailsbystars (talk) 02:48, 21 October 2013 (UTC)
- It's from this report. There isn't a long pattern of abuse, so if it isn't strikingly clear it's not really worth making any special efforts to find out what it is. Jamesx12345 08:32, 20 October 2013 (UTC)
166.137.191.27, 166.147.88.30, and similar ips
– This proxy check request is closed and will soon be archived by a bot.
- 166.137.191.27 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 166.137.208.35 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 166.147.88.30 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: IP's are on a "Confirmed proxy server" according to whatismyipaddress.com/ip/. Appears to be the same person, editing and commenting on Naveen Jain, an article that has a regular history of whitewashing from ip's with direct conflicts of interest, such as the other recent ips that have been editing and commenting in a similar manner who are listed here.
I assume these similar ip's would have the same status as those listed above:
- 12.151.95.2 (talk · contribs)
- 166.137.191.19 (talk · contribs)
- 166.147.88.18 (talk · contribs)
- 166.147.88.19 (talk · contribs)
- 166.147.88.29 (talk · contribs)
- 166.147.88.37 (talk · contribs)
- 166.147.88.42 (talk · contribs)
- 166.147.88.46 (talk · contribs)
I've not checked the other edits of these ip's, so a block might be overkill unless the server status dictates it. --Ronz (talk) 01:41, 24 October 2013 (UTC)
- Wellllllll I've got good news and bad news. The good news is that the IPs are all likely the the same person. Pretty much all of the IPs except for 12.151.95.2 are cell phone IPs, which are a common tool used by people evading scrutiny these days. 12.151.95.2 is a hotel. The bad news is a rangeblock would be pretty much impossible (actually, it might even be literally impossible due to the size). The range on the cell provider is the biggest I've ever seen, a /9.... Which is about 0.2 % OF THE ENTIRE INTERNET. Oh and the other bad news is that there aren't any proxies there either. Sailsbystars (talk) 01:55, 25 October 2013 (UTC)
- Thanks for the info! --Ronz (talk) 16:32, 25 October 2013 (UTC)
218.215.169.221
– This proxy check request is closed and will soon be archived by a bot.
- 218.215.169.221 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
I'm fairly sure it's a proxy just not 100% on exactly how open it is (or if it's a webhost). I found a host (proxy1.classic.com.np) associated with the IP and it was blocked not long ago by ProcseeBot. As I said I'm fairly sure it's a proxy and that it's open. Callanecc (talk • contribs • logs) 06:08, 27 October 2013 (UTC)
- Are you sure you have the right IP? This one has never been blocked as far as I can tell and has no edits. It looks to be an australian business dsl or cable provider and doesn't have any of the "tells" characteristic of a proxy as far as I've poked it.... Sailsbystars (talk) 06:21, 30 October 2013 (UTC)
216.54.171.18
– This proxy check request is closed and will soon be archived by a bot.
- 216.54.171.18 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. IP appears on several black lists and at least one proxy list [2] - MrX 12:06, 27 October 2013 (UTC)
- Unlikely IP is an open proxy It looks like it was indeed a proxy server back in 2009, but I find no evidence of ongoing abuse. I also checked a few common proxy ports and came back with nothing. Business broadband IP. Sailsbystars (talk) 06:36, 30 October 2013 (UTC)
203.184.40.65
– This proxy check request is closed and will soon be archived by a bot.
- 203.184.40.65 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits Zad68
02:06, 1 November 2013 (UTC)
- Any hint why they are suspicious of an open proxy? Materialscientist (talk) 03:46, 1 November 2013 (UTC)
- This says "confirmed proxy server"... let me know if I'm doing this wrong!
Zad68
20:26, 1 November 2013 (UTC)- Open proxy comments by whatismyipaddress.com are ignored on this page - they are utterly unreliable. Materialscientist (talk) 23:51, 1 November 2013 (UTC)
- Thanks for letting me know, I won't use that in the future.
Zad68
14:38, 4 November 2013 (UTC)
- Thanks for letting me know, I won't use that in the future.
- Open proxy comments by whatismyipaddress.com are ignored on this page - they are utterly unreliable. Materialscientist (talk) 23:51, 1 November 2013 (UTC)
- This says "confirmed proxy server"... let me know if I'm doing this wrong!
- Unlikely IP is an open proxy Checked anyway. Doesn't look like one, but there's a lite webserver running on 8080 for a security system, FWIW. I had an editnotice added to the page about whatismyipaddress, since they're less than useless for proxies unfortunately.... Sailsbystars (talk) 02:22, 5 November 2013 (UTC)
109.73.111.19
– This proxy check request is closed and will soon be archived by a bot.
