[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Roan Kattouw roan.katt...@gmail.com changed: What|Removed |Added CC||roan.katt...@gmail.com --- Comment #22 from Roan Kattouw roan.katt...@gmail.com 2010-11-13 16:49:28 UTC --- I found the problem: loadExitNodes.php (which does indeed run on hume) is run with php -n . Running it without the -n flag unbreaks it. I've run the script manually so the exit node list is good now, but it'll be blanked by the broken script on its next run (it runs every 20 mins). I'll ask a root to remove the -n flag in the crontab. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Roan Kattouw roan.katt...@gmail.com changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #23 from Roan Kattouw roan.katt...@gmail.com 2010-11-13 17:29:55 UTC --- Ariel did this, and we now have a full exit node list again, yay! -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #21 from Platonides platoni...@gmail.com 2010-11-11 16:29:07 UTC --- I confirm that tor blocking is not working. The list of tor nodes is empty (but it's there!) so the cron loader is running but not able to retrieve it. My guess is that the server running loadExitNodes.php (used to be hume) can't connect to check.torproject.org:443 Maybe it can't even resolve the dns. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 zzuuzz zzu...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED CC||zzu...@gmail.com Resolution|FIXED | --- Comment #16 from zzuuzz zzu...@gmail.com 2010-10-31 10:48:21 UTC --- I've reopened this bug, having followed it since it was first raised I can tell you that this extension has just been getting worse and is currently next to useless on enwiki. I've been consistently blocking several Tor nodes on most days since this was first raised. Now the vandals are really catching on and causing problems. I can't determine any pattern - it affects long term permanent nodes as well as more dynamic ones. All the nodes have been able to exit to Wikipedia according to any Tor checker. There's a serious failure happening somewhere, so perhaps someone could take another look. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #17 from Platonides platoni...@gmail.com 2010-10-31 16:12:56 UTC --- Can you provide specific instances? The possible holes it occurs to me are the refetching time, some error, or new nodes which were added since the last update (the node list is cached for 30 minutes). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #18 from Andrew Garrett agarr...@wikimedia.org 2010-10-31 16:16:40 UTC --- I'll try to take a look at this in the next couple of weeks, but I need specifics. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #19 from zzuuzz zzu...@gmail.com 2010-10-31 16:45:47 UTC --- Here's a sample from the last 24 hours. I've included the uptime reported by Tor as it was a few minutes ago, so it's not accurate but should give some idea. Of course many of the longer term nodes have been manually blocked by admins, but they pop up from time to time. This one for instance: 174.36.199.203 was editing recently. 108.7.61.129uptime 468929 66.8.152.121uptime 148865 206.248.138.177 uptime 3283382 82.95.152.30uptime 1274475 91.200.79.122 uptime 8601 67.182.56.220 uptime 130268 92.243.189.2uptime 549 88.161.177.191 uptime 915 46.4.208.206uptime 207156 66.58.182.38uptime 714921 99.251.211.225 uptime 12627 88.166.161.41 uptime 742 109.91.187.162 uptime 7138 88.160.214.26 uptime 507 109.191.8.168 uptime 183 66.74.163.57uptime 915 98.126.1.234uptime 426215 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #20 from zzuuzz zzu...@gmail.com 2010-10-31 18:38:54 UTC --- Here are some more going back to the start of October. These are just the ones I've blocked. I'm aware there have been others. Again I've included the uptime as reported a few minutes ago. All were confirmed at the time I blocked them. 115.84.182.227 uptime 324953 194.0.229.54uptime 1713811 178.63.198.71 now defunct 117.18.75.235 uptime 325500 89.16.175.194 uptime 55151 85.217.65.155 uptime 788037 77.109.139.87 uptime 1604624 78.229.64.71uptime 4392 194.154.227.109 uptime 8252751 62.141.53.224 uptime 1158035 78.129.227.207 now defunct 109.174.52.21 now defunct 137.56.163.46 uptime 874168 128.6.224.107 uptime 7717424 178.18.16.119 now defunct 61.32.46.9 now defunct 137.56.163.64 uptime 794079 74.208.213.82 uptime 270456 91.213.50.235 uptime 3088635 71.80.220.255 uptime 324747 96.232.187.242 now defunct 78.46.39.228uptime 894958 193.34.144.124 uptime 2466579 91.203.170.121 uptime 27816 69.175.122.198 now defunct 216.194.67.53 now defunct -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #15 from Ævar Arnfjörð Bjarmason ava...@gmail.com 2010-06-29 07:01:06 UTC --- The vandalism isn't occurring in the 30 second window, but the 1800 second window that the tor exit list is cached for. In that half an hour a lot of new exit nodes will spin up, as the graph I showed demonstrated. I.e. Platonides's patch doesn't solve the problem. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Andrew Garrett agarr...@wikimedia.org changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #14 from Andrew Garrett agarr...@wikimedia.org 2010-05-16 12:56:59 UTC --- No intention to live-merge this revision, as it affects 30 seconds every half hour, and no evidence has been elicited that there is significant vandalism occurring in these refresh periods. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Platonides platoni...@gmail.com changed: What|Removed |Added Keywords||shell --- Comment #13 from Platonides platoni...@gmail.com 2010-05-12 15:04:19 UTC --- There's another race condition. r66275 should fix that. Needs a sysadmin to apply it. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #6 from Andrew Garrett agarr...@wikimedia.org 2010-05-01 10:46:02 UTC --- You're not giving me anything to work with, here. Mail me nodes that should be blocked that aren't, or edits through tor nodes that should have been disallowed, or *something*. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #7 from Mike.lifeguard mike.lifegu...