Wikipedia:WikiProject on open proxies/Archives/2011/October
 | This page is an archive. Do not edit the contents of this page. Please direct any additional comments to the current main page. |
93.136.5.141
– This proxy check request is closed and will soon be archived by a bot.
- 93.136.5.141 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Project Honey Pot reports this as coming from a mail server [1] and records multiple dictionary attacks from this range.[2] Spamhaus lists the IP range of 93.136.0.0/13 on their Policy Block List (PBL).[3] Recently, the IP was used to add a contentious bit of material to Children of Men.[4] Previous to this edit, this material has been added back into the article by one single registered editor over the past few years. It may very well be the case that this is a troll trying to run a Joe job in order to make it look like the registered editor is using the IP. Could someone check on the use of this IP? Viriditas (talk) 08:09, 15 October 2011 (UTC)
- An initial review suggest this is a normal Eastern European dynamic IP address. The Honeypot data is quite old and limited, the range on the Spamhaus blacklist is huge, and it seems to be the same user as 93.138.72.223 (talk · contribs), which would be an unlikely event from an open proxy. There's no other signs of open proxyness. I think you're looking at a regular Croatian IP. -- zzuuzz (talk) 08:22, 15 October 2011 (UTC)
- The dictionary attacks from that range (for example, 93.138.114.149) are dated as late as yesterday[5] so I would hardly describe data from October 14, 2011 as "old and limited". Further, this link indicates that it has been going on daily for at least several years, including the last several months. Viriditas (talk) 08:28, 15 October 2011 (UTC)
- Indeed. However I still think you're looking at someone (or with those links many people) on a huge dynamic range instead of an open proxy. But we'll leave it here to see if anything turns up. -- zzuuzz (talk) 08:33, 15 October 2011 (UTC)
- I will be escalating this to SPI as the user has just created a new registered account, Nutmeg.17 (talk · contribs) which is either another attempt at a joe job (the name nutmeg points to the person I am supposed to believe is behind the account). I think it is extremely unlikely that this user is really in Eastern Europe and is likely editing from the U.S. Viriditas (talk) 09:38, 16 October 2011 (UTC)
- Indeed. However I still think you're looking at someone (or with those links many people) on a huge dynamic range instead of an open proxy. But we'll leave it here to see if anything turns up. -- zzuuzz (talk) 08:33, 15 October 2011 (UTC)
- The dictionary attacks from that range (for example, 93.138.114.149) are dated as late as yesterday[5] so I would hardly describe data from October 14, 2011 as "old and limited". Further, this link indicates that it has been going on daily for at least several years, including the last several months. Viriditas (talk) 08:28, 15 October 2011 (UTC)
85.112.95.24
{{proxycheckstatus}}
- 85.112.95.24 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Unblock-en-l, looks like a closed proxy at glance. -- DQ (t) (e) 09:37, 29 September 2011 (UTC)
213.134.163.134
{{proxycheckstatus}}
- 213.134.163.134 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Unblock-en-l -- DQ (t) (e) 10:18, 29 September 2011 (UTC)
143.89.188.2
{{proxycheckstatus}}
- 143.89.188.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Unblock-en-l -- DQ (t) (e) 10:19, 29 September 2011 (UTC)
Unlikely IP is an open proxy Used to be a proxy, but last confirmation was in may (I think that's what 5 is) -- DQ (t) (e) 16:50, 5 October 2011 (UTC)
67.142.168.143
{{proxycheckstatus}}
- 67.142.168.143 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock by Mr. Knowledgable. Block reason contains the inforemation: 67.44.130.74:87. עוד מישהו Od Mishehu 15:11, 2 October 2011 (UTC)
202.156.13.10
{{proxycheckstatus}}
- 202.156.13.10 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
User claims in request that IP shows as open proxy because it's dynamic, and goes into some detail in their request. Daniel Case (talk) 15:57, 7 July 2011 (UTC)
- Is there a way to search for blocks on a particular range or with a particular prefix? This seems almost identical to the above request and I'm wondering if there are more similar blocks out there. Sailsbystars (talk) 02:54, 8 July 2011 (UTC)
- This actually may need to be re-blocked. It was used by a "logged out user" not a week ago and the amount of abuse in general from this IP is pretty high. I can't verify the proxy though, it may be intermittently available. Sailsbystars (talk) 12:15, 17 August 2011 (UTC)
221.132.112.94
{{proxycheckstatus}}
- 221.132.112.94 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
User on #wikipedia-en-help on IRC is unable to edit due to the block on this, and is trying to resolve it. —Jeremy v^_^v Components:V S M 05:05, 24 August 2011 (UTC)
- Block has just expired for now, though the host is down, so I want to hold off on reblocking, but check again down the road. Also a watch on the edits should be made. -- DQ (t) (e) 18:49, 24 August 2011 (UTC)
67.228.174.165
{{proxycheckstatus}}
- 67.228.174.165 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Unblock-en-l, going to look at myself, just reminding myself here. -- DQ (t) (e) 07:54, 16 September 2011 (UTC)
- Doubt this is a proxy, Softlayer sounded similar to Nlayer (and Nlayer hosts AnchorFree's Hotspot Shield proxies), but this is clearly a webhost, so
You have not given a value for the mandatory first parameter! Possible parameters are: {{proxycheck| ….|complete,|confirmed,|likely,|unlikely,|possible,|blocked,|inconclusive,|notaproxy, and|decline (it just looks like a windows server to me) and will communicate with user on unblock-en-l. -- DQ (t) (e) 06:15, 20 September 2011 (UTC)
222.166.181.242
{{proxycheckstatus}}
- 222.166.181.242 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Timddeb (talk · contribs) states that they cannot edit from their Hong Kong ISP. —DoRD (talk) 13:04, 20 September 2011 (UTC)
There is an unblock request at User talk:Timddeb. The user says that he/she is affected by a block on 222.166.181.242 by ProcseeBot, but says the IP address is not an open proxy. I can find no evidence that this IP address is currently an open proxy, but would be grateful if someone with more knowledge of the subject could check. JamesBWatson (talk) 13:07, 20 September 2011 (UTC)
- Unlikely IP is an open proxy. IP unblocked, on hold to double-check over the next few days. -- zzuuzz (talk) 13:44, 20 September 2011 (UTC)
217.73.161.146
{{proxycheckstatus}}
- 217.73.161.146 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock. no reason given - blocked by ProcseeBot as a proxy
196.46.71.251
{{proxycheckstatus}}
- 196.46.71.251 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: An email was sent to unblock-en-l today ([Unblock-en-l] Cannot create account or edit due to blocked proxy.) about this IP address - from what the requester said, this is not an open proxy but rather a closed proxy their ISP shunts a bunch of their traffic through. When attempting to access this proxy through a web browser on the ports named in the block log, I got 403 Forbidden errors, which would support the claim that this is a closed proxy. Can someone double check this and unblock if possible? Thanks. Hersfold (t/a/c) 00:03, 19 October 2011 (UTC)
Not currently an open proxy, concur with that, IP unblocked. -- zzuuzz (talk) 07:54, 19 October 2011 (UTC)
208.101.9.135
{{proxycheckstatus}}
- 208.101.9.135 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
copied from talk page This IP address is nemu.pointysoftware.net - a dedicated server used for private VPN access by myself and a few others. It is not an open proxy nor public access system. 208.101.9.135 (talk) 21:13, 10 October 2011 (UTC) Ronhjones (Talk) 21:21, 10 October 2011 (UTC) Reason: Requested unblock.
- My attempts to use it as a proxy (using port 80) produce a "404 - Not Found" message for every page I try to visit. This seems consistent with the claim made in the unblock request. JamesBWatson (talk) 16:38, 11 October 2011 (UTC)
143.89.188.2
{{proxycheckstatus}}
- 143.89.188.2 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
IP belongs to Hong Kong University of Science and Technology; we recieved an email to unblock-en-l requesting an account from this IP. On running a port scan, ports 80 and 8080 do appear to be open, however return an "access denied" message when I attempt to access them through a web browser. I believe this is a closed proxy, but could someone take a look and confirm? Hersfold (t/a/c) 21:26, 21 October 2011 (UTC)
- This was checked a couple of weeks ago[6]. I'll take another look. -- zzuuzz (talk) 21:54, 21 October 2011 (UTC)
137.132.250.14
{{proxycheckstatus}}
- 137.132.250.14 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Requested unblock at User talk:ZhangPeng NUS. I can find no evidence that this is currently an open proxy. JamesBWatson (talk) 14:23, 20 October 2011 (UTC)
- 137.132.168.217 seems to be doing something on port 8909, but I can't work it. Considering the likely collateral, and the risks for abuse, I've unblocked it for now. We'll leave it up for further checks later. -- zzuuzz (talk) 15:05, 20 October 2011 (UTC)
70.42.29.3
{{proxycheckstatus}}
- 70.42.29.3 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Requesting unblock on this IP talkpage. IP says this is a secure cloud filtering proxy service by ZScaler used by the Canadian company he works for. Hersfold, who did the block, says he would have been "pretty darn sure" it was open, but invited me to post here for another opinion. Elen of the Roads (talk) 21:23, 22 October 2011 (UTC)
- It looks like a closed proxy to me, and the IP's explanation is quite plausible. Certainly the open ports are not open proxy ports. Any second opinions? -- zzuuzz (talk) 11:17, 23 October 2011 (UTC)
- I will unblock at this time then. If it turns out to be an open proxy, can be reblocked. --Elen of the Roads (talk) 13:50, 24 October 2011 (UTC)
- The Zscaler company operates a proxy service used for web filtering of employee traffic. The NY Times wrote about them here. The chances that a company hired to provide security would allow open access to their proxy service by anyone on the web appears low. Opening http://70.42.29.3 leads to a prompt that wants a login ID. Unblocking the IP address seems correct to me. EdJohnston (talk) 15:07, 24 October 2011 (UTC)
- Not currently an open proxy With all the comments and looking around here, looking around, and some results in the port scan I think this is clearly closed. Further note re. Hersfold's check, the ports he blocked for are still "open" but require login, aka closed. -- DQ (t) (e) 21:04, 28 October 2011 (UTC)
- The Zscaler company operates a proxy service used for web filtering of employee traffic. The NY Times wrote about them here. The chances that a company hired to provide security would allow open access to their proxy service by anyone on the web appears low. Opening http://70.42.29.3 leads to a prompt that wants a login ID. Unblocking the IP address seems correct to me. EdJohnston (talk) 15:07, 24 October 2011 (UTC)
- I will unblock at this time then. If it turns out to be an open proxy, can be reblocked. --Elen of the Roads (talk) 13:50, 24 October 2011 (UTC)
144.177.50.6
{{proxycheckstatus}}
- 144.177.50.6 · talk · contribs · block · log · stalk · Robtex · whois · Google · ipcheck · HTTP · geo · rangeblocks · spur · shodan
Reason: Please see User talk:Animeshkulkarni#Blocked?! - The IP was blocked by the bot on October 22, but it appears to be a corporate network registered to a large Norwegian company. The user states that they usually edit through this IP address. —DoRD (talk) 13:07, 28 October 2011 (UTC)