- 109.73.111.19 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- IP is an open proxy Wide open web proxy. I got bored and decided to see how long it would take me to find an unblocked proxy. Answer: about 20 minutes. Recommend year+ rangeblock on 109.73.111.0/25, which also has at least one other open proxy (109.73.11.29) that was used with the same service. Sailsbystars (talk) 08:05, 8 November 2013 (UTC)
- blocked by DQ. Sailsbystars (talk) 16:04, 9 November 2013 (UTC)
– This proxy check request is closed and will soon be archived by a bot.
- 95.142.164.78 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - currently blocked as an open proxy
- 24.205.56.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 142.165.235.51 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 173.62.39.33 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 189.4.11.131 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
- 174.92.139.121 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan - currently blocked as an open proxy
Unregistered user using Wikipedia for personal attacks and political propaganda. Two of the addresses used have been blocked as open proxies. - Mike Rosoft (talk) 06:36, 9 November 2012 (UTC)
- A quick check didn't find anything unusual for the unblocked IPs. The last IP also looked clean. The first is an obvious open proxy. Dennis Brown - 2¢ © Join WER 14:35, 12 December 2012 (UTC)
- Following up a few months later, I don't see any common ports open for any services at this time for 174.92.139.121. Might be a candidate to unblock. Dennis Brown - 2¢ © Join WER 18:29, 18 April 2013 (UTC)
- A few months later still... I have unblocked 174.92.139.121, as I can find no evidence that it is hosting any sort of proxy, or that it has any open ports. 95.142.164.78 is still an open proxy, and still blocked. The others show no sign of ever having been open proxies, and have not edited for months. There doesn't seem any need to do any more. JamesBWatson (talk) 11:11, 23 July 2013 (UTC)
208.123.162.2
– This proxy check request is closed and will soon be archived by a bot.
- 208.123.162.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: I find some ports open. Besides it most recently edited an article that has attracted a number of socks and proxy using editors in recent months. -- SMS Talk 15:39, 9 November 2013 (UTC)
- Inconclusive Looks like some sort of router type thing, possibly a hotel or coffeeshop. It has a standard open proxy port (8080) but when I try to use it, I get redirected to a login page. It's possible there's a misconfiguration that allows its use as a proxy, but I haven't been able to find it. Sailsbystars (talk) 16:15, 9 November 2013 (UTC)
188.97.252.42
– This proxy check request is closed and will soon be archived by a bot.
- 188.97.252.42 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock via UTRS. Note the editor states they have now changed their Tor node to a non-exit relay.--Jezebel'sPonyobons mots 22:16, 19 November 2013 (UTC)
- This is correct [3], but the IP is still set up as tor - I don't know what we do in such cases (a matter of trust that they don't reconfigure the exit port tomorrow). Materialscientist (talk) 22:31, 19 November 2013 (UTC)
- Hmmm, if they did reconfigure it, would TorNodeBot catch it and reblock it?--Jezebel'sPonyobons mots 22:17, 20 November 2013 (UTC)
- Maybe. I don't know how quickly and reliably does it catch new open tor nodes. Materialscientist (talk) 01:13, 21 November 2013 (UTC)
- TorNodeBot does not attempt to unblock people, so it would not detect a reconfiguration that stops it from being an exit relay (though the block would eventually expire). However, if it's the other way (going from a non-exit node to an exit node) I would expect it to detect it in a matter of hours. It's really dependent upon the traffic on the network, though, and how many current nodes there are. --Shirik (Questions or Comments?) 20:48, 21 November 2013 (UTC)
- Unblocked.--Jezebel'sPonyobons mots 17:45, 22 November 2013 (UTC)
- TorNodeBot does not attempt to unblock people, so it would not detect a reconfiguration that stops it from being an exit relay (though the block would eventually expire). However, if it's the other way (going from a non-exit node to an exit node) I would expect it to detect it in a matter of hours. It's really dependent upon the traffic on the network, though, and how many current nodes there are. --Shirik (Questions or Comments?) 20:48, 21 November 2013 (UTC)
- Maybe. I don't know how quickly and reliably does it catch new open tor nodes. Materialscientist (talk) 01:13, 21 November 2013 (UTC)
- Hmmm, if they did reconfigure it, would TorNodeBot catch it and reblock it?--Jezebel'sPonyobons mots 22:17, 20 November 2013 (UTC)
38.108.87.20
– This proxy check request is closed and will soon be archived by a bot.
- 38.108.87.20 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Suspicious edits. IP is a know source of spam, hacking attempts and likely an open proxy. - MrX 03:54, 24 November 2013 (UTC)
- Not currently an open proxy McDonald's wifi. So prone to abuse, but no justification for blocking on technical grounds alone. Sailsbystars (talk) 17:18, 30 November 2013 (UTC)
103.9.43.128
– This proxy check request is closed and will soon be archived by a bot.
