Wikipedia:Administrators' noticeboard/Current issues and requests archive 10

This is a message board for talking about tasks on Wikipedia that only administrators can do. Please put new messages at the bottom of the talk page or click here to start a new discussion.

Please note that the messages on this page are archived periodically. A message may therefore have been archived. Note however, that the archives must not be modified, so if something needs discussing, please start a new discussion on this page.

Are you in the right place?

• This is the Simple English Wikipedia. Click here for the Administrators' Noticeboard on the regular English Wikipedia.
• Use Vandalism in progress to report serious and urgent vandalism from other users to administrators.
• Use Requests for permissions to request administrators to give you tools that can help you do things faster on Wikipedia, such as rollback.
• Use Simple talk to ask general questions about Wikipedia and how to use it.
• See meta:Steward requests/Username changes to change your user name or take another user name.
• See WP:RFCU for CheckUser requests.
• See WP:OS for oversight.

I noticed that {{result}} was being added to closed RFD's, I was wondering if we want to add the template to a closed RFD or leave it as is? Oysterguitarist 22:11, 24 February 2008 (UTC)[reply]

I really do not see any reason to use it. When I archived the last batch of closed RfD's I archived the original content from the edit prior to the result template being added. -- Creol(talk) 23:12, 24 February 2008 (UTC)[reply]

This is called protocol. This lets users know not to change it...and yes even stupid ones edit wikipedia and need to be given extra instruction like new users do.--  C h r i s t i a n M a n 1 6 03:44, 25 February 2008 (UTC) (modified 03:53, 25 February 2008 (UTC))[reply]

This kind of template is law like on EN....I don't see why we can't shre that with EN.--  C h r i s t i a n M a n 1 6 04:01, 25 February 2008 (UTC)[reply]

Seems pointless, a closed RfD is quickly archived and the item deleted. A "do not change" template would only be around for a couple of days before being archived, so it is unnecessary.--Bärliner 11:36, 25 February 2008 (UTC)[reply]

I also think it's not needed. Like Creol, I archived the version before the template was added. Most archives are done pretty quickly after the decision is made and we haven't had any issues with people voting after closing. If it ain't broke, don't fix it. · Tygrrr... 15:56, 25 February 2008 (UTC)[reply]

A template like that is useful for wikis which use subpages for each RfD. We don't, so we don't need such a template. It is enough to inform people on the top of each archive page that they shouldn't touch it. - Huji ^reply 16:16, 25 February 2008 (UTC)[reply]

I would have to agree with Huji here. This kind of a template is not needed as we don't use subpages for our RfDs. If we did use subpages, then we would need it, but right now, I don't see any reason for this template to exist. Razorflame 16:24, 25 February 2008 (UTC)[reply]

You guys are looking past the point here...This template doesn't have to be used on a subpage and not everyone read the pages this is called a back up measure. As for it going away once the discussion is closed it's not supposed to. My point is it's EXTREMELY useful and needed.--  C h r i s t i a n M a n 1 6 18:17, 25 February 2008 (UTC)[reply]

Feel free to add your vote to the RfD for keep. I would suggest that since you've brought it up now, to step back and calm down while waiting for the result of the RfD. Razorflame 20:57, 25 February 2008 (UTC)[reply]

On SE Wiktionary we've had some trouble with what we call the "Kent State Vandal" - a user or users from IP range 131.123.0.0 - 131.123.255.255, which WHOIS shows as Kent State University. Since we're smaller there, it's a little more obvious, but some digging here has unearthed the same user(s) making the same types of vandalism. Distinguishing features include quotes from Scrubs, South Park, Adam Sandler movies and other similar types of shows and movies, as well as making edits regarding general dissatisfaction with the United States economy and president. A lot of time and energy goes into reverting the vandalism from this range; I would imagine most of us have blocked a few of the offending IPs (I know I have). An admin on SE Wiktionary contacted Kent State with no response, so we recently did a few range blocks covering the main ranges of vandalism. I'd like to suggest doing so here as well. · Tygrrr... 20:35, 26 February 2008 (UTC)[reply]

To give an example of edits:

• 131.123.156.186 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)
• 131.123.181.228 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log)
• 131.123.177.115 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log).