@gmail.com 2010-05-01 14:27:49 UTC --- (In reply to comment #6) You're not giving me anything to work with, here. Mail me nodes that should be blocked that aren't, or edits through tor nodes that should have been disallowed, or *something*. They weren't being blocked at all for that time period. At all. Do you still want a list of IPs? The GlobalBlocking log on Meta has some, I can pick out the relevant section if you need me to. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #8 from Andrew Garrett agarr...@wikimedia.org 2010-05-01 14:43:00 UTC --- (In reply to comment #7) They weren't being blocked at all for that time period. At all. Do you still want a list of IPs? The GlobalBlocking log on Meta has some, I can pick out the relevant section if you need me to. I'm referring to the reopening of the bug. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #9 from Mike.lifeguard mike.lifegu...@gmail.com 2010-05-01 14:51:03 UTC --- Here's a list of IPs I blocked during the time period from when this bug was re-opened. They were almost certainly all tor nodes at the time used for vandalism. 130.217.76.77 24.94.65.2 77.109.139.87 80.193.114.10 83.78.60.241 92.62.52.188 95.170.245.53 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Ævar Arnfjörð Bjarmason ava...@gmail.com changed: What|Removed |Added CC||ava...@gmail.com --- Comment #10 from Ævar Arnfjörð Bjarmason ava...@gmail.com 2010-05-01 15:32:17 UTC --- (In reply to comment #9) Here's a list of IPs I blocked during the time period from when this bug was re-opened. They were almost certainly all tor nodes at the time used for vandalism. 130.217..76.77 24.94.65.2 77.109.139.87 80.193.114.10 83.78.60.241 92.62.52.188 95.170.245.53 This is almost certainly just a race condition. Here's a check against the Tor exit node list (from https://check.torproject.org/cgi-bin/TorBulkExitList.py): $ for i in 130.217.76.77 24.94.65.2 77.109.139.87 80.193.114.10 83.78.60.241 92.62.52.188 95.170.245.53; do ack -c $i tor.txt; done tor.txt:0 tor.txt:1 tor.txt:1 tor.txt:1 tor.txt:0 tor.txt:1 tor.txt:1 5/7 were exit nodes when I fetched the list, 2 no longer were (if they ever were in the past, I'll take Mike's word for it). Tor exit nodes are spinning up and going down all the time. You can configure Tor so that it only runs at full throughput for a few minutes every day. I don't think it would be part of the exported *current* exit node list if you happened to fetch it a few hours later. I think the best workaround for this would be to regularly poll the list of exit nodes and ban anyone that either is a Tor exit now, or has been so for the past 2 weeks or so. I suspect it'll always be possible to sneak through. I could spin up a (new) Tor exit now that would be part of the Tor network within minutes. A dedicated attacker could just keep trying to vandalize Wikipedia hoping to get some edits in through Tor in that window. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #11 from Ævar Arnfjörð Bjarmason ava...@gmail.com 2010-05-01 15:45:57 UTC --- (In reply to comment #10) (In reply to comment #9) Here's a list of IPs I blocked during the time period from when this bug was re-opened. They were almost certainly all tor nodes at the time used for vandalism. 130.217..76.77 24.94.65.2 77.109.139.87 80.193.114.10 83.78.60.241 92.62.52.188 95.170.245.53 This is almost certainly just a race condition. Here's a check against the Tor exit node list (from https://check.torproject.org/cgi-bin/TorBulkExitList.py): After looking at the source it looks like it is. Exit nodes are stored for 30 minutes but new ones are spinning up all the time. See this graph for reference for how they vary over the day: http://munin.nix.is/nix.is/v.nix.is/tor_routers.html I suggest storing the fetch time along with the IP in memcache and updating it as appropriate, dropping old entries after some configured amount of time. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Matthew P. Del Buono delbu...@my.erau.edu changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED | --- Comment #5 from Matthew P. Del Buono delbu...@my.erau.edu 2010-04-26 16:44:10 UTC --- Based on recent CU evidence, it appears that there are still tor nodes that aren't being blocked: http://en.wikipedia.org/w/index.php?diff=358434527oldid=358430355 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #1 from Matthew P. Del Buono delbu...@my.erau.edu 2010-04-25 21:33:43 UTC --- As a short note, it is my understanding that this extension works on a list of known tor exit nodes. How often is this list updated? If it is not updated frequently enough, then it's likely that the more dynamic nodes will not be blocked. -- Shirik -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Deskana djgw...@googlemail.com changed: What|Removed |Added CC||djgw...@googlemail.com --- Comment #2 from Deskana djgw...@googlemail.com 2010-04-25 21:47:44 UTC --- As the checkuser that's spent all day chasing this person around (and the person who has subsequently found his request for a bot to automate what he's doing got tied up in needless red tape), an urgent fix would be appreciate. This isn't a theoretical vulnerability, it's a practical one that has absorbed a rather large amount of my time today. -Deskana -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 Andrew Garrett agarr...@wikimedia.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #3 from Andrew Garrett agarr...@wikimedia.org 2010-04-25 23:22:26 UTC --- Despite having just completed about 40 hours of travel, I isolated this problem to a failure to load the exit node list, caused by a regression in HttpFunctions resulting from its recent rewrite and the invalid SSL certificate held by the maintainers of the tor server. I've fixed the issue preventing updates, and forced an immediate update. Tor nodes should again be blocked with immediate effect. I'd recommend rolling back the manual blocks placed on them, as tor exit nodes have an average lifespan on the order of days or weeks, not five years. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 23321] TOR nodes not being properly blocked
https://bugzilla.wikimedia.org/show_bug.cgi?id=23321 --- Comment #4 from Deskana djgw...@googlemail.com 2010-04-25 23:31:43 UTC --- I'll roll back the blocks tomorrow when I'm awake. Thanks for the quick fix. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
