Template talk:Sensitive IP addresses

Protected edit request on 5 October 2016

Replace invalid </br> with <br/>. Thanks.

– Jonesey95 (talk) 16:07, 5 October 2016 (UTC)

 Done Thank you for pointing this out. — xaosflux ^Talk 16:49, 5 October 2016 (UTC)

Protected edit request on 10 January 2017

The IPv4 range for the Parliament of the United Kingdom should be changed from 192.60.0.0/18 to 194.60.0.0/18^[1] as the former is incorrect. 143.252.80.100 (talk) 18:19, 10 January 2017 (UTC)

1. https://apps.db.ripe.net/search/lookup.html?source=ripe&key=194.60.0.0%20-%20194.60.63.255&type=inetnum

 Done Thank you, updated at Module:Sensitive IP addresses/list. — xaosflux ^Talk 18:28, 10 January 2017 (UTC)

Protected edit request on 16 September 2017

Please update IPv6 ranges for the following departments: The United States Department of Justice - add IPv6 range: 2607:f330::/32^[1] -★- PlyrStar93. _{→Message me. 🖉←} 15:16, 16 September 2017 (UTC)

1. ARIN: https://whois.arin.net/rest/net/NET6-2607-F330-1/pft?s=2607%3AF330%3A%3A1

 Done Updated Module:Sensitive IP addresses/list. — xaosflux ^Talk 16:04, 16 September 2017 (UTC)

Protected edit request on 10 December 2017

Add 2600:400::/32 to the IPv6 entry for the Department of Homeland Security, per [1].--Jasper Deng (talk) 19:59, 10 December 2017 (UTC)

@Jasper Deng: I would do this but I don't know how to! Do you know where this data is held? — Martin (MSGJ · talk) 08:58, 12 December 2017 (UTC)

@MSGJ: Go to Module:Sensitive IP addresses/list, and see the code comment at the top.--Jasper Deng (talk) 09:00, 12 December 2017 (UTC)

 Done. Please check I've done that correctly? — Martin (MSGJ · talk) 12:18, 12 December 2017 (UTC)

Yep, it seems like you did! Thanks.--Jasper Deng (talk) 17:51, 12 December 2017 (UTC)

Protected edit request on 8 January 2020

Add the Executive Office of the President of the United States (probably including the White House) to the list per 1.

	{
		name = 'Executive Office of the President of the United States',
		id = 'useop',
		description = 'the [[Executive Office of the President of the United States]]',
		reason = 'political',
		ipv4Ranges = {
			'165.119.0.0/16',
			'198.137.240.0/23',
			'204.68.207.0/24',
		},
		ipv6Ranges = {
			'2620:10F:B000::/40',
		},
	},

Mdaniels5757 (talk) 23:28, 8 January 2020 (UTC)

Done. Jo-Jo Eumerus (talk) 09:30, 9 January 2020 (UTC)

Protected edit request on 22 January 2020

Add some (yes, these 218,103,808 IP addresses are not all) DoD IPv4 addresses. Mdaniels5757 (talk) 03:59, 22 January 2020 (UTC)

Code moved to Module:Sensitive IP addresses/list/sandbox to save space — Martin (MSGJ · talk) 09:19, 22 January 2020 (UTC)

This relates to a discussion at ANI (permalink). I forget the consequences of adding all these here but I seem to recall that the chief point is that blocking one of these IPs would give a warning to the blocking admin. What is the point? Why would we be more reluctant to block one of these IPs compared with any other where a bored person is filling time with what they think is fun? I would suggest waiting until the WMF ask to be notified when such an occurrence occurs. @Oshwah: What do you think? Johnuniq (talk) 04:36, 22 January 2020 (UTC)

@Johnuniq: I'm no Oshwah but replying anyways: per WP:SIP I think admins are supposed to notify WMF communications committee due to potential press implications when blocking. I don't think that this is a large change in terms of potential press impact: "Dept. of Defense" isn't very different from "Dept. of Justice" in that respect (if anything, DoJ probably would cause less press impact). Mdaniels5757 (talk) 04:47, 22 January 2020 (UTC)

Blocking of IP addresses within the table requires that admin to follow the procedures outlined here. Given the fact that we have other similarly sensitive IP addresses on this table, I believe it would be advisable to add these ranges as well. I'm not sure as to whether or not the system uses the data in this table to warn you and force you to confirm the block first. If not, this should also be updated. ~Oshwah~^{(talk) (contribs)} 04:50, 22 January 2020 (UTC)

But why? Has the WMF said they want to hear whenever one of these IPs is blocked? The IPs outlined at WP:SIP belong to high-power organizations and it makes sense that the WMF might want knowledge of their activity. Why should volunteers decide that an additional 218 million IP addresses require the same treatment? Why not add IPs used by defense forces in other countries? Johnuniq (talk) 05:49, 22 January 2020 (UTC)

@Oshwah: The data in the table is used by all the places using the IP addresses: WP:SIP, Template:Sensitive IP addresses, and the JavaScript warning on Special:Block. The JavaScript causes a warning to pop up for administrators, but does not force them to confirm the block, by the way. — Mr. Stradivarius ^{♪ talk ♪} 11:32, 28 January 2020 (UTC)

