Wikinews:Requests for CheckUser/Archive 3

Have any CUs been done on Saki (talk · contribs) or his sockpuppets? If so, for what reason (ie what reason shows up on the log)? What were the results? If possible, please comment here. Benny the mascot (talk) 05:31, 24 June 2010 (UTC)[reply]

  Done see here --Skenmy ^talk 07:04, 24 June 2010 (UTC)[reply]

• Per my recollection of dealing with Saqib, all used IP addresses should be checked. Those with reverse lookups in Pakistan should have the range established, and range checks run. IIRC Xe previously got round a /16 block. I know on-wiki respose must be terse; if contributing his OR from elsewhere than WP userpage claims... --Brian McNeil / ^talk 07:20, 24 June 2010 (UTC)[reply]

Thanks, Skenmy. Has Saki engaged in any abusive sockpuppetry during the past month? Benny the mascot (talk) 00:47, 25 June 2010 (UTC)[reply]

•   Comment As I am well-aware of the complications of 'genericised' responses to CU submissions, there is a key point that I wish established. One that I am no longer able to do without access to CU logs.That would be the establishing of a timestamped list indicating when I have carried out a CU on a range larger than /24, that was within Pakistan. The actual specific range need not be mentioned, but this will allow me to cross-check with the block log and prove that Saqib has been an ongoing problem, and block-evader, in the time since 2008. --Brian McNeil / ^talk 10:42, 27 June 2010 (UTC)[reply]

• Dubaiguy1 (talk · contribs), Saki (talk · contribs), Chiaki0808 (talk · contribs),

Evidence:

Range check requested on: 115.167.0.0/16

Per [7] [8], [9], [10], [11], [12], [13], enough. Join the rest of the dots.

@whois 115.167.125.148
reverseDSN: 115-167-125-148.wi-tribe.net.pk. - range: 115.167.0.0 / 115.167.127.255 - city: Islamabad, Islamabad - country: PK [Pakistan] - known proxy: No - http://private.dnsstuff.com/tools/ipall.ch?domain=115.167.125.148

Prior experience with this user, WN:DUCK. --Brian McNeil / ^talk 01:01, 25 June 2010 (UTC)[reply]

See also, http://en.wikipedia.org/wiki/Wikipedia_talk:Meetup/Karachi_1/Archive_1 and http://en.wikipedia.org/wiki/File:Wikimeetup_Karachi_1_report.pdf . S Q (talk · contribs) and Saqib Qayyum (talk · contribs) are another account used by this user. --Diego Grez ^{return fire} 01:17, 25 June 2010 (UTC)[reply]

Did some checking, but not seeing too much in the way of technical correlation between Saki (talk · contribs) and: Dubaiguy1 (talk · contribs), Chiaki0808 (talk · contribs). Perhaps you could give some evidence/diffs, local to this project (Wikinews) ? Have either of the two accounts, Dubaiguy1 (talk · contribs), Chiaki0808 (talk · contribs), done anything disruptive in nature on this project or elsewhere? As there is some cross-wiki evidence (possibly) going on here as well, I will post a note about it, to the checkuser-mailing-list. -- Cirt (talk) 01:48, 25 June 2010 (UTC)[reply]

Comment: Saqib (talk · contribs) = this (indef-blocked) account is stale. However, [14], [15], and [16] would seem to tie the account to Saki (talk · contribs). On that basis, the proper procedure would be to block the socks, and instruct the user to request unblock, at the main, master sock account's user talk page, which is for Saqib (talk · contribs). -- Cirt (talk) 02:27, 25 June 2010 (UTC)[reply]

Cmt: I agree, he should do the unblock request, and I don't think it should be denied if he promises to not create accounts if he doesn't needs them. --Diego Grez ^{return fire} 02:29, 25 June 2010 (UTC)[reply]

• As stated on Wikipedia, Xe claims to be in Japan. Yet, the link to audio providing proof that Xe actually carried out the interview was posted from Pakistan. Thus, I am asking for geolocate/range checks to establish what sleepers may have been created. It is unlikely the feltching around on enWP to obfuscate his tracks is still in CU logs. Xe has done edits there that might conclusively establish this as fact and confirm what I have observed in IRC now, and previously. IIRC uploads to Commons are in-use on this article, again, claiming this was carried out in .JP. The photographs provided for the interviewee, if indeed Xe, appear to significantly predate the PR shot on the appropriate CC website. The interviewee also has, or had, a "not notable" page created on enWP and being looked to for deletion. QUACK QUACK. --Brian McNeil / ^talk 05:21, 25 June 2010 (UTC)[reply]

• Addendum': Requesting prompt reinstatement of disputed block of Xe to allow time for more thorough CU checking. Have asked WMF staff member to contact CC and verify if subject was ever, indeed, interviewed. --Brian McNeil / ^talk 05:31, 25 June 2010 (UTC)[reply]

•   Done Checkuser says he made about 30 edits between mid May and June 2 from Japanese ip addresses, during this time there were no edits from Pakistan. Edits from Pakistan start a few days later after a few edits in another country. Saki shares a ip addresses with Emnmmalik, Shehzeb Aslam, Teerus, Qasimkaka, Nomanahmed1111. As Cirt mentioned, there is no sign of a link between Dubaiguy1, Chiaki0808 and Saki. --Cspurrier (talk) 02:36, 26 June 2010 (UTC) A few more: Socialilonio, Qasim Sidd 1987, Kamranidris and Farrukh babar also share the ip range with Saki.[reply]
• My guess based upon this would be that he using socks on another project, and these are all auto created ones when he visits Wikinews right after socking there. None of these socks have any edits and I see no evidence that he has abused socks on Wikinews (though he clearly has a number of them available).--Cspurrier (talk) 02:50, 26 June 2010 (UTC)[reply]

domain lookup of FREECULTUREMOVEMENT.ORG

Domain ID:D157586762-LROR
Domain Name:FREECULTUREMOVEMENT.ORG
Created On:13-Nov-2009 12:11:23 UTC
Last Updated On:03-Mar-2010 06:44:16 UTC
Expiration Date:13-Nov-2010 12:11:23 UTC
Sponsoring Registrar:MyDomain, Inc. (R92-LROR)
Status:OK
Registrant ID:DOT-I0GIPD8L58SC
Registrant Name:M.Zohaib Khan
Registrant Organization:A2Z Creatorz
Registrant Street1:C-1 Mezzannine Floor, Sunset Lane # 3,
Registrant Street2:Phase-II Ext. DHA
Registrant Street3:
Registrant City:Karachi
Registrant State/Province:Sindh
Registrant Postal Code:75500
Registrant Country:PK
Registrant Phone:+92.92215385205
Registrant Phone Ext.:
Registrant FAX:+92.92215385618
Registrant FAX Ext.:
Registrant Email:support@a2zcreatorz.com
Admin ID:DOT-QF5JLESTK35N
Admin Name:M.Zohaib Khan
Admin Organization:A2Z Creatorz
Admin Street1:C-1 Mezzannine Floor, Sunset Lane # 3,
Admin Street2:Phase-II Ext. DHA
Admin Street3:
Admin City:Karachi
Admin State/Province:Sindh
Admin Postal Code:75500
Admin Country:PK
Admin Phone:+92.92215385205
Admin Phone Ext.:
Admin FAX:+92.92215385618
Admin FAX Ext.:
Admin Email:support@a2zcreatorz.com
Tech ID:DOT-HTG41EARTPUU
Tech Name:M.Zohaib Khan
Tech Organization:A2Z Creatorz
Tech Street1:C-1 Mezzannine Floor, Sunset Lane # 3,
Tech Street2:Phase-II Ext. DHA
Tech Street3:
Tech City:Karachi
Tech State/Province:Sindh
Tech Postal Code:75500
Tech Country:PK
Tech Phone:+92.92215385205
Tech Phone Ext.:
Tech FAX:+92.92215385618
Tech FAX Ext.:
Tech Email:support@a2zcreatorz.com
Name Server:NS.A2ZCREATORZ.COM
Name Server:NS2.A2ZCREATORZ.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

—Mikemoral♪♫ 19:17, 25 June 2010 (UTC)[reply]

• The above domain details were posted by Mikemoral on my request. The domain appears to not have any main, sensible, page. One further question, were any of the JP IP addresses Xi edited from checked with Zenmap, or lookups, to see if they are open proxies? --Brian McNeil / ^talk 06:52, 26 June 2010 (UTC)[reply]

• Can someone confirm if any socks are proven to be present? I'm looking at Dubaiguy in particular; was xe ever confirmed? Blood Red Sandman ^{(Talk) (Contribs)} 09:59, 26 June 2010 (UTC)[reply]

I have emailed Creative Commons via their web form,...

To Whom It May Concern,

I am trying to establish the authenticity of an interview with a Japanese CC-associate.

The article in-question appears on the English-language Wikinews[1], and was submitted to
the project by a sockpuppet of a user previously permanently banned for a variety of threats,
claiming he would continue to vandalise the project, and repeatedly lying about his location
when putting copyright violations on a WMF project.

The user also appears to own, a domain in Pakistan, freeculturemovement.org. I appreciate CC
generally reliese [sic] on volunteer efforts, much like Wikinews does, but were you aware of this
domain, or do you in any way endorse it?

Regards,


Brian McNeil.

[1] https://secure.wikimedia.org/wikinews/en/wiki/Wikinews_interviews_Chiaki_Hayashi,_Asian_Projects_Coordinator_at_Creative_Commons

We shall see what comes of that. --Brian McNeil / ^talk 07:06, 26 June 2010 (UTC)[reply]

Justification for seemingly blanket sock-ckeck requests:

• Saqib, Dubaiguy1. --Brian McNeil / ^talk 07:25, 26 June 2010 (UTC)[reply]

• I would like to add that, given this user's past transgressions, and claims to black-hat skills, all IP addresses matching in CU results should be actively scanned with w:nmap – not just checked in proxy lists. I would like to be wrong about Xe, but verification is vital. I assume the issue has been raised on the CU mailing list; it goes cross-wiki because, there are edits and image uploads elsewhere. I would strongly dispute that Xe has vanished for some two-odd years and just recently returned. But, I am not about to sit and sift through hundreds of blocks I have imposed in that timeframe to establish which were most likely socks of Saqib. The above-listed user who is supposedly the interview subject is probably the most important one. I would expect put in touch with Xyr via CC. From there, assuming the interview took place, I can establish a variety of details around this. --Brian McNeil / ^talk 08:34, 27 June 2010 (UTC)[reply]

• UPDATE! [17]. Cross-wiki evidence of socking, and problematic, likely unresolvable, POV issues. --Brian McNeil / ^talk 12:24, 27 June 2010 (UTC)[reply]
• RANGE-CHECK REQUEST: Per ongoing socking investigation/issues, please check the range for Shehzeb Aslam (talk · contribs). I believe a /16, alert me privately if not as-previously checked. ;-) --Brian McNeil / ^talk 16:45, 27 June 2010 (UTC)[reply]

There is a whole bunch of auto created user accounts on the range he used (30+). None of them have been used on Wikinews. User agents do not match and without any edit history it is not possible to say for sure, but there does appear to be quite a few more socks. --Cspurrier (talk) 18:05, 27 June 2010 (UTC)[reply]

• Thanks. I'll shake some out. --Brian McNeil / ^talk 22:22, 27 June 2010 (UTC)[reply]

• NET-OPS Report: enWP - familiar to Cirt - Shakes out suspects: Dubaiguy1 (talk · contribs), Legalsupport (talk · contribs), Tatom2k (talk · contribs), Proxies/IPs/Range(s): [173.21.118.162 Proxy?] --Brian McNeil / ^talk 23:56, 28 June 2010 (UTC)[reply]

•   Recheck request. I would like to see the range re-checked and socks blocked per evolving consensus on WN:AAA. I assume this has been raised on CU-l and other projects are being checked. The Saki account here was created, then renamed to permit unification.

I will continue clarifying what went on with Creative Commons. -- Brian McNeil (alt. account) /^{alt-talk • main talk} 15:05, 29 June 2010 (UTC)[reply]

• Following recent developments on WN:AAA, and in emerging correspondence related to this, have used ranges been re-checked recently? -- Brian McNeil (alt. account) /^{alt-talk • main talk} 22:36, 2 July 2010 (UTC)[reply]

Updates

• Confirm and blocks at English Wikipedia on several related sock accounts. More info is pending. Cheers, -- Cirt (talk) 05:52, 3 August 2010 (UTC)[reply]

Further

• 12.188.106.162 should be permanently blocked; open proxy, or abused webhost per scan. -- Brian McNeil (alt. account) /^{alt-talk • main talk} 19:49, 3 August 2010 (UTC)[reply]

  Done. -- Cirt (talk) 20:06, 3 August 2010 (UTC)[reply]

Question

Just how many of the above, and the below, originate inside the Federally Administered Tribal Areas of Pakistan? Do we sill have an active checkuser who knows how to use, and read results from, the appropriate tools? One prepared to actively scan in-question IPs, and to widen CU ranges out to the matching IP ranges? -- Brian McNeil (alt. account) /^{alt-talk • main talk} 19:49, 3 August 2010 (UTC)[reply]

• Clearly created as a sock, but perhaps not knowingly declared. Have asked Xe on both talk pages why. Time of edits matches with noticeable increase of PK-related edits/uernames that may relate to the still-posted Saki/Saqib investigation. (I also note my final request for a re-check on that one to get the additional socks has not been carried out.) -- Brian McNeil (alt. account) /^{alt-talk • main talk} 05:25, 29 July 2010 (UTC)[reply]

• I blocked Bhaskar Virusxxx (indefinite) as an inappropriate username.
• I suggest that Bhaskar Debbarma (talk · contribs · page moves · block user · block log) be monitored for inappropriate edits.

--InfantGorilla (talk) 11:15, 29 July 2010 (UTC)[reply]

Likely related accounts from technical CU check info

1. Bhaskar Debbarma (talk · contribs)
2. Dhingu (talk · contribs)
3. Gagansethi (talk · contribs)
4. Shameem (talk · contribs)
5. Sathya731 (talk · contribs)
6. Ahmed Kamal823 (talk · contribs)
7. Superanish (talk · contribs)

-- Cirt (talk) 19:37, 3 August 2010 (UTC)[reply]

• Am I allowed to say, I told you so? From an in-depth investigation perspective, I'd be checking the IPs of any really new co-contributors to articles around these users. I'll bet many will turn up as webhosts that may have been compromised, or other open-proxy type accounts. -- Brian McNeil (alt. account) /^{alt-talk • main talk} 19:53, 3 August 2010 (UTC)[reply]

Some of these are little-used SUL accounts (sleepers?) that have been dormant for several years. --InfantGorilla (talk) 20:07, 3 August 2010 (UTC)[reply]

Actually, no, most were created as accounts, locally on this site, within the last couple months. -- Cirt (talk) 20:11, 3 August 2010 (UTC)[reply]

But as far as we know, there's no sock abuse, right? None of the users listed above have any contributions. Benny the mascot (talk) 20:14, 3 August 2010 (UTC)[reply]

One of them has a user page, but its other edits are pretty insubstantial: http://en.wikiversity.org/wiki/User:Shameem --InfantGorilla (talk) 20:22, 3 August 2010 (UTC)[reply]

• It would be nice to have previously made comments accusing me of paranoia withdrawn; and, such, in some way, noted. Those who have been on-project for considerably less time should take careful note of the above; you have not seen this level of CU-related information before. This is, generally, done as quietly, and nonpublicly, as possible. I am very unhappy to be proven right in this way. That because it means that repeated admonishment of myself, and numerous of the disputes around these issues, are through applying AGI to the wrong people. Do I need to go through the last 5k edits to the wiki, pick out the suspects, and be proven right again? I can, from casual observation, say there are probably numerous contributors in the last 2-3 days who will turn out to be part of the same, probably shared, sock army.

This is a serious problem. Would people, as a matter of urgency, start treating it as such? -- Brian McNeil (alt. account) /^{alt-talk • main talk} 21:39, 3 August 2010 (UTC)[reply]

• Bump. This is important, and needs dealt with; Benny, the creation of socks by a user with a long history of abusing them is serious. This is not Wikipedia you're arguing someone should be allowed a range of accounts, thus, ultimately, the ability to self-publish without the community realising it. -- Brian McNeil (alt. account) /^{alt-talk • main talk} 05:22, 5 August 2010 (UTC)[reply]

• This request is getting far too convoluted and I am simply unable to understand the discussion thread. Brian - what I suggest happens is that you refactor your suspicions into a regular request so that I can run it. --Skenmy ^talk 16:09, 10 August 2010 (UTC)[reply]

• I have blocked all the buggers identified. Can we find out the underlying IPs, please? Blood Red Sandman ^{(Talk) (Contribs)} 16:48, 19 August 2010 (UTC)[reply]

218.186.8.235 has just been blocked for using xyr time to request a hard anal fuck. What is concerning is that, as well as the two vandal edits, I see this. It looks legit; worse, it looks like that user failed to log in and used their IP. Is this a case of someone logging out to be a vandal? Blood Red Sandman ^{(Talk) (Contribs)} 17:48, 9 August 2010 (UTC)[reply]

  Unrelated --Skenmy ^talk 17:55, 9 August 2010 (UTC)[reply]

That's what I like to hear. Blood Red Sandman ^{(Talk) (Contribs)} 18:00, 9 August 2010 (UTC)[reply]

This sock-builder identified above (who may or may not be a one-and-the same with a certain other socker) could do with being looked at again. I've blocked all the accounts; per my block-change summary on the first, I have given xyr a name so we can identify them.

1. Bhaskar Virusxxx (talk · contribs)
2. Bhaskar Debbarma (talk · contribs)
3. Dhingu (talk · contribs)
4. Gagansethi (talk · contribs)
5. Shameem (talk · contribs)
6. Sathya731 (talk · contribs)
7. Ahmed Kamal823 (talk · contribs)
8. Superanish (talk · contribs)

Also, is this user - created a day after the other bhaskars - related? Bhaskar6557 (talk · contribs)

And is this Saki (talk · contribs) (Saqib) or is Cyrus a different threat?

I want to know what other socks have been created in the long interim between their identification and my blocking, and I want to know the underlying IP(s). And I want a pony. Blood Red Sandman ^{(Talk) (Contribs)} 18:36, 19 August 2010 (UTC)[reply]

•   Comment For the benefit of Skenmy, who doesn't seem to be keeping up here,...

Saquib (talk · contribs), AKA Saki (talk · contribs), AKA (most-likely) all of the above, and dozens of others I've blocked since the initial permaban, are at-question here.

Do any, or all, of the clearly identified socks have overlapping IP allocations? Have cross-allocation checks been performed? Have repeatedly used IPs been checked for 'unusual' services via an active scan? Have any IPs been identified as in ranges used for shared, or standalone, hosting (thus might be in-use as semi-private proxies)? I got no notice of a request to refactor this ten days ago. Why should I? Doing so is more work than actually running the checks. Now, will what seems to be a persistent socking and trolling problem be looked at?

If you've CU on this project, and you will not look at this thoroughly, then give me permission to escalate it to a Steward. Or, escalate it to the CU mailing list yourself. CheckUser is not supposed to be purely reactive; the privilege, initially, automatically went to 'crats because they're charged with projecting the long-term interests of the project. So, be proactive. Please? --Brian McNeil / ^talk 00:26, 20 August 2010 (UTC)[reply]

•   Done Bhaskar Virusxxx, Bhaskar Debbarma, Dhingu, Gagansethi, Shameem, Sathya731, Ahmed Kamal823 all share an ip and appear to be the same user. There is no data available for Superanish. IP range and country do not overlap with any previously checked user. IP belongs to be a huge mobile provider and appears to be assigned for a short period of time. There are a number of possibly legit users (no edits, but otherwise poor matches) on the ip range, so a range block would be inappropriate. No open proxies or other oddities. Bhaskar6557 is in the same country as the others, but on a different mobile provider. --Cspurrier (talk) 03:16, 20 August 2010 (UTC)[reply]

• Frustrating. Thanks Craig. Blood Red Sandman ^{(Talk) (Contribs)} 12:35, 24 August 2010 (UTC)[reply]

Greg L (talk · contribs)

Examining this user's global contributions suggested a close-parallel with other recent contributors to en.WN, but near-zero non-Wikipedia contributions. The user's contributions on en.WP in the past 500 edits appear most involved with votes and policy wonking (engaging in dispute discussions on talk pages), notably recent Manual of Style. No contributions in the past 5 days, yet suddenly involved in another project's style guide discussions. Chooses not to disclose where xe was linked to the discussion, which would confirm meat puppetry rather than sock puppetry. - Amgine | ^t 16:20, 25 September 2010 (UTC)[reply]

  Done No matches. --Cspurrier (talk) 17:34, 25 September 2010 (UTC)[reply]

Mike3620 (talk · contribs), a new Wikinewsie, has been disruptively trying to circumvent the review process, and repeatedly recreating a comments page despite requests not to do so and an explanation why not. Suddenly, up pops PacketFactory (talk · contribs) and makes pretty much the same edits on the same propaganda piece. Can we have confirmation these are one and the same? Blood Red Sandman ^{(Talk) (Contribs)} 16:07, 4 October 2010 (UTC)[reply]

There was sufficient information in the contributions to justify an indef block of PacketFactory. A CU may still be warranted. --InfantGorilla (talk) 16:17, 4 October 2010 (UTC)[reply]

  Confirmed. Mike3620 (talk · contribs) = PacketFactory (talk · contribs). Cheers, -- Cirt (talk) 16:28, 4 October 2010 (UTC)[reply]

User blocked by Blood Red Sandman (talk · contribs) for repeat recreation of seriously non-NPOV, editorial-style, puff piece.

In response to block, blanked explanation of such from talk, deceptively using "no longer open proxy" claim.

By email, gave seriously contradictory reason for project interest to that blanked from (but in history) of user's page.

Chameleon-like nature inspires no confidence; strongly suspect CU may reveal edits from open proxies in multiple countries - possibly even other accounts not as-yet made use of in any sort of disruptive manner. --Brian McNeil / ^talk 00:03, 5 November 2010 (UTC)[reply]

•   Comment - A few different IPs, but only one account showing up. Any other info or accounts to check against? -- Cirt (talk) 04:24, 5 November 2010 (UTC)[reply]

• Interesting. The 'iffy English' notice I blanked from xyr userpage claimed a location in Oslo, Norway. The quite fluent email appeal claimed peer2peer affiliation.

First thought is: Is the earliest IP (via nmap scan) an open proxy, and thus subjectible to a permanent block? Next, do all the used IPs come from the same ISP and country? Likely an overreaction, but there's a minor hint at an alternative trolling/disruption option to Tor being quietly played with. If so, someone should alert Tim and other devs. In any case, if the IPs are geographically disparate, I'd hit them all with nmap. --Brian McNeil / ^talk 10:43, 5 November 2010 (UTC)[reply]

Nothing appears out of the ordinary, all the IPs are coming from an educational facility. -- Cirt (talk) 20:35, 5 November 2010 (UTC)[reply]

• Then, I guess, we write it off as someone getting some extra-curricular education the hard way. ;-) --Brian McNeil / ^talk 21:05, 5 November 2010 (UTC)[reply]

Indeed. ;) -- Cirt (talk) 21:14, 5 November 2010 (UTC)[reply]

Two blocked as unnacceptable usernames, third with copyvio/plagiarism 'issues'. All, apparently, from India. Just seems so weird to see three new contributors from same geolocation in such close succession. --Brian McNeil / ^talk 19:48, 8 November 2010 (UTC)[reply]

• If so, then I suspect this is also one and the same with a username vandal who I recall registering numerous accounts under the names of press agencies. On that basis, I'd like the AIP one checked for open proxy (the ability to apparently bypass IP blcoks suggests proxy use) and if connected, I'd like them all checked thus, please. Blood Red Sandman ^{(Talk) (Contribs)} 19:54, 8 November 2010 (UTC)[reply]
  •   Comment - Same locale, but they seem to be different based on technical evidence, including different useragents. Behavioral evidence may prove otherwise. As far as the "weirdness" of it - U.S. President Barack Obama is currently in India on a big business development trip - which may be the cause of this increased interest in the subject at Wikinews - whether from socks or just innocuous new users. -- Cirt (talk) 20:09, 8 November 2010 (UTC)[reply]

This may seem like an odd request, but let me explain:

• I'd like the full browser string for this edit. This is to establish some tech information about my phone, and its browser - which periodically crashes on the secure connection.
• I would also like full details on the next edit to this page - it, for security reasons, will not be logged in. However, I'm trying to establish the trustworthiness of a device. I want to establish what browser is in use, what network, &c. I'll indicate it's from me. There may be a followup on that, using the same device from a local WiFi point. --Brian McNeil / ^talk 11:41, 20 November 2010 (UTC)[reply]

• That followup edit is taking longer than expected,... I'll sign it as me, and mention the device name - it may have a badly seated SIM. --Brian McNeil / ^talk 12:01, 20 November 2010 (UTC)[reply]

Here is the followup. This is an "ubisurfer", running a possible-GPL-vio Arm Linux kernel. There is an embedded SIM, and it comes up with "server-2104" when it connects, then says it is in London via Google Maps. I'm looking for the full lowdown on this, and their "patented compression technology" --69.70.107.202 (talk) 12:19, 20 November 2010 (UTC)[reply]

• This is another followup from the device. Should come up as IceWeasel for the browser, but I want to make sure it's just using the access point, and not a proxy, before I log in. Will add a countersign below this in a moment. --80.176.214.2 (talk) 17:54, 20 November 2010 (UTC)[reply]

• Just to confirm, both above edits by me. It's checking browser strings I'm most interested in. --Brian McNeil / ^talk 18:00, 20 November 2010 (UTC)[reply]

•   Comment - Please email privately. Generally "self-requests" for CU are not carried out. -- Cirt (talk) 17:30, 12 December 2010 (UTC)[reply]

• Irate (talk · contribs)'s recent living-up to xyr username made me dig further. w:Category:Wikipedia sockpuppets of Irate, w:User:Irate and w:Category:Suspected Wikipedia sockpuppets of Irate provide plenty of cause for alarm. Blood Red Sandman ^{(Talk) (Contribs)} 16:07, 21 November 2010 (UTC)[reply]

• Funny. I recognise that username as a known 'excrement agitator'. So, I rate this request as more important than mine (particularly considering the ubisurfer no longer gets past bootscreen). --Brian McNeil / ^talk 20:37, 21 November 2010 (UTC)[reply]

•   Confirmed, and 2 IPs blocked. Thank you, -- Cirt (talk) 17:34, 12 December 2010 (UTC)[reply]

Sorry for not listing user by user - on the mobile.

Please CU all users attempting to 'contribute' to this, plus appropriate /24, /18, or /16 ranges for additional sleepers.

And, if possible, check the top-1 version, which links to enWP noticeboard, for sockmaster.

I suspect there's also a requirement to check a lot of these for open proxies too. --Brian McNeil / ^talk 15:08, 11 December 2010 (UTC)[reply]

• Yeah, whatever... Does it really matter where a request is?

Moving one to the 'policy approved' position instead of just doing it is a severe case of rearranging deckchairs.

I seriously doubt I'd get the priv back, but this is clear evidence why someone technically competent, and active, should have it. --Brian McNeil / ^talk 23:34, 11 December 2010 (UTC)[reply]

1. Truthnews9986 (talk · contribs)
2. Brixton (talk · contribs)
3. Pentenville (talk · contribs)
4. Standford (talk · contribs)
5. Emley (talk · contribs)
6. Dizzydoozy (talk · contribs)

The above are all   Confirmed. -- Cirt (talk) 17:40, 12 December 2010 (UTC)[reply]

• Are any open proxies involved? Or, would a week or two's rangeblock be a suitable deterrent? --Brian McNeil / ^talk 19:31, 12 December 2010 (UTC)[reply]

I blocked some underlying IPs. If it re-occurs again another time additionally after this once more repeated, then please re-notify here and a rangeblock may yet indeed be considered in the future. -- Cirt (talk) 19:59, 12 December 2010 (UTC)[reply]

• There have been an unusually large number of new users created in the last 24-48 hours. Please re-check appropriate ranges for matches. --Brian McNeil / ^talk 00:20, 14 December 2010 (UTC)[reply]
  • Nothing new turned up. -- Cirt (talk) 17:55, 15 December 2010 (UTC)[reply]

• Let's take out this vandal's underlying IP for a little while, it's clear autoblock wasn't sufficient deterrent. AmyRosePwnsU (talk • contribs • deleted contribs • logs • block user • block log • checkuser) and AmyRose00000 (talk • contribs • deleted contribs • logs • block user • block log • checkuser). Blood Red Sandman ^{(Talk) (Contribs)} 16:31, 18 December 2010 (UTC)[reply]

Check only turned up those two above accounts on the one IP. -- Cirt (talk) 08:12, 19 December 2010 (UTC)[reply]

Mattisse (talk • contribs • deleted contribs • logs • block user • block log • checkuser)

• Per discussion on xyr talk. --Brian McNeil / ^talk 00:00, 19 April 2011 (UTC)[reply]
  • Fixed the header. アンパロ ^{Io ti odio!} 00:01, 19 April 2011 (UTC)[reply]

Could we get a checkuser in here to either accept, or reject and close this request please? This dramafest doesn't need to go on any longer. the wub "?!" 12:36, 20 April 2011 (UTC)[reply]

Mailshot sent to the four CheckUsers. — μchip08 12:40, 20 April 2011 (UTC)[reply]

Good. This massive discussion directly violates the most heavily emphasized part of the procedure stated at the top of this page. --Pi zero (talk) 13:06, 20 April 2011 (UTC)[reply]

Noted. I will review and decide shortly --Skenmy ^talk 18:05, 20 April 2011 (UTC)[reply]

  Not done - CUs need sufficient evidence of socking in order to occur. There seems to be absolutely no evidence here - if I am mistaken then please let me know! --Skenmy ^talk 18:13, 20 April 2011 (UTC)[reply]

• Thanks. This needed closed because of fundamental failure to read comments carefully and massive overreactions as a consequence of that. --Brian McNeil / ^talk 18:24, 20 April 2011 (UTC)[reply]
•   Comment I have reviewed this and second Skenmy close it down motion Policy is Policy. Brian New Zealand (Talk) | ^{New Zealand Portal} 23:27, 20 April 2011 (UTC).[reply]
•   Comment This is a misuse of checkuser policy by an editor User:Brian McNeil who says he is a "bureaucrat" and so presumably knows better. This was a revenge filing to sabotage another user. It this behavior on the part of a bureaucrat to be overlooked? Mattisse (talk) 01:33, 21 April 2011 (UTC)[reply]

How can brianmc abuse the check user policy if he does not have check user rights? If I recall you asked for him to file the request. If you didn't want him to file said request, you probably should have responded with a polite "no thank you" not with a "I appeal to you to do a checkuser". Bawolff ☺☻ 01:43, 21 April 2011 (UTC)[reply]

(edit conflict) Reply. He threatened me and I felt bullied and agreed that he could request a check user out of fear, thinking that wikinews must allow such filings since he said as a "bureaucrat" he was required to file a check user on the basis of "off wiki info" that someone had given him that I had been unpleasant to this person on wikipedia.[18] I was totally intimidated and reacted out of fear, without thinking. He had already made it clear that he thought I was "stupid" and singled me out for derogatory remarks. I expected that if he he filled the check uses , he would have to present evidence and I would find out who these users are on wikineews who feel I am socking and who say I treated them badly on wikipedia. I would find out who was against me, as clearly there are some who are. I knew there was no evidence of socking, so I did not think he could file a check user. Nevertheless, a "bureaucrat" User:Brian McNeil filed a check user against policy (he had absolutely no evidence); the check user was allowed to play out, even though User:Brian McNeil have violated policy. I am asking is this ok by wikinews standards? Or will he be called to account for blatant violation of policy? I understand he is a "bureaucrat" and all. Does this mean he can intimidate new users in the manner he has done here? Mattisse (talk) 02:18, 21 April 2011 (UTC)[reply]

This is not the place for this discussion. As explained above, discussion about the merits of a CheckUser should be taken elsewhere. Please do not continue to edit this page unless it is something directly related to the checkuser's job (i.e. a new request). Other comments are not appropriate for this venue. — μchip08 01:51, 21 April 2011 (UTC)[reply]

Where is "elsewhere"? Where it the appropriate forum? I have searched and I have not found one. Mattisse (talk) 02:20, 21 April 2011 (UTC)[reply]

Wikinews:Dispute resolution — μchip08 02:38, 21 April 2011 (UTC)[reply]

•   Comment I have also reviewed this and agree with Skenmy. Additionally, I believe that Brian did not violate checkuser policy in asking for a check user (nor could he really since he is not a CU). While it is a request that we are not going to fill, he was acting reasonably and in good faith asking for it. Socking elsewhere and a self request is perfectly reasonable grounds for asking for a CU. If there was even some weak evidence that socks were abused here, I would have no issue with running the CU. As a general reminder though, socks are not prohibited under Wikinews policy, abusing them is. --Cspurrier (talk) 17:29, 21 April 2011 (UTC)[reply]
  •   Comment - I agree with this analysis by Cspurrier (talk · contribs). -- Cirt (talk) 20:19, 2 May 2011 (UTC)[reply]
    •   Comment - I did not make a self request for check user. Please correct this statement. A check user was requested on me by User:Brian McNeil, not by me. Mattisse (talk) 20:13, 4 May 2011 (UTC)[reply]

• Per the policy note at the top of this page refrain from turning this into a theatre of war. I have, via this diff, provided all required justification for my actions. Checkusers, please clear this idiocy from this page to avoid this fora being abused further. --Brian McNeil / ^talk 21:23, 4 May 2011 (UTC)[reply]

Series of accounts used to disrupt the project. I believe they merit a CU ans rangeblock, should the CU show a rangeblock would appropriately deter. --Brian McNeil / ^talk 06:29, 4 March 2011 (UTC)[reply]

Could we "just" add kittiesonfire<integer>* to the blacklist temporarily? — μ 09:40, 4 March 2011 (UTC)[reply]

• I'm not totally up on all the blacklisting tech currently in MW. Does it include usernames? If so, that'd be a start, but the offending users should still be CU'd and a week or two of a selective range block applied. --Brian McNeil / ^talk 12:02, 4 March 2011 (UTC)[reply]

• Comment: it was/is a real pain in the ass to deal with this person. It took me a while to get his crap under control last night. DragonFire1024 (Talk to the Dragon) 12:51, 4 March 2011 (UTC)[reply]

• I remember I had to deal with this person last Tuesday, it took me like ten minutes to remove all of their crap. Last night I asked BarkingFish on IRC if he knew somebody who could setup an AbuseFilter thingy to prevent more Kittiesonfire accounts to be created, and it seems he found a solution. :D --Diego Grez ^{return fire} 15:10, 4 March 2011 (UTC)[reply]

Barking Fish appears to have added title blacklisted; not sure if that's the right place (don't we want the username blacklist instead?) not a technical person. — μ 14:21, 4 March 2011 (UTC)[reply]

Titleblacklist prevents usernames as well as pages; for MW it's pretty much the same... - Amgine | ^t 19:04, 5 March 2011 (UTC)[reply]

Indeed I did add them to the title blacklist, and as I was advised by Betacommand (IRC User Delta), the addition to the title blacklist prevents pages with a title containing the specified REGEX from appearing. I would have set up the abuse filter, but Delta assured me this was a faster way than messing with the abuse filter's syntax. BarkingFish (talk) 19:41, 5 March 2011 (UTC)[reply]

•   Comment - There was only one IP address, which was already blocked globally by a Steward. However, there is also:
•   Confirmed:

1. Kittiesonfire8 (talk · contribs)
2. Kittiesonfire9 (talk · contribs)
3. DiarrheaMilkshake (talk · contribs)
4. Kittiesonfire6 (talk · contribs)
5. Kittiesonfire7 (talk · contribs)
6. Kittiesonfire16 (talk · contribs)
7. Kittiesonfire17 (talk · contribs)
8. Kittiesonfire18 (talk · contribs)
9. PeeOnFavonian (talk · contribs)
10. Kittiesonfire21 (talk · contribs)
11. Kittiesonfire22 (talk · contribs)
12. Kittiesonfire20 (talk · contribs)
13. Kittiesonfire24 (talk · contribs)
14. Kittiesonfire25 (talk · contribs)
15. Kittiesonfire23 (talk · contribs)
16. Kittiesonfire19 (talk · contribs)
17. K!ttiesonf!re (talk · contribs)
18. My name is awesome (talk · contribs)
19. I set my dick on fire! (talk · contribs)
20. I set my friends on fire! (talk · contribs)

All above accounts are now blocked. Cheers, -- Cirt (talk) 16:49, 4 March 2011 (UTC)[reply]

This has proven ineffective. Please apply an appropriate rangeblock of, say, a week. I doubt there's much colateral damage likely. --Brian McNeil / ^talk 08:35, 11 March 2011 (UTC)[reply]

Looks like that was handled already, at WN:AAA. -- Cirt (talk) 22:24, 11 March 2011 (UTC)[reply]

Additional to this request

Could I please get confirmation or denial on 2 3 4 extra accounts which turned up today, User:K!ttiesonf!re, User:My name is awesome, User:I set my dick on fire! and User:I set my friends on fire!? Are they originating from the same IP as the original KittiesonfireXX series? BarkingFish (talk) 20:23, 28 March 2011 (UTC)[reply]

• All of those are also now   Confirmed. Underlying IPs blocked. There were some newer and different IPs used as well. One rangeblock carried out for now. Cheers, -- Cirt (talk) 22:50, 28 March 2011 (UTC)[reply]

• Grammy Gang (talk • contribs • deleted contribs • logs • block user • block log • checkuser)
• AgsjdvfjGF\fashdfvSH (talk • contribs • deleted contribs • logs • block user • block log • checkuser)
• HAND OF BLOODY PEE (talk • contribs • deleted contribs • logs • block user • block log • checkuser)
• Poopy pee! (talk • contribs • deleted contribs • logs • block user • block log • checkuser)
• Kitt!esonf!re RETURNS! (talk • contribs • deleted contribs • logs • block user • block log • checkuser)
• I'm NOT Kitt!esonf!re (talk • contribs • deleted contribs • logs • block user • block log • checkuser)

Accounts created together in a timely fashion. Some of them vandalised user namespace with consequent blocks by admins. I'm requesting a CU to confirm that all those accounts are indeed the same person. Thanks, Gryllida 01:25, 28 April 2011 (UTC)[reply]

•   Confirmed, again. IP blocked. -- Cirt (talk) 19:40, 30 April 2011 (UTC)[reply]

LarryTheDolphin (talk • contribs • deleted contribs • logs • block user • block log • checkuser)

I am filing a request for checkuser on the above account, they joined earlier to find a block in place, and made the following statement as a request for unblock on their talk page, which I have initially declined: "Uhm, why am I blocked? Is it because of that K!ttiesonf!reRELOADED asshole?"

I declined an unblock, until such time as a CU can confirm (or deny) that these are the same user. If they are, the account will remain indefinitely blocked. Could a CU please see their way to performing a check as soon as convenient for them? Thank you. BarkingFish (talk) 22:14, 24 April 2011 (UTC)[reply]

  Confirmed LarryTheDolphin is KITT!ES ON F!RE and most likely the whole mess of other blocked socks --Cspurrier (talk) 22:48, 1 May 2011 (UTC)[reply]

I concur. -- Cirt (talk) 20:18, 2 May 2011 (UTC)[reply]