Wikipedia:Bots/Requests for approval/TorNodeBot

Operator: Shirik (talk · contribs)

Automatic or Manually assisted: Automatic

Programming language(s): PHP

Source code available: http://toolserver.org/~mpdelbuono/torbot.txt

Function overview: Blocks unblocked TOR nodes as anonymous only, account creation blocked

Links to relevant discussions (where appropriate): No public discussions regarding the bot directly, but this is in response to a discussion on IRC regarding WP:Sockpuppet investigations/Zealking

Edit period(s): Continuous

Estimated number of pages affected: Initial estimates suggest about 100 IPs in the first hour, however this is likely to drop off after the initial spike. All depends on the TOR network status.

Exclusion compliant (Y/N): N (not applicable)

Already has a bot flag (Y/N): N

Function details:

The bot scans the current TOR network to get a list of potential IPs that are exit nodes. After establishing a list of possible IPs for exit nodes (which is approximately 1400 at last check), it checks each IP against the official TOR tracker via DNSEL. If DNSEL confirms that this is a TOR exit node which has access to Wikipedia, the bot will block the IP anonymous-only, account creation blocked for 3 months.

While this is supposed to be handled by the TOR extension in Wikipedia, some vandals have found a way to avoid this extension. As a result, this bot is necessary to deal with ongoing issues as indicated in the above WP:SPI link.

Support approval -- This dude is giving our SPI clerks premature grey hair. Auntie E. (talk) 18:29, 25 April 2010 (UTC)[reply]

(edit conflict) Approved for trial. Please provide a link to the relevant contributions and/or diffs when the trial is complete. Normally I'd want this request to sit for a while and gather comments from other users, especially considering it is an adminbot, but due to the urgency of the task I'm approving this for a trial. Please run the bot as long as you need, I was thinking somewhere in the range of 25 to 50 blocks. — The Earwig ^(talk) 18:32, 25 April 2010 (UTC)[reply]

I have flagged TorNodeBot as an administrator for the trial. The account remains not flagged as a bot for the duration of the trial, so that it can be closely watched for mistakes. --Deskana (talk) 18:33, 25 April 2010 (UTC)[reply]

Note: Some may inquire as to why some of the blocked IPs do not actually show up as TOR nodes on our various TOR checking utilities. I have investigated all of these (few) apparent mis-hits. What is being detected are "temporary" TOR exit nodes, that is, users that publish a server but then later turn off their computer/TOR connection. The following is a quote from DNSEL's specification:

After a Tor server op turns off their server, it stops publishing server descriptors. We should consider that server's IP address to still represent a Tor node until 48 hours after its last descriptor was published.

Since the tool checkers only detect current TOR nodes, any case where a TOR exit node was detected, but later disabled after being blocked, would show up as not being a TOR node. It is, in fact, these "temporary" TOR nodes that are the most dangerous to Wikipedia, because blacklists are unlikely to have them at the time of abuse.

I have manually checked all of these through the most appropriate mechanism, dig, querying DNSEL manually. In all of these cases, the tracker at torproject.org confirms that this IP was a tor exit node with access to Wikipedia within the last 48 hours.

To confirm yourself, the command is as follows: dig 4.3.2.1.80.2.152.80.208.ip-port.exitlist.torproject.org (for a given host IP 1.2.3.4 – Note the IP is reversed). An A record response of 127.0.0.2 indicates that the node is/was recently a TOR exit node with access to Wikipedia. --Shirik (Questions or Comments?) 19:25, 25 April 2010 (UTC)[reply]

Note: Since this means that these IPs are likely to be tor exit nodes, but currently offline, I have adjusted the code such that it will keep an eye on those IPs for them to open up again, but it will test each potential TOR node by trying to connect to it. It will only block if it can successfully connect to the node. --Shirik (Questions or Comments?) 19:40, 25 April 2010 (UTC)[reply]