Semi Protection

UESPWiki:Administrator Noticeboard/Archives/TOR Blocking

The UESPWiki – Your source for The Elder Scrolls since 1995
Jump to: navigation, search
This is an archive of past UESPWiki:Administrator Noticeboard/Archives discussions. Do not edit the contents of this page, except for maintenance such as updating links.

TOR Blocking

Subsequent to several discussions on blocking TOR exit nodes, I've recently found TorBlock. It's a relatively simple extension that allows blocking of TOR users with a variety of options. I think it's something we might want to take a look at. Robin Hoodtalk 15:50, 23 August 2010 (UTC)

I've gone ahead and installed it, instead of coming up with some way on my own to do the same thing. Configuration settings are the default settings (other than setting the wgTorIPs to a correct set of values). Which means without logging in, people accessing the site via Tor should only be able to read articles; logged-in editors using Tor have standard access. I haven't actually tested it, though (short of confirming that the extension shows up on the Version page). --NepheleTalk 22:27, 23 August 2010 (UTC)
I'll download Tor and do some basic testing. Another user who's more familiar with it has also offered, but I'll let that person speak for themselves. Hopefully this will mean an end to, or at least a substantial reduction in, the number of Tor users we have to deal with. Now we just need to worry about all the other proxy servers out there. :-/ Robin Hoodtalk 22:30, 23 August 2010 (UTC)
I happen to be that user. I offered to stress-test the system and I will plan on editing my own talk page under as many TOR nodes as I can with your permissions, of course.--Corevette789 22:47, 23 August 2010 (UTC)
As you can see on my talk page, I was able to get through on a TOR address with a little patience. Perhaps the extension just hasn't downloaded a list of IPs yet...? One way or the other, the IP I was editing from is there, so it should be easy enough to figure out why it wasn't detected. Robin Hoodtalk 23:07, 23 August 2010 (UTC)
I went looking the other day for stuff on Tor and found this: http://www.irongeek.com/i.php?page=security/detect-tor-exit-node-in-php it's a pretty small chunk of code, and from what I could tell, it worked to detect exit nodes. Since it uses a DNSBL provided by the people who make Tor, it should be fairly reliable. Arthmoor 23:14, 23 August 2010 (UTC)
I've tried about a dozen exit nodes now, and all but two were manually blocked. The second time that I wasn't manually blocked, TorBlock kicked in and I was auto-blocked. So either something has changed since my last message, or it's just a matter of waiting until TorBlock has time to build up its database of Tor addresses. Robin Hoodtalk 23:21, 23 August 2010 (UTC)
Update: Either I have strange luck or something just changed, as it seems that all the addresses I try, including the one that got through earlier, are auto-blocked now instead of manually blocked or getting through. This would suggest that my theory was right, earlier, and that the list just hadn't been downloaded yet, as I don't see anything from Nephele about any changes since installing it. Robin Hoodtalk 23:28, 23 August 2010 (UTC)

() I've downgraded the version of the extension for compatibility with the site's current Mediawiki code (MW14.0), so we're now running the version of TorBlock that was in place at the time MW14.0 was released. The up-to-date version that I first installed was using some hooks that our Mediawiki doesn't recognize -- meaning that some parts of the TorBlock code were never being accessed. That said, though, the most important hooks (such as "GetBlockedStatus") are ones that our Mediawiki uses. Also, I only did the downgrade well after RobinHood70's last report that he was successfully getting autoblocked.

So, basically, all the tests should really be redone given that the code has been replaced ;)

Also, I ran loadExitNodes as soon as I installed the extension (before even posting any mention of it on the site), so it should have had started off with a list of tor nodes. However, after RobinHood70's initial comment about problems, I cobbled together some tests to check the tor node list -- which confirmed that it has a list of 1301 exit nodes (including the one that RH got through on), and that the list is being stored in and retrieved from memcached. So I'm not really sure why things would have been inconsistent. --NepheleTalk 23:56, 23 August 2010 (UTC)

Okay, I'll re-test. At first blush, it appeared that I might still be able to create an account, but that's not 100% certain by any means. The one time I tried, I got a manual block notice rather than an auto-block notice. Just tweaking a template a bit, then I'll get on it. Robin Hoodtalk 00:03, 24 August 2010 (UTC)
On re-testing, everything still works as expected, and I was unable to get through anonymously on any node that I tried. It looks like account creation first checks for a manual block, then checks TorBlock, but either way, it's still blocked. Robin Hoodtalk 02:27, 24 August 2010 (UTC)
Nephele, et al: If there's any further testing that you'd like to do with someone using TOR, either on-site or off, let me know. If not, I'll uninstall it in the next few days. Robin Hoodtalk 17:06, 26 August 2010 (UTC)

Just to be certain, do the blocks only affect anonymous users? Can registered users still use TOR? I have to use TOR in order to access some blocked sites and to ensure my privacy whenever I travel to a foreign country (eg. China, Saudi Arabia). I believe that we should still keep TOR's original intentions in mind; it wasn't made for abuse. Also, TOR is slow anyway. --Michaeldsuarez (Talk) (Deeds) 17:40, 25 August 2010 (UTC)

Yes, registered users can still use TOR. New users would have to create an account without the benefit of TOR, though if that itself were an issue, they could readily ask someone (Daveh by e-mail, a friend, or in our forums) to create an account for them. We should probably update UESPWiki:Contact to reflect that. I'll wait a bit, in case people have other suggestions that should be taken into account. Robin Hoodtalk 19:23, 25 August 2010 (UTC)
Sounds good. --Michaeldsuarez (Talk) (Deeds) 19:21, 27 August 2010 (UTC)