Wikipedia:WikiProject on open proxies/Requests: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Line 340: Line 340:
<!-- NOTE: If you are reporting a web-proxy *please* include the URL if known. -->
<!-- NOTE: If you are reporting a web-proxy *please* include the URL if known. -->
Reason: Open proxy/VPN service. [[Special:Contributions/2601:601:51C:6A8:4D49:CA1F:3CB5:D334|2601:601:51C:6A8:4D49:CA1F:3CB5:D334]] ([[User talk:2601:601:51C:6A8:4D49:CA1F:3CB5:D334|talk]]) 17:22, 3 September 2023 (UTC)
Reason: Open proxy/VPN service. [[Special:Contributions/2601:601:51C:6A8:4D49:CA1F:3CB5:D334|2601:601:51C:6A8:4D49:CA1F:3CB5:D334]] ([[User talk:2601:601:51C:6A8:4D49:CA1F:3CB5:D334|talk]]) 17:22, 3 September 2023 (UTC)

== 165.225.192.0/18 ==

{{proxycheckstatus|}}
* {{Proxyip|165.225.192.0/18}}

<!-- Edit, add any other comments and sign -->
<!-- NOTE: If you are reporting a web-proxy *please* include the URL if known. -->
Reason: Zscaler VPN. Previously blocked. [[Special:Contributions/2601:601:51C:811:E15D:3D87:821D:CE85|2601:601:51C:811:E15D:3D87:821D:CE85]] ([[User talk:2601:601:51C:811:E15D:3D87:821D:CE85|talk]]) 19:41, 4 September 2023 (UTC)

Revision as of 19:41, 4 September 2023


Shortcut

188.215.95.0/24

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: The range seems to be announced by IPXO (per Hurricane Electric), an "IP marketplace" according to their website. All IPs in the range who have made contributions since 1 January 2023 are active on ExpressVPN, as well as a handful of varying residential proxies according to Spur. I've not done a fully exhaustive check on the range yet, but the only IPs I've seen not flagged as ExpressVPN on the Spur data are .251-.255, though they are still listed as data centre IPs.

It may also be worth the other /24s listed on HE as being announced by IPXO as well for any that haven't yet been blocked (some have) but probably should be. Sideswipe9th (talk) 20:56, 4 February 2023 (UTC)[reply]

Ok, I've checked through the other /24s listed. Most are either locally or globally blocked (sometimes both), but I did find a list of 20 /24 ranges that are not currently blocked. I'll check through that list now and see if I can categorise them briefly before posting them. Sideswipe9th (talk) 21:32, 4 February 2023 (UTC)[reply]
Done some spot checks on the other /24s, alas I don't have the tools or time to do a full check on each range. Results below split into three categories; ExpressVPN, data centre and possible unknown proxy, and unknown. The four ExpressVPN ranges are the ones I'm most confident on, there was only a few IPs in each range for which all were at a consistent last octet that weren't showing as ExpressVPN exit nodes, and the unknown ones at the end are the ones I'm least confident on.
With all of the ranges currently being assigned by IPXO, I suspect the potential for any individual IP in a range to become a proxy or VPN exit node at random is high, even if the range itself is largely not proxy or VPN exit nodes at this time.
ExpressVPN:
Data centre and possible unknown proxy:
Unknown:
Sideswipe9th (talk) 22:53, 4 February 2023 (UTC)[reply]
Flagging this for admin attention. At least for the VPN and datacenter ranges. MarioGom (talk) 12:54, 19 February 2023 (UTC)[reply]
Could someone please action this? There's a proxy hopping editor on the 192.101.67.0/24 · contribs · block · log · stalk · Robtex · whois · Google range who's just made two disruptive edits against a long standing consensus on Irreversible Damage. Sideswipe9th (talk) 21:24, 7 March 2023 (UTC)[reply]
ExpressVPN ranges done, hoping to circle back to the rest. --Blablubbs (talk) 16:00, 12 March 2023 (UTC)[reply]

161.69.116.0/24

– A proxy checker has requested a second opinion on this case.