- 103.9.43.128 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Editor has been edit warring with pro-Uruguay nationalistic reversions at the Carlos Gardel biography despite scholarly conclusions that Gardel was born in France. The IP is in New Zealand and appears to be a proxy for editors in other locations. Binksternet (talk) 17:25, 7 December 2013 (UTC)
- Possible IP is an open proxy Oh yikes. So it's a compromised computer with the Zeus (Trojan horse) malware infecting it. Which means it could certainly be acting as a proxy. It also could just be someone's home computer where they got infected.... Not sure what the appropriate course of action is here. Sailsbystars (talk) 16:33, 8 December 2013 (UTC)
- Why not indef the guy? Let him request an unblock, if he ever does. Binksternet (talk) 17:14, 8 December 2013 (UTC)
- Well, for one thing we don't indef IPs, particularly consumer ones such as this one. A 3-6 month block would not be unreasonable for this type of address in general if it were a proxy. The problem is we have fairly little precedent for compromised computers that aren't explicitly open proxies. Anyone with sufficient technical skills could easily use this IP as a proxy. However, the sufficient technical skills require non-trivial effort. There's over 3 million computers compromised by this particular malware, so blocking them all would be impractical. So a three month block on this IP with a warning about the trojan wouldn't be a bad idea, but it also wouldn't be hugely effective. If I had the bits I'd probably do it, but it's a grey area and I don't have said bits, and I don't know if you can find an admin that would do it, although there is at least one earlier incident where it was done. Sailsbystars (talk) 19:26, 8 December 2013 (UTC)
- Similar edits to the Carlos Gardel article are also being made by a different IP. The article has recently been semied for a week, which appears useful. I'd support a three-month block of this IP, which could be lifted if the owner of the machine can fix his problem. Though blocking 3 million IPs is impractical, blocking the one that's actually been causing trouble should be OK. EdJohnston (talk) 19:38, 8 December 2013 (UTC)
- Well, for one thing we don't indef IPs, particularly consumer ones such as this one. A 3-6 month block would not be unreasonable for this type of address in general if it were a proxy. The problem is we have fairly little precedent for compromised computers that aren't explicitly open proxies. Anyone with sufficient technical skills could easily use this IP as a proxy. However, the sufficient technical skills require non-trivial effort. There's over 3 million computers compromised by this particular malware, so blocking them all would be impractical. So a three month block on this IP with a warning about the trojan wouldn't be a bad idea, but it also wouldn't be hugely effective. If I had the bits I'd probably do it, but it's a grey area and I don't have said bits, and I don't know if you can find an admin that would do it, although there is at least one earlier incident where it was done. Sailsbystars (talk) 19:26, 8 December 2013 (UTC)
- Why not indef the guy? Let him request an unblock, if he ever does. Binksternet (talk) 17:14, 8 December 2013 (UTC)
- Possible IP is an open proxy Oh yikes. So it's a compromised computer with the Zeus (Trojan horse) malware infecting it. Which means it could certainly be acting as a proxy. It also could just be someone's home computer where they got infected.... Not sure what the appropriate course of action is here. Sailsbystars (talk) 16:33, 8 December 2013 (UTC)
I've now blocked 6 months as open proxy. De728631 (talk) 15:47, 27 January 2014 (UTC)
217.172.183.219
– This proxy check request is closed and will soon be archived by a bot.
- 217.172.183.219 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan Claims the admins who ran the check in September couldn't tell the difference between a Tor exit and non-exit node. Daniel Case (talk) 20:46, 9 December 2013 (UTC)
- Well, yes, it's not a tor exit node (although it is a tor node), but it's smack in the middle of a hosting range so there's no need to edit from that ip. Unless one is trying to evade scrutiny. If one wanted to be fair, one could remove the indef on the original ip since we don't indef IPs, and leave the rangeblock (which expires next year) intact. Sailsbystars (talk) 00:33, 10 December 2013 (UTC)
180.241.172.157
– This proxy check request is closed and will soon be archived by a bot.
- 180.241.172.157 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock - see User talk:SpartacksCompatriot. JohnCD (talk) 11:24, 22 December 2013 (UTC)
- Not currently an open proxy, unblocked. -- zzuuzz (talk) 11:58, 22 December 2013 (UTC)
100.42.227.57
– This proxy check request is closed and will soon be archived by a bot.
- 100.42.227.57 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Used by Wikinger (talk · contribs · deleted contribs · nuke contribs · logs · filter log · block user · block log) today and a couple of months ago. He's a frequent user of open proxies. I've blocked the IP for two weeks, but a longer block is probably in order. Favonian (talk) 19:01, 30 December 2013 (UTC)
- IP is an open proxy, reblocked. Materialscientist (talk) 00:01, 31 December 2013 (UTC)