Mr. Stradivarius - Thank you for the in-depth information. This is extremely helpful and I appreciate it. :-) ~Oshwah~^{(talk) (contribs)} 07:02, 30 January 2020 (UTC)

I suggest that further discussion may be needed on this issue. This table was first created in 2006, a long time ago, and its entries seem to be arbitrarily selected. I would like to hear a justification of why some offices/countries are listed and not others. I also suggest contacting meta:Communications committee to ask if they have an opinion on which IP addresses should be regarded as sensitive. — Martin (MSGJ · talk) 09:05, 22 January 2020 (UTC)

xaosflux was trying to clarify this with the Communications Committee in 2016. There is a related thread at User talk:Mdennis (WMF)/Archive 10#Sensitive IP Addresses where they basically said they appreciate receiving the notifications but don't have a strong opinion on which IPs they were interested in, and were not inclined to maintain a central list. — Martin (MSGJ · talk) 09:13, 22 January 2020 (UTC)

Looping back to this, where are we? Assuming the addresses are correct (I haven't checked) is there a good reason we shouldn't be adding them in? It will only make sysops more informed, and it seems the WMF would appreciate it. ~ Amory (u • t • c) 11:40, 3 February 2020 (UTC)

What benefit would follow from this addition? Who in the WMF would appreciate it, and how is that known? Where is there a WMF statement specifying the criteria for sensitive IPs? Regarding a reason to not add them, consider the effect. Suppose an admin goes to block an IP in this range and they see some weird message about sensitive IPs. They need to spend ten minutes working out what that is all about, then deciding if they really want to block this ultra-special IP, then spend more time fiddling with a report. The report to the WMF will disappear into a blackhole. Johnuniq (talk) 22:48, 3 February 2020 (UTC)

Well, they explained as much as we've got in that archive from 3.5 years ago, likewise at meta:Communications committee/Notable blocks. They were rather sparse as to the criteria — although admittedly any IP address that might be associated with a large government institution or agency, a corporation, or an IP address spanning a significant region is fairly broad (certainly moreso than we are currently) — and barring further input from someone (GVarnum-WMF maybe?) I simply couldn't say beyond this kind of deliberative process. ~ Amory (u • t • c) 04:53, 4 February 2020 (UTC)

Add 192.0.2.0/24 for testing?

Based on a discussion at WP:VPW, how about we add 192.0.2.0/24, so admins can experiment safely? -- RoySmith (talk) 17:59, 15 June 2021 (UTC)

@Xaosflux I'm taking the absence of objection here to be consensus, but I'm unclear on the details of how to update the table. I got as far as #invoke:Sensitive IP addresses/summary|tableand wasn't sure where to go from there, since I don't know any Lua. Could you walk me through it? Or maybe just handle it for me :-) -- RoySmith (talk) 16:28, 17 June 2021 (UTC)

@RoySmith: the actual data is in Module:Sensitive IP addresses/list (sandbox at Module:Sensitive IP addresses/list/sandbox). — xaosflux ^Talk 17:04, 17 June 2021 (UTC)

Ah, that looks pretty straight-forward, thanks. -- RoySmith (talk) 17:10, 17 June 2021 (UTC)

@Xaosflux Special:Diff/938561604/1029109127 looks like the right thing. Should I go ahead and copy that into the production page? -- RoySmith (talk) 23:49, 17 June 2021 (UTC)

@RoySmith: looks right. — xaosflux ^Talk 00:14, 18 June 2021 (UTC)

Done, thanks for all your help. -- RoySmith (talk) 00:24, 18 June 2021 (UTC)

request: Wiki Education Dashboard

I've added an entry in the sandbox for the IP of dashboard.wikiedu.org, which occasionally gets inadvertently blocked as part of rangeblocks of Linode (where it's hosted). See User_talk:ST47#Block_of_45.79.101.112.--Sage (Wiki Ed) (talk) 21:47, 9 August 2021 (UTC)

 Done (with CIDR fix). — xaosflux ^Talk 14:22, 20 August 2021 (UTC)

@Xaosflux This is rendering as [[m:Wiki Education Foundation|]] (i.e. with literal square brackets in the output instead of as a link), but I can't figure out why. -- RoySmith (talk) 14:34, 20 August 2021 (UTC)

@RoySmith:  Fixed - updated to use the completely explicit interwiki. — xaosflux ^Talk 15:04, 20 August 2021 (UTC)

request: Wiki Education Dashboard ipv6

Tracked in Phabricator
Task T308702

Could someone also add their ipv6 address, which is 2600:3c01::f03c:93ff:fe24:db1b? Thanks --Zabe (talk) 14:55, 4 February 2023 (UTC)

Many tools aren't showing this open, and it is in collisions with other existing blocks. See also phab:T308702. — xaosflux ^Talk 03:22, 5 February 2023 (UTC)

2600:3c01::f03c:93ff:fe24:db1b, within 2600:3C00:0:0:0:0:0:0/30 is locally blocked (anon only) and globally blocked (anon only), then also whitelisted locally currently. — xaosflux ^Talk 03:25, 5 February 2023 (UTC)

 Done — xaosflux ^Talk 03:29, 5 February 2023 (UTC)