Reason: VPN server. 73.67.145.30 (talk) 18:38, 17 April 2023 (UTC)[reply]

McAfee WGCS is a corporate gateway, technically a VPN, but last time it was discussed here, it was not blocked. Requesting a second opinion. MarioGom (talk) 21:43, 26 April 2023 (UTC)[reply]
Not an admin, so feel free to ignore. Looking at the two prior discussions on this (March 2021, May 2022) it seems that softblocking might be appropriate in this case? There are some McAfee WGCS ranges that we do currently softblock (eg 185.221.70.0/24, 208.81.64.0/21) so this would at least be consistent with them, though there are other ranges that we don't currently softblock (eg 185.125.227.0/24).
Whatever the decision is from this discussion, we may want to look at making things consistent across all of the known ranges. Sideswipe9th (talk) 21:56, 26 April 2023 (UTC)[reply]

165.85.64.0/22

– A proxy checker has requested a second opinion on this case.

Reason: Amazon AWB. 165.85.64.0 - 165.85.66.255 are all registered to Amazon AWB, hence the /22 range in this report. BLP disruption caught by filter log. 73.67.145.30 (talk) 16:45, 28 April 2023 (UTC)[reply]

2a00:f48:1003:22dd::1

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: VPN network/Webhosting service. 73.67.145.30 (talk) 08:05, 1 May 2023 (UTC)[reply]

  •  Unlikely IP is an open proxy While ipcheck states it's likely a proxy due to some API data, I'm not seeing any activity on Spur and Shodan, and technical research into the IP didn't turn up anything of note. However, the /48 range this IP belongs to is currently announced by a web and VPS hosting provider from Germany, and the /32 range is assigned to a colocation provider also in Germany. A webhostblock on the /48 or a colocationwebhost block on the /32 might be appropriate in the circumstances. Flagging for a second opinion though because either choice is a big range. Sideswipe9th (talk) 20:26, 17 July 2023 (UTC)[reply]
I agree a webhost block on the /47 could be appropriate. Flagging for admin attention for the final call. MarioGom (talk) 09:10, 27 August 2023 (UTC)[reply]

125.212.241.0/24

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Disruption. Possible VPN server. 73.67.145.30 (talk) 19:22, 7 May 2023 (UTC)[reply]

209.35.227.0/24

– A proxy checker has requested a second opinion on this case.

Reason: VPN. Perimeter 81. 73.67.145.30 (talk) 18:43, 15 May 2023 (UTC)[reply]

  •  Confirmed While the range is announced by Perimeter 81, and a large portion of it seems to be empty per Spur and Shodan, there are IP ranges within that are active on Perimeter 81's VPN product. However that product is aimed at businesses, with pricing to match. This seems similar to the Zscaler, McAfee WGCS cases that are also open at present. A softblock on the range might be appropriate however, the one contributor who was active on 15 May 2023 was using an IP that's part of their VPN range. While I've tried to pin down the exact range for just the IPs that are part of their VPN offering, it seems somewhat spread out throughout it with gaps, so it might be more expedient to just block it in its entirety. Flagging this for a 2O though, while we figure out how to handle this particular type of VPN provider. Sideswipe9th (talk) 00:22, 19 July 2023 (UTC)[reply]

165.225.192.0/18

– A proxy checker has requested a second opinion on this case.

Reason: Webhost/VPN. 73.67.145.30 (talk) 16:23, 17 May 2023 (UTC)[reply]