7 users in this range have been blocked in the last month with edits (and blockings) going back to November 2007. The user often stops just short of being blocked so the amount of time and energy spent on reversions, not just blockings, is much higher than what it shown in the block logs. I would consider this to be long-term abuse and thus think a long-term (6 months to a year) soft block may be warranted. · Tygrrr... 21:20, 26 February 2008 (UTC)[reply]

I looked through my changes to see how many different users I have warned in the past month from this range, and these are the results:

• 3 Level 1 warnings
• 3 Level 2 warnngs
• 1 Level 3 warning
• 1 Level 4 warning

I've only warned 3 users from this range in the past month. This, to me, says that there isn't enough information honestly, to warrant a range block at this time. I think we should wait and see if more users from this range vandalize, and if that's the case, then we can consider a range block at that time. This is just my thoughts on this, Razorflame 20:42, 26 February 2008 (UTC)[reply]

I've added a little more information above. "Wait and see if more users from this range vandalize"? Dozens of IPs vandalizing from the same range over the last 3+ months has been enough "waiting and seeing", imho. · Tygrrr... 21:20, 26 February 2008 (UTC)[reply]

Yes, I did not take the block log into account when I posted my comment above. I was merely taking into account my encounters with the range in question. Based upon the number of blocks that have occurred in the past 3 months, as well as the number of previous blocks that each IP in question has accrued, I would have to say that I agree with your proposal to have it soft blocked for 1 year. I think that it should be 1 year based upon the amount of disruption that the Simple English Wikipedia has received from this range in question. Razorflame 21:23, 26 February 2008 (UTC)[reply]

Two points.

1) I agree with Tygrrr. I noticed from IRC that some weeks ago I gave a series of warnings to the Kent State vandal, who then moved to SEWikt within minutes. I would be happy with a one year block of the range.

2) Razor, again you have jumped in with half the info. You often give the impression of racing to be the first to post. Slow down and look at all the angles. There is no prize for being the first to reply, but a fuller contribution would look better, especially when you have an RFA and should be wanting to show how useful you are to the community. --Bärliner 22:58, 26 February 2008 (UTC)[reply]

There has been a large amount of IP vandalism from 131.123.0.0/16, I'm not sure of how many users have been blocked that were using that range. I think a one year soft block for 131.123.0.0/16 would be appropriate. Oysterguitarist 23:05, 26 February 2008 (UTC)[reply]

Check on the IP range shows 122 edits over the last few months from 27 separate addresses. One of the batch is a registered user who has been blocked three times already. Only the registered user seems to have any positive contributions and the negatives seem to more than off-balance those. I would suggest 1 year and block the registered user as well. -- Creol(talk) 02:55, 27 February 2008 (UTC)[reply]

Update: Inherendo has been indef-blocked as a vandalism-only account after another act of vandalism. · Tygrrr... 18:41, 27 February 2008 (UTC)[reply]

Further update: 131.123.0.0/16 soft-blocked for one year. · Tygrrr... 20:56, 27 February 2008 (UTC)[reply]

People have been telling me to look at it from all angles, so that is what I am going to be doing now. Hypothetically, wouldn't a soft block allow those vandalous people vandalizing the pages allow them to create accounts to vandalize even more? If that would be the case, then hypothetically, we could still get vandalism from this range. Even though hard blocking isn't very good, would you think that in this case, it might be more beneficial to completely shut off these people's access from the Simple English Wikipedia? Just a thought...Razorflame 21:13, 27 February 2008 (UTC)[reply]

Problem is such a block would cut off the address, which could, of course be shared by legitimate users. Are we getting any useful activity from these IPs, or from already registered users sharing one of these addresses?--Bärliner 21:19, 27 February 2008 (UTC)[reply]

Yes, I figured out as much. I just made that comment based on the range's history of using sockpuppets in the past. I would also have to agree with your point, Barliner. We can't know for certain if there are any legitamite users editing from this range, unless that is within a Checkuser's power to do so. Razorflame 21:21, 27 February 2008 (UTC)[reply]

What do you mean by "the range's history of using sockpuppets"? According to Creol, the range had only one registered user: Inherendo, and he has been blocked as a vandalism-only account. The thing about the soft block is that anyone in that range has only 2 options: 1. create an account and work here productively or 2. create an account, vandalize, and be blocked indefinitely as a vandalism-only account. Unless the vandalism-only accounts become outrageously frequent, there's no need for a hard block of the range. · Tygrrr... 22:28, 27 February 2008 (UTC)[reply]

I have noticed this range has been vandalising alot recently, so I went through the block log and found the ip's in the range of 203.208.0.0/16, while doing this I had noticed that they were close to the IP's that me and Cometstyles have been blocking as open proxies, which might explain this. Going back further I noticed that this IP's from this range were being blocked close to the times that attack username where being created for admins and the JEW BOT names, and going back even further I noticed that some of them were school IP's (the ranges listed at the bottom). These go back to January 2005, I feel that a range block is needed here, because the range has been vandalizing since 2005, most of the are probably open proxies, and some of them have been blocked for long term vandalism. What are your thoughts. Oysterguitarist 03:51, 27 February 2008 (UTC)[reply]

Some of the blocked IP's on this range:

This list has 58 listings that includes 26 separate /16 ranges from four different countries (Australia (22), New Zealand (2), Malaysia (1) and India (1)). It includes most of the major states of Australia (ACT, New South Wales, Queensland, Victoria, and Western Australia) and major ISPs for the entire country (Telsta and Verizon business). In many cases there are single listings from an entire blockable IP range and a few multiple listings for the same address (203.14.53.46 shows up 4 times). The actual section title's range (203.208.0.0/16) only accounts for 5 of the 58 entries listed. Even without checking (26 seperate full range checkuser scans) for effects of collateral damage from a move this large, I would have to say this is a very bad idea. Certain smaller ranges in that group (203.10.121.8x- Department of education library, Queensland, 203.14.53.4x - Education department of Western Australia, Perth) can be dealt with in this way if needed, but the overall list is just way beyond a blanket block such as this. -- Creol(talk) 06:28, 27 February 2008 (UTC)[reply]

Thinking about your comment, I realize this would be a bad idea. Most of the IP's are old and not recent there have only been eight IP's from 203.x.x.x who have been blocked or have vandalized recently. If a range block was to be done it would be 200.0.0.0/5 instead but that would be unnecessary and would end up blocking and 134217728 users, when only eight IP's from that range have vandalized or been blocked. Oysterguitarist 14:43, 27 February 2008 (UTC)[reply]

Please remember to check CAT:UNBLOCK, I checked there today and there were some that needed to be taken care of. Oysterguitarist 01:35, 29 February 2008 (UTC)[reply]

All right. I have been going over all of the users that I have warned throughout my time here at the Simple English Wikipedia, and I noticed a trend with this IP Address range. 82.198.250.xxx is the range that I am talking about. Almost every single address of this range has been warned at least once. Some examples of how they edit can be found by checking out these addresses:

• 82.198.250.77
• 82.198.250.79
• 82.198.250.71
• 82.198.250.4
• 82.198.250.2
• 82.198.250.3
• 82.198.250.6

are just some examples of the users that have been abusing their privledges here on the Simple English Wikipedia.

Further investigation of the reversions made by administrators, User:Creol, User:Barliner, and User:Tygrrr have turned up another 15 addresses that have all been warned at least once. Investigation of the block log has revealed that even though none of the addresses have been blocked, the warnings given and the amount of addresses warned should prove long term abuse to this site.

An investigation of each user's contributions in the range 82.198.250.xxx (0-255 for the x's) have revealed that almost 90% of these users have been warned at least once in the past. Although I do not think that this is enough evidence to warrant a long term vandalism block, I just wanted to bring it to people's attention that I have found a trend in vandalism. Thank you for reading this long message. Razorflame 20:57, 29 February 2008 (UTC)[reply]

I don't mean any offense, but I would really like to see a response to all my work that I put into this post :). I want to know if it was appreciated, and if I should do it again; or I want to know if it is not something I should do again in the future. Thanks, Razorflame 16:31, 3 March 2008 (UTC)[reply]

The range (xxx=0-16 and 67-80 ( /25 ) looking at recent activity) appears to be from one or more schools or places similar (a UK "Computers for Pupils" provider). Multiple computers with multiple IPs using a proxy with multiple outside IPs (all told, those multiple yeild about 75 seperate signatures..). In addition to the anon edits, there are a total of 12 recently created/active accounts on that range. Of these, two are vandal-only-blocked, 4 have active contributions and the rest were just created and left alone. Random vandalism from this type of range is pretty much expected. -- Creol(talk) 20:08, 3 March 2008 (UTC)[reply]

I would not bother doing this sort of search again, although Razor must have put in a lot of time. Warning using the ISP template could be useful. I found one frequently warned site registered to a collection of 12 school districts, over 300 schools. --Bärliner 15:16, 4 March 2008 (UTC)[reply]

To see a comprehensive list of all of the edits this range has made, see this page. Make sure to have Huji's newest Gadget enabled. Razorflame 21:07, 7 March 2008 (UTC)[reply]