If you are creating a new request about this user, please add it to the top of the page, above this notice. Don't forget to add {{Wikipedia:Requests for checkuser/Case/82.201.156.201}} to the checkuser page
here. Previous requests (shown below), and this box, will be automatically hidden on
Requests for checkuser (but will still appear here).
The following discussion is preserved as an archive of a
Request for checkuser. Please do not modify it.
A spammer who is using a large and expanding number of Egyptian IP addresses is repeatedly adding links to three domains electojets.com, elect.awardspace.com/stepper/, and 1lo.info/stepping that have been identified by consensus on
Talk:Electric motor#Spam as spam per
WP:EL. One of the domains, electojets.com, is identifiable with an Egyptian registration: Abdoh Ali Mohamed, Hay Swesri, Nasr City, Cairo, Egypt.
All three domains
have been spam-blacklisted on en-wiki, but this is no longer effective because the spammer has started using a url hiding service to beat the spam blacklist, planting disguised links to the domains
[24][25][26].
Clerk note: I'm not sure of what you are looking for here, since you obviously already have the IPs? I have
asked for thee smileurl addition in the meta spam blacklist, meanwhile. --
lucasbfrtalk 12:22, 13 March 2008 (UTC)reply
Indeed, we know the IPs, but an RFCU would confirm whether the IPs have the same user-agent (as well as the same other data logged by the servers, unmentioned here per
WP:BEANS). Both
Rlevse and
Rudget recommended to take this to RFCU. With the almost absolute certainty that a positive RFCU would provide, stronger measures, such as carefully crafted range-blocks or
other more technical methods, could be considered. Weaker measures, such as blacklisting, have not stopped the spammer. He/she will keep beating the blacklist by continually renaming the blogs, using new hiding services, and serving the blogs from bare IPs. Thanks all the same for taking smileurl to the blacklist. -
Neparis (
talk) 14:29, 13 March 2008 (UTC)reply
I looked at a couple, the user agent is too generic to be of much use, and you already have the IP addresses. There is nothing I can tell you that would help you make a range or other block that you can not already get from the IPs.
Thatcher 18:32, 13 March 2008 (UTC)reply
Thanks for checking. Pity the ua is too generic. I take it none of the
other log data had significant matches? The corresponding IP address blocks look like:
41.232.0.0 ↔ 41.239.255.255
62.135.0.0 ↔ 62.135.127.255
62.139.0.0 ↔ 62.139.255.255
82.201.128.0 ↔ 82.201.255.255
84.36.0.0 ↔ 84.36.255.255
196.200.0.0 ↔ 196.207.255.255
213.212.192.0 ↔ 213.212.255.255
217.52.0.0 ↔ 217.55.255.255
Would you recommend selecting some / all for range blocking? Are there any non-spam contributions at all to Wikipedia from within these IP address blocks? If none, there might not be much if any collateral damage from range blocks. -
Neparis (
talk) 20:07, 13 March 2008 (UTC)reply
Frankly it doesn't seem like a frequent enough problem to warrant large range blocks (13 edits so far this year). We can only range block a /16 anyway, and you've got some much larger ranges in there. It would probably be less disruptive to just watch the page, and when the guy starts up again, have it semi-protected for a week or so.
Thatcher 01:54, 14 March 2008 (UTC)reply
Ok, that makes sense. You said above that you had had a look at a couple of the IPs, and determined that the u-a's were too generic to be of much use. Does that mean — sorry if this seems like a silly question (hope not) — that you ran a checkuser on a couple of the IPs? If so, did none of the other (non user-agent) data in the logs for these IPs show any significant matches? Many thanks,
Neparis (
talk) 02:02, 14 March 2008 (UTC)reply
There wasn't really any useful information returned that isn't already obvious--the web site owner keeps trying to add his site and keeps changing IPs. So just keep reverting and if it gets hit more than a couple times in the same day, ask for protection at
WP:RFPP.
Thatcher 04:03, 15 March 2008 (UTC)reply
I understand. My question, however, was: is it correct that you checkuser'd a couple of the IPs to determine that the user-agent was too generic to be of much use? I hope my question makes sense. -
Neparis (
talk) 15:50, 16 March 2008 (UTC)reply
The above discussion is preserved as an archive of the Request for checkuser. Please do not modify it. Subsequent requests related to this user should be made above, in a new section.