  • I'm in two minds about this one. The range is a webhost who provide a proxy service on it, but it's Zscaler. There are Zscaler ranges that are currently locally blocked (eg 137.83.128.0/24, 89.167.131.0/24, quarry for other ranges) and even some that are globally blocked (like 104.129.192.0/20), but the service itself has been discussed a couple of times at AN (September 2021, August 2020) and there seems to be a consensus that a {{Colocationwebhost-soft}}/softblock might be appropriate in some circumstances. But, this is a pretty big range, and even with some problematic IP edits here, there'd be a lot of collateral. Not sure what to recommend off this one, but I'm going to ping Zzuuzz and ST47 as you both seem to have handled many of these IPs and ranges. Sideswipe9th (talk) 02:28, 17 July 2023 (UTC)[reply]
    As I previously commented on those linked threads, I usually strongly oppose blocking Zscaler just because it's Zscaler. We don't need to aim for consistency here, just block where there's disruption. Looking at the range, nothing really jumps out to me. -- zzuuzz (talk) 08:49, 17 July 2023 (UTC)[reply]
    Hmmm. Personally I like consistency, as it makes handling cases like this easier. Though, I do of course recognise that Zscaler has a large number of legitimate users. There are certainly disruptive edits in the range, they're more visible if you filter the contribs by mw-reverted, or one of the "possible BLP/vandalism" tags, but with a range this large that's kinda to be expected I guess. I guess it comes down to what our policy on general paid proxies is, and the global policy is certainly that paid proxies may be blocked without warning for an indefinite period, but that discussion seems out of scope for this request. Sideswipe9th (talk) 18:31, 17 July 2023 (UTC)[reply]

156.255.1.0/24

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Webhost. 73.67.145.30 (talk) 18:12, 25 May 2023 (UTC)[reply]

46.102.156.0/24 and 94.177.9.0/24

A user has requested a proxy check. A proxy checker will shortly look into the case. 

https://www.alwyzon.com/en

Reason: Both ranges belong to Hohl IT e.U. aka (Alwyzon) which is an Austrian provider of dedicated servers. Matthew Tyler-Harrington (aka mth8412) (talk) 03:45, 22 June 2023 (UTC)[reply]

176.126.232.134

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

176.126.232.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan

Reason: Requested unblock. I'm unable to edit wikipedia pages from this IP (our office) even when logged in. The IP is statically allocated to us (since Feb 2022), we're not running any proxy and I'm not seeing any unusual open ports or suspicious network activity. xmath (talk) 19:30, 30 June 2023 (UTC)[reply]

Update: never mind, the block isn't for our IP specifically, apparently the entire IP range has been mistakenly classified as webhosting instead of FTTH/FTTB. xmath (talk) 20:59, 30 June 2023 (UTC)[reply]

Not currently an open proxy, please unblock the range. — Mdaniels5757 (talk • contribs) 00:42, 15 August 2023 (UTC)[reply]

202.4.186.179

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Blocked before as proxy, tagged as public proxy by whatismyipaddress.com, being used for vandalism by LTA who just 1 day ago used <an IP> (also tagged a public proxy) located very far away from the new IP. 2804:F14:808E:A601:F0B3:ED6F:D12C:B951 (talk) 10:22, 6 July 2023 (UTC)[reply]

  •  Likely IP is an open proxy Seems likely to be a compromised server based on the shodan info. It's currently blocked for a month by Primefac, but I think we could probably make this one longer. Sideswipe9th (talk) 04:01, 15 July 2023 (UTC)[reply]

14.231.0.0/16 and 113.177.0.0/16

A user has requested a proxy check. A proxy checker will shortly look into the case.

Individual IP's in these two ranges, 14.231.169.16 and 113.177.23.65, have already been blocked as proxies on the Swedish and Russian Wikipedias respectively. Both blocked IP's were used on those projects by User:Phạm Văn Rạng to evade their global lock. They look to be using a larger portion of these IP ranges for evasion on this project as well. I've already applied some range blocks to deal with the evasion, but some insight into what's going on technically would be appreciated. Courtesy pinging @Riggwelter: and @Q-bit array: who applied to blocks on the other projects, in case you want to weigh in here. Sir Sputnik (talk) 17:19, 30 July 2023 (UTC)[reply]

119.31.189.184

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Datacenter IP. Please block this range as it is being abused by User:Anne Barrington's socks. 99.241.217.73 (talk) 15:27, 3 August 2023 (UTC)[reply]

38.95.10.252

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: The IP is hosted on Acehost. See also the edit summary on this diff. --Leonidlednev (T, C, L) 05:45, 4 August 2023 (UTC)[reply]

194.26.74.0/24

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Cloud proxy/VPN server. 2601:1C0:4401:F60:CC1B:7FBB:65E7:4373 (talk) 18:00, 8 August 2023 (UTC)[reply]

IP is an open proxyMdaniels5757 (talk • contribs) 00:41, 15 August 2023 (UTC)[reply]

86.58.254.34

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: VPN server/datacenter IP. Vandalism, see edit filter log. 2601:1C0:4401:F60:B09F:5E03:B2DE:5C0F (talk) 17:49, 12 August 2023 (UTC)[reply]

207.231.104.0/21

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

Reason: Belongs to "HostRush" VPN services. Disruption from ‎207.231.105.153 (talk · contribs · WHOIS). See WHOIS for /21 range confirmation. 2601:1C0:4401:F60:B09F:5E03:B2DE:5C0F (talk) 17:55, 12 August 2023 (UTC)[reply]

IP is an open proxyMdaniels5757 (talk • contribs) 00:39, 15 August 2023 (UTC)[reply]

157.167.128.0/24

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Cloud server/VPN. This is an odd one, because the IP range geolocates to Turkey, and is listed as a VPN network; but most of the edits are to Turkish-related articles. Is this some sort of corporate cloud network? 2601:1C0:4401:F60:8C11:4CC3:7E71:B4CE (talk) 20:54, 13 August 2023 (UTC)[reply]

156.96.150.0/23

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: VPN server. Previously blocked. 2601:1C0:4401:F60:7C72:5877:80EB:F896 (talk) 19:31, 14 August 2023 (UTC)[reply]

5.161.0.0/16

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Webhost IP range recently used for disruption. 2601:1C0:4401:F60:D587:449F:646D:BACC (talk) 17:59, 18 August 2023 (UTC)[reply]

223.29.224.0/24

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Disruption, possibly a VPN server. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 20:01, 19 August 2023 (UTC)[reply]

87.236.146.236

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Although not a proxy, this IP is from a web hosting provider. This IP is allocated to the Veselí nad Lužnicí town government. Looking at the IP's global contributions, it appears it this IP has been blocked on the German Wikipedia [1].

Update #1: Added another IP that might from the same web hosting provider. Apparently, this IP was blocked on the Spanish Wikipedia for being a proxy.

SpinnerLaserzthe2nd (talk) 20:07, 19 August 2023 (UTC)[reply]

5.42.72.0/21

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: IP range belongs to webhosting/VPN service. 2601:1C0:4401:F60:817:B3DA:A0F9:1195 (talk) 18:34, 20 August 2023 (UTC)[reply]

5.181.248.0/22

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Webhost/VPN range. 2601:1C0:4401:F60:592C:6755:67BE:F9D9 (talk) 20:27, 26 August 2023 (UTC)[reply]

141.95.0.0/17

– A proxy checker has requested administrator assistance for action regarding the case below. The requested action is below.

OVH, several proxies and VPNs. MarioGom (talk) 08:59, 27 August 2023 (UTC)[reply]

165.225.192.0/18

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Webhost/Zscaler range back to disruptive edits. Previously blocked. 2601:1C0:4401:F60:5BD:4A35:6A73:643C (talk) 06:01, 29 August 2023 (UTC)[reply]

2A10:1FC0:E:0:0:0:0:0/48

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Open proxy/VPN service. 2601:601:51C:6A8:4D49:CA1F:3CB5:D334 (talk) 17:22, 3 September 2023 (UTC)[reply]

165.225.192.0/18

A user has requested a proxy check. A proxy checker will shortly look into the case.

Reason: Zscaler VPN. Previously blocked. 2601:601:51C:811:E15D:3D87:821D:CE85 (talk) 19:41, 4 September 2023 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:WikiProject_on_open_proxies/Requests&oldid=1173846643"