Wikinews:Requests for CheckUser/Archive 3

Page move vandalism to crude sexual titles, consistent with past incidents of this. In the past I applied a long IP block for a similar case where the IP had a history of similar edits. I wish someone else with CU to say "go ahead", or carry out a check to establish if the IP or other users from the IP have been responsible for similar. --Brian McNeil / talk 21:24, 4 December 2007 (UTC)[reply]

Confirmed. Other users from his IP are involved in similar activities. Brian | (Talk) | New Zealand Portal 22:31, 4 December 2007 (UTC)[reply]
Matches about 10 other blocked accounts. It is a Verizon semi-dynamic ip though so indef blocks should be avoided, but a few months is fine. --Cspurrier 03:04, 6 December 2007 (UTC)[reply]
Craig, if I recall correctly this IP is a Verizon proxy. At least, that's what I understood looking from the IP's userpage on Wikipedia and copied over when there was the last incident. Is there enough to file a complaint with Verizon and allow them to warn the offending customer? I'm sure they'd sit up and take notice if they were told a portion of their userbase was blocked from Wiki. --Brian McNeil / talk 08:52, 6 December 2007 (UTC)[reply]

Per this diff and harassment on my talk I have strong reason to believe this user is a liar and closely associated with the Church of Scientology. The prior Arbitration case on Wikipedia that lists this user as a party implies they have edited from either ws.scientology.org or ns1.scientology.org. Should either prove to be the case I would strongly recommend that any contributions they make on this topic be viewed as having a conflict of interest and not being made with project goals in mind. The user's contributions reveal a single-mindedness about this issue that view criticism as something to be quashed and critics to be viewed as "suppressive persons". --Brian McNeil / talk 21:12, 2 January 2008 (UTC)[reply]

I am OK on the checkuser, go ahead, it is ridiculous and fanatic and solely based on prejudice and the fact that some editors here are quite narrow-minded on the issue of Scientology, i.e. anything smelling to be "positive" for Scientology has to be squashed, blunted or even deleted rapidly. I add to this request that Brianmc is asked to stop spreading slanderous information about me as well as to stop abusing his editing rights for propaganda and in violation of Wikinews policy (on archiving in these cases: [1], [2], [3], [4], [5], [6]). Misou 21:34, 2 January 2008 (UTC)[reply]
Reply to RFCU: I have conducted a checkuser as requested. The user has edited from domains controlled, apparently, by the Church of Scientology as well as what appear to be several open proxies. --Chiacomo (talk) 00:47, 3 January 2008 (UTC)[reply]
edit

Please check if these accounts originate with the same IP and evaluate if their actions warrant a block. The spam has, thankfully, been limited to the user-space. If this activity hasn't risen to the level required for this request, just decline. Thanks, --SVTCobra 00:28, 1 February 2008 (UTC)[reply]

This request is no longer pertinent. --SVTCobra 22:58, 20 May 2008 (UTC)[reply]

Originally requested at Wikinews:Admin action alerts#Recommend block of User:Florentino Floro by Cirt (talk · contribs). It might not be a bad idea to see if there was any other recent socking going on. Tempo di Valse ♪ 13:41, 13 March 2009 (UTC)[reply]

declined No credible evidence has been presented that Floro has 'socked' on Wikinews. Checkuser is a per-project privilege, we cannot check wikipedia contributions. --Brian McNeil / talk 17:52, 13 March 2009 (UTC)[reply]
The fact that he is actively socking as recently as one day ago at en.wikipedia is evidence that he is likely socking here as well. Cirt (talk) 20:43, 13 March 2009 (UTC)[reply]
I will not perform this check - period. Suspicions of sockpuppetry on Wikipedia are not sufficient grounds to do so. Had Wikipedia checkusers indicated to me that there was actual evidence of sockpuppetry I might have done so. They did not, despite me alerting them to the situation here on the private checkuser mailing list.
In any case, it would be pointless. Floro has freely admitted to working from cybercafe computers; this makes any attempt to detect such action pointless - and resultant blocks would be trivially bypassed.
If there is a desire to take this up with other people with the CU privilege, do so on their respective talk pages. I suspect they too will decline, and as the user has now been indef. blocked it really starts to look like petty vindictiveness. The block can be justified as protecting the project, following up with CheckUser when there is no evidence to justify it on this WMF project will not help. --Brian McNeil / talk 23:20, 13 March 2009 (UTC)[reply]
Okay. It was simply an acknowledgment that there has been recent active socking on another project where the user was indefinitely blocked (and was also block evasion) which occurred less than 48 hours ago. Cirt (talk) 04:23, 14 March 2009 (UTC)[reply]

See here for more info (see also Wikiquote Admin Noticeboard, and also here at Wikibooks), it is likely that a checkuser investigation will catch other sleeper/vandalism-only accounts. Cirt (talk) 08:25, 18 February 2009 (UTC)[reply]

Checkusered prior to this request. --Brian McNeil / talk 22:13, 19 February 2009 (UTC)[reply]

Saki

edit

Have any CUs been done on Saki (talk · contribs) or his sockpuppets? If so, for what reason (ie what reason shows up on the log)? What were the results? If possible, please comment here. Benny the mascot (talk) 05:31, 24 June 2010 (UTC)[reply]

  Done see here --Skenmy talk 07:04, 24 June 2010 (UTC)[reply]
  • Per my recollection of dealing with Saqib, all used IP addresses should be checked. Those with reverse lookups in Pakistan should have the range established, and range checks run. IIRC Xe previously got round a /16 block. I know on-wiki respose must be terse; if contributing his OR from elsewhere than WP userpage claims... --Brian McNeil / talk 07:20, 24 June 2010 (UTC)[reply]

Thanks, Skenmy. Has Saki engaged in any abusive sockpuppetry during the past month? Benny the mascot (talk) 00:47, 25 June 2010 (UTC)[reply]

  •   Comment As I am well-aware of the complications of 'genericised' responses to CU submissions, there is a key point that I wish established. One that I am no longer able to do without access to CU logs.That would be the establishing of a timestamped list indicating when I have carried out a CU on a range larger than /24, that was within Pakistan. The actual specific range need not be mentioned, but this will allow me to cross-check with the block log and prove that Saqib has been an ongoing problem, and block-evader, in the time since 2008. --Brian McNeil / talk 10:42, 27 June 2010 (UTC)[reply]

Sock-building of banned user Saqib (talk · contribs)

edit
Evidence:
Range check requested on: 115.167.0.0/16
Per [7] [8], [9], [10], [11], [12], [13], enough. Join the rest of the dots.
@whois 115.167.125.148
reverseDSN: 115-167-125-148.wi-tribe.net.pk. - range: 115.167.0.0 / 115.167.127.255 - city: Islamabad, Islamabad - country: PK [Pakistan] - known proxy: No - http://private.dnsstuff.com/tools/ipall.ch?domain=115.167.125.148
Prior experience with this user, WN:DUCK. --Brian McNeil / talk 01:01, 25 June 2010 (UTC)[reply]

See also, http://en.wikipedia.org/wiki/Wikipedia_talk:Meetup/Karachi_1/Archive_1 and http://en.wikipedia.org/wiki/File:Wikimeetup_Karachi_1_report.pdf . S Q (talk · contribs) and Saqib Qayyum (talk · contribs) are another account used by this user. --Diego Grez return fire 01:17, 25 June 2010 (UTC)[reply]

Did some checking, but not seeing too much in the way of technical correlation between Saki (talk · contribs) and: Dubaiguy1 (talk · contribs), Chiaki0808 (talk · contribs). Perhaps you could give some evidence/diffs, local to this project (Wikinews) ? Have either of the two accounts, Dubaiguy1 (talk · contribs), Chiaki0808 (talk · contribs), done anything disruptive in nature on this project or elsewhere? As there is some cross-wiki evidence (possibly) going on here as well, I will post a note about it, to the checkuser-mailing-list. -- Cirt (talk) 01:48, 25 June 2010 (UTC)[reply]
Comment: Saqib (talk · contribs) = this (indef-blocked) account is stale. However, [14], [15], and [16] would seem to tie the account to Saki (talk · contribs). On that basis, the proper procedure would be to block the socks, and instruct the user to request unblock, at the main, master sock account's user talk page, which is for Saqib (talk · contribs). -- Cirt (talk) 02:27, 25 June 2010 (UTC)[reply]
Cmt: I agree, he should do the unblock request, and I don't think it should be denied if he promises to not create accounts if he doesn't needs them. --Diego Grez return fire 02:29, 25 June 2010 (UTC)[reply]
  • As stated on Wikipedia, Xe claims to be in Japan. Yet, the link to audio providing proof that Xe actually carried out the interview was posted from Pakistan. Thus, I am asking for geolocate/range checks to establish what sleepers may have been created. It is unlikely the feltching around on enWP to obfuscate his tracks is still in CU logs. Xe has done edits there that might conclusively establish this as fact and confirm what I have observed in IRC now, and previously. IIRC uploads to Commons are in-use on this article, again, claiming this was carried out in .JP. The photographs provided for the interviewee, if indeed Xe, appear to significantly predate the PR shot on the appropriate CC website. The interviewee also has, or had, a "not notable" page created on enWP and being looked to for deletion. QUACK QUACK. --Brian McNeil / talk 05:21, 25 June 2010 (UTC)[reply]
  • Addendum': Requesting prompt reinstatement of disputed block of Xe to allow time for more thorough CU checking. Have asked WMF staff member to contact CC and verify if subject was ever, indeed, interviewed. --Brian McNeil / talk 05:31, 25 June 2010 (UTC)[reply]
  •   Done Checkuser says he made about 30 edits between mid May and June 2 from Japanese ip addresses, during this time there were no edits from Pakistan. Edits from Pakistan start a few days later after a few edits in another country. Saki shares a ip addresses with Emnmmalik, Shehzeb Aslam, Teerus, Qasimkaka, Nomanahmed1111. As Cirt mentioned, there is no sign of a link between Dubaiguy1, Chiaki0808 and Saki. --Cspurrier (talk) 02:36, 26 June 2010 (UTC) A few more: Socialilonio, Qasim Sidd 1987, Kamranidris and Farrukh babar also share the ip range with Saki.[reply]
  • My guess based upon this would be that he using socks on another project, and these are all auto created ones when he visits Wikinews right after socking there. None of these socks have any edits and I see no evidence that he has abused socks on Wikinews (though he clearly has a number of them available).--Cspurrier (talk) 02:50, 26 June 2010 (UTC)[reply]

domain lookup of FREECULTUREMOVEMENT.ORG

Domain ID:D157586762-LROR
Domain Name:FREECULTUREMOVEMENT.ORG
Created On:13-Nov-2009 12:11:23 UTC
Last Updated On:03-Mar-2010 06:44:16 UTC
Expiration Date:13-Nov-2010 12:11:23 UTC
Sponsoring Registrar:MyDomain, Inc. (R92-LROR)
Status:OK
Registrant ID:DOT-I0GIPD8L58SC
Registrant Name:M.Zohaib Khan
Registrant Organization:A2Z Creatorz
Registrant Street1:C-1 Mezzannine Floor, Sunset Lane # 3,
Registrant Street2:Phase-II Ext. DHA
Registrant Street3:
Registrant City:Karachi
Registrant State/Province:Sindh
Registrant Postal Code:75500
Registrant Country:PK
Registrant Phone:+92.92215385205
Registrant Phone Ext.:
Registrant FAX:+92.92215385618
Registrant FAX Ext.:
Registrant Email:support@a2zcreatorz.com
Admin ID:DOT-QF5JLESTK35N
Admin Name:M.Zohaib Khan
Admin Organization:A2Z Creatorz
Admin Street1:C-1 Mezzannine Floor, Sunset Lane # 3,
Admin Street2:Phase-II Ext. DHA
Admin Street3:
Admin City:Karachi
Admin State/Province:Sindh
Admin Postal Code:75500
Admin Country:PK
Admin Phone:+92.92215385205
Admin Phone Ext.:
Admin FAX:+92.92215385618
Admin FAX Ext.:
Admin Email:support@a2zcreatorz.com
Tech ID:DOT-HTG41EARTPUU
Tech Name:M.Zohaib Khan
Tech Organization:A2Z Creatorz
Tech Street1:C-1 Mezzannine Floor, Sunset Lane # 3,
Tech Street2:Phase-II Ext. DHA
Tech Street3:
Tech City:Karachi
Tech State/Province:Sindh
Tech Postal Code:75500
Tech Country:PK
Tech Phone:+92.92215385205
Tech Phone Ext.:
Tech FAX:+92.92215385618
Tech FAX Ext.:
Tech Email:support@a2zcreatorz.com
Name Server:NS.A2ZCREATORZ.COM
Name Server:NS2.A2ZCREATORZ.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Mikemoral♪♫ 19:17, 25 June 2010 (UTC)[reply]

  • The above domain details were posted by Mikemoral on my request. The domain appears to not have any main, sensible, page. One further question, were any of the JP IP addresses Xi edited from checked with Zenmap, or lookups, to see if they are open proxies? --Brian McNeil / talk 06:52, 26 June 2010 (UTC)[reply]

Article authenticity verification

edit

I have emailed Creative Commons via their web form,...

To Whom It May Concern,

I am trying to establish the authenticity of an interview with a Japanese CC-associate.

The article in-question appears on the English-language Wikinews[1], and was submitted to
the project by a sockpuppet of a user previously permanently banned for a variety of threats,
claiming he would continue to vandalise the project, and repeatedly lying about his location
when putting copyright violations on a WMF project.

The user also appears to own, a domain in Pakistan, freeculturemovement.org. I appreciate CC
generally reliese [sic] on volunteer efforts, much like Wikinews does, but were you aware of this
domain, or do you in any way endorse it?

Regards,


Brian McNeil.

[1] https://secure.wikimedia.org/wikinews/en/wiki/Wikinews_interviews_Chiaki_Hayashi,_Asian_Projects_Coordinator_at_Creative_Commons

We shall see what comes of that. --Brian McNeil / talk 07:06, 26 June 2010 (UTC)[reply]


Justification for seemingly blanket sock-ckeck requests:

  • I would like to add that, given this user's past transgressions, and claims to black-hat skