Jump to content

Wikipedia:Abuse response: Difference between revisions

Edit links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Centrx (talk | contribs)
37,287 edits
Fleiger (talk | contribs)
333 edits
Line 58: Line 58:
==New Alerts==
==New Alerts==
''Please list your alert immediately below this message, in a new section using <nowiki>=== ===</nowiki>. Please use the {{tl|IPvandal}} template for all IP addresses, provide a link to the [[whois]], list the name of the provider (from the whois report), and briefly summarize the situation. Please do not list IPs that have only made a few edits (unless they are part of a bigger case), as only severe, continuing vandalism should be listed here.''
''Please list your alert immediately below this message, in a new section using <nowiki>=== ===</nowiki>. Please use the {{tl|IPvandal}} template for all IP addresses, provide a link to the [[whois]], list the name of the provider (from the whois report), and briefly summarize the situation. Please do not list IPs that have only made a few edits (unless they are part of a bigger case), as only severe, continuing vandalism should be listed here.''

{{IPVandal|202.182.131.21}} - Consistent abusive and nonsensical edits from IP. But there is also a warning on the talk page that at least 1 consistent contributor uses the IP.


==Open Cases==
==Open Cases==

Revision as of 03:20, 6 November 2006

    Shortcut

    Wikipedia:Abuse reports is a centralized forum for the reporting and investigation of abuse complaints, related to IP-specific vandalism, to be reported to service providers, particularly schools and universities. Please be aware that this is not an official contact system put in place by the Wikimedia Foundation, but a volunteer-run process to counter vandalism.

    Please note: You cannot report user accounts here (They'll be removed on sight)! Because the purpose of this is to report violators to their ISPs, usernames cannot be traced back to their providers and so will not work.

    DO NOT LIST IPS WITHOUT A SIGNIFICANT HISTORY OF VANDALISM! We will not go through with these requests. Make sure that the IP in question has been blocked at least five times in recent history, or the request will be rejected. Please do not clog up this board with such requests; the report will not go through.

    Process

    Please read the guide to abuse reports, a detailed how-to on using this page.

    AR cases are a three step process:

    • Alert: An attentive user notices a trend of vandalism from a given IP, runs a whois, determines that the IP is registered to a school, a government agency, or other body that is likely to respond to an abuse report, and reports the IP here.
    • Under investigation: Once made, an alert is picked up by an investigator, who creates a subpage, and begins an investigation. The investigator uses the information provided by the user who made the alert to determine if there is similar vandalism from other IP addresses registered to the same provider. The investigator then compiles a report.
    • In Contact: Once a case has been investigated and a report prepared, the case is passed to a contactor. The contactor then attempts to contact the provider either by email or by telephone, with telephone being the preferred method (as it produces greater results on average). The contactor explains the situation to the provider, and points them to the AR report. The contact remains in contact with the provider, most likely by email, to answer any further questions or provide other information required by the provider.

    Once the contactor has made contact with the provider, the case remains open as long as contact continues. If the provider successfully resolves the complaint, then the contactor closes the case, with a summary of the result. If the provider is unwilling to cooperate, the contactor notes the case, and closes it with a summary.

    Volunteer groups

    There are three classifications of AR volunteers. Users may volunteer to undertake as many roles as they like; the classification system is not intended to make users feel they cannot or should not "see a case all the way through." Rather, the intent is to allow those who are interested in one area (such as investigation) but not another (such as contacting), or who do not have the resources to serve as a contact, to participate. The classifications are:

    • Attentive user: Everyone is an attentive user; anyone can notice a pattern and raise an alert. Some users may choose to be "professional" attentive users, specifically looking for potential cases.
    • Investigators: Investigators are tasked with preparing a report on the case. They are expected to look for trends such as time of day/week/month, movement from one IP block to another, etc, and to prepare a report that can be used by the provider to identify the responsible party. The most important task in investigation is to determine if there are other IP addresses assigned to the same provider that are engaging in similar behavior, or if there are other addresses making productive contributions. This is to ensure that the provider has all the relevant information, and so legitimate contributors are not affected.
    • Contactors: Contactors are tasked with actually making contact with the provider. Some contactors may choose to do so via email, although telephone is the preferred method, as a telephone call generally receives higher priority. Making telephone calls requires the contactor to have resources to expend in this manner; not everyone can be a contact, and no user should feel embarrassed or apologetic that they are unable to perform the contactor role. Users who have time to perform alerting and investigating tasks are needed just as much as contactors!

    Current investigators

    1. Geo.plrd (talk · contribs)
    2. User-multi error: "Knowing Is Half The Battle" is not a valid project or language code (help).
    3. Voice of All (talk · contribs) (admin: en) (I can easily pull logged-out IP range contribs; I'll mainly just work with range issues.)
    4. Deon555 (talk · contribs)
    5. HawkerTyphoon (talk · contribs) Rather new at this, so keep an eye on me ;-)
    6. ST47 (talk · contribs) Also new, but I'd be happy to help out
    7. Dave (talk · contribs) Adding myself, can't see any other way of joining ;)
    8. Heligoland (talk · contribs) Adding myself, a bit involved already, it would seem :-)
    9. Centrx (talk · contribs)

    Current contactors

    1. User-multi error: "Knowing Is Half The Battle" is not a valid project or language code (help). Contact: phone (US), e-mail, US postal service
    2. Deon555 (talk · contribs) Contact: Email, possibly phone (australia)
    3. HawkerTyphoon (talk · contribs) Contact:Email, UK Phone, in person UK Midlands
    4. SMC (talk · contribs) Contact: Email.
    5. ST47 (talk · contribs) I can do this(via email) if there's a backlog
    6. Dave (talk · contribs) Adding myself, can't see any other way of joining ;)
    7. Wikimachine (talk · contribs) I can write elaborate and formal letters.
    8. Colin Keigher (talk · contribs) Contact: phone (N. America), e-mail, direct to certain ISPs (I work for a few)
    9. Cnota (talk · contribs) Contact: phone (US) and email worldwide. Here to help!
    10. Heligoland (talk · contribs) Contact: post and phone (UK) and e-mail (worldwide).
    11. Davidjk (talk · contribs) Contact: UK phone/fax, UK post, e-mail

    New Alerts

    Please list your alert immediately below this message, in a new section using === ===. Please use the {{IPvandal}} template for all IP addresses, provide a link to the whois, list the name of the provider (from the whois report), and briefly summarize the situation. Please do not list IPs that have only made a few edits (unless they are part of a bigger case), as only severe, continuing vandalism should be listed here.

    202.182.131.21 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log) - Consistent abusive and nonsensical edits from IP. But there is also a warning on the talk page that at least 1 consistent contributor uses the IP.

    Open Cases

    Under Investigation

    Please do not move alerts into this section unless you are the investigator opening a new case.


    169.204.228.146 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

    School IP with an extensive history of immature vandalism, recently blocked for two months. Numerous "last warnings." Knowing Is Half The Battle 16:19, 20 October 2006 (UTC)[reply]

    61.69.12.11 - 61.69.12.20

    Total: 141 blocks, totalling 20,693 hours (plus various 3/6 month blocks (15120 hrs)): GRAND TOTAL: 35,813 HOURS

    This has to be the worst case of range vandalism I've seen yet.. They have blanked, made nonsense edits, deleted info, been rude.. The entire range are school IP's are are registered to the Catholic Education Office, Melbourne. As a investigator and contactor here at AbRep, I would prefer if I was to handle this case. I have been a student at one of the aforementioned schools, and would be happy to take it. — Deon555talkReview 02:08, 17 October 2006 (UTC)[reply]

    Now gathering "evidence" in the form of diffs, and organising block logs etc.. — Deon555talkReview 02:11, 17 October 2006 (UTC)[reply]
    Refer to /61.69.12.xx range for details.
    This is obscene that this has been going on for so long. Geo. 01:12, 6 November 2006 (UTC)

    I blocked them for 2 years (61.69.12.10/31, 61.69.12.12/30, 61.69.12.16/30, 61.69.12.20). —Centrxtalk • 02:12, 6 November 2006 (UTC)[reply]

    TV Cable S.A. - Columbian ISP

    November 2nd

    A select few articles are the target of repeat vandalism from a range of IP addressed registered to an ISP based in Bogota, Columbia (TV Cable S.A). Malcolm X, Hugo Chavez and for some bizarre reason AN/TPS-43 are the main targets, with a few other random edits to talk pages, one attack on my user page and the like. I realise most of the IP addresses haven't been blocked, but I believe the history of vandalism originating from this series of IP addresses does merit action being taken. I'm quite happy to contact the ISP and see if there's anything they can do, though I would appreciate the help of a Spanish speaker in composing an e-mail to the ISP. Heligoland 12:46, 28 October 2006 (UTC)[reply]

    Hasn't edited for a week. Wait and see. —Centrxtalk • 17:11, 2 November 2006 (UTC)[reply]
    I was rather hoping things had died down too, but a couple of edits popped up today, again the AN/TPS-43 article which is on my watchlist and Malcolm X which isn't. Only a couple of edits, one to each of the articles as far as I can see, so I'll leave another week. Heligoland 17:45, 2 November 2006 (UTC)[reply]
    Update - Another couple of edits to the same pages this evening (19:55 UTC) from the new IP address today. Heligoland 20:30, 2 November 2006 (UTC)[reply]

    In Contact

    Please do not move alerts into this section unless you are the investigator passing the case on to a contactor.

    163.153.108.13 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

    WHOIS info: OrgName: Albany Schoharie Schenectady BOCES OrgID: ASSB Address: 1031 Watervliet Shaker Road City: Albany StateProv: NY PostalCode: 12205-2106 Country: US NetRange: 163.153.0.0 - 163.153.255.255 RTechHandle: IG2-ARIN RTechName: Goldstein, Ira RTechPhone: +1-518-862-5300 RTechEmail: igoldste@mum.neric.org

    Summary: IP registered to Guilderland High School, Guilderland Center, NY (Telephone 518-861-8591). High school student vandalism, beginning from January 2005. No constructive edits made with this IP, only gibberish. Total of six blocks (I believe), most recently in June 2006. Vandalism always resumes when 48-hour blocks expire. Permanent block requested. CagedRage 18:16, 19 October 2006 (UTC)[reply]

    accepted by ST47Talk 13:18, 22 October 2006 (UTC)[reply]
    see Wikipedia:Abuse reports/163.153.108.13

    204.43.65.1 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

    WHOIS info: OrgName: Kyrene School District, Information Systems and Education Technology OrgID: KSDISET Address: 8700 S Kyrene Road City: Tempe StateProv: AZ PostalCode: 85284 Country: US NetRange: 204.43.64.0 - 204.43.127.255 RTechHandle: DNI9-ARIN RTechName: Nichols, Damian RTechPhone: +1-480-783-4267 RTechEmail: dnichols@kyrene.org

    Summary: General middle-school student vandalism, beginning from November 2005. Total of 23 blocks, current block began on September 13th for 3844 hours, so much so that the IP's talk page has been protected. There are some blocks that were shortened, since that was when I attended that school, and I had requested a shortening of the block, but I don't attend that school now. Although currently blocked, it will eventually expire, and so, vandalism will continue. ddcc 17:34, 19 October 2006 (UTC)[reply]

    Under investigation at Wikipedia:Abuse reports/204.43.65.1 by ST47Talk, 12:02, 21 October 2006 (UTC)[reply]
    ST47 will contact via email ST47Talk 13:29, 22 October 2006 (UTC)[reply]

    213.249.155.251 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)

    Provider info from WHOIS: inetnum: 213.249.155.0 - 213.249.155.255 netname: EMBC-KCOM descr: East Midlands Broadband Consortium descr: Internet access for schools country: GB admin-c: KR2955-RIPE tech-c: KR2955-RIPE rev-srv: ibex.kcom.com rev-srv: bison.kcom.com status: ASSIGNED PA remarks: *** Please send abuse complaints to Email address protected from spam harvesters ONLY **

    Summary of complaints: continuing low level vandalism since September 2006, 13 attacks so far today for example. Yorkshiresky 15:18, 18 October 2006 (UTC)[reply]

    I'll do this, report at Wikipedia:Abuse reports/213.249.155.251 ST47Talk 21:05, 20 October 2006 (UTC)[reply]
    all data added, contact information at bottom ST47Talk 22:20, 20 October 2006 (UTC)[reply]

    Rejected requests

    These requests have been rejected, and will be removed after several days.

    See also

    Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Abuse_response&oldid=85977038"