https://bugzilla.wikimedia.org/show_bug.cgi?id=23321
Ævar Arnfjörð Bjarmason <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #10 from Ævar Arnfjörð Bjarmason <[email protected]> 2010-05-01 15:32:17 UTC --- (In reply to comment #9) > Here's a list of IPs I blocked during the time period from when this bug was > re-opened. They were almost certainly all tor nodes at the time & used for > vandalism. > > 130.217..76.77 > 24.94.65.2 > 77.109.139.87 > 80.193.114.10 > 83.78.60.241 > 92.62.52.188 > 95.170.245.53 This is almost certainly just a race condition. Here's a check against the Tor exit node list (from https://check.torproject.org/cgi-bin/TorBulkExitList.py): $ for i in 130.217.76.77 24.94.65.2 77.109.139.87 80.193.114.10 83.78.60.241 92.62.52.188 95.170.245.53; do ack -c $i tor.txt; done tor.txt:0 tor.txt:1 tor.txt:1 tor.txt:1 tor.txt:0 tor.txt:1 tor.txt:1 5/7 were exit nodes when I fetched the list, 2 no longer were (if they ever were in the past, I'll take Mike's word for it). Tor exit nodes are spinning up and going down all the time. You can configure Tor so that it only runs at full throughput for a few minutes every day. I don't think it would be part of the exported *current* exit node list if you happened to fetch it a few hours later. I think the best workaround for this would be to regularly poll the list of exit nodes and ban anyone that either is a Tor exit now, or has been so for the past 2 weeks or so. I suspect it'll always be possible to sneak through. I could spin up a (new) Tor exit now that would be part of the Tor network within minutes. A dedicated attacker could just keep trying to vandalize Wikipedia hoping to get some edits in through Tor in that window. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