If you are creating a new request about this user, please add it to the top of the page, above this notice. Don't forget to add {{Wikipedia:Requests for checkuser/Case/82.201.156.201}} to the checkuser page
here. Previous requests (shown below), and this box, will be automatically hidden on
Requests for checkuser (but will still appear here).
The following discussion is preserved as an archive of a
Request for checkuser. Please do not modify it.
A spammer who is using a large and expanding number of Egyptian IP addresses is repeatedly adding links to three domains electojets.com, elect.awardspace.com/stepper/, and 1lo.info/stepping that have been identified by consensus on
Talk:Electric motor#Spam as spam per
WP:EL. One of the domains, electojets.com, is identifiable with an Egyptian registration: Abdoh Ali Mohamed, Hay Swesri, Nasr City, Cairo, Egypt.
All three domains
have been spam-blacklisted on en-wiki, but this is no longer effective because the spammer has started using a url hiding service to beat the spam blacklist, planting disguised links to the domains
[24][25][26].
Clerk note: I'm not sure of what you are looking for here, since you obviously already have the IPs? I have
asked for thee smileurl addition in the meta spam blacklist, meanwhile. --
lucasbfrtalk 12:22, 13 March 2008 (UTC)reply
Indeed, we know the IPs, but an RFCU would confirm whether the IPs have the same user-agent (as well as the same other data logged by the servers, unmentioned here per
WP:BEANS). Both
Rlevse and
Rudget recommended to take this to RFCU. With the almost absolute certainty that a positive RFCU would provide, stronger measures, such as carefully crafted range-blocks or
other more technical methods, could be considered. Weaker measures, such as blacklisting, have not stopped the spammer. He/she will keep beating the blacklist by continually renaming the blogs, using new hiding services, and serving the blogs from bare IPs. Thanks all the same for taking smileurl to the blacklist. -
Neparis (
talk) 14:29, 13 March 2008 (UTC)reply
I looked at a couple, the user agent is too generic to be of much use, and you already have the IP addresses. There is nothing I can tell you that would help you make a range or other block that you can not already get from the IPs.
Thatcher 18:32, 13 March 2008 (UTC)reply
Thanks for checking. Pity the ua is too generic. I take it none of the
other log data had significant matches? The corresponding IP address blocks look like:
41.232.0.0 ↔ 41.239.255.255
62.135.0.0 ↔ 62.135.127.255
62.139.0.0 ↔ 62.139.255.255
82.201.128.0 ↔ 82.201.255.255
84.36.0.0 ↔ 84.36.255.255
196.200.0.0 ↔ 196.207.255.255
213.212.192.0 ↔ 213.212.255.255
217.52.0.0 ↔ 217.55.255.255
Would you recommend selecting some / all for range blocking? Are there any non-spam contributions at all to Wikipedia from within these IP address blocks? If none, there might not be much if any collateral damage from range blocks. -
Neparis (
talk) 20:07, 13 March 2008 (UTC)reply
Frankly it doesn't seem like a frequent enough problem to warrant large range blocks (13 edits so far this year). We can only range block a /16 anyway, and you've got some much larger ranges in there. It would probably be less disruptive to just watch the page, and when the guy starts up again, have it semi-protected for a week or so.
Thatcher 01:54, 14 March 2008 (UTC)reply
Ok, that makes sense. You said above that you had had a look at a couple of the IPs, and determined that the u-a's were too generic to be of much use. Does that mean — sorry if this seems like a silly question (hope not) — that you ran a checkuser on a couple of the IPs? If so, did none of the other (non user-agent) data in the logs for these IPs show any significant matches? Many thanks,
Neparis (
talk) 02:02, 14 March 2008 (UTC)reply
There wasn't really any useful information returned that isn't already obvious--the web site owner keeps trying to add his site and keeps changing IPs. So just keep reverting and if it gets hit more than a couple times in the same day, ask for protection at
WP:RFPP.
Thatcher 04:03, 15 March 2008 (UTC)reply
I understand. My question, however, was: is it correct that you checkuser'd a couple of the IPs to determine that the user-agent was too generic to be of much use? I hope my question makes sense. -
Neparis (
talk) 15:50, 16 March 2008 (UTC)reply
The above discussion is preserved as an archive of the Request for checkuser. Please do not modify it. Subsequent requests related to this user should be made above, in a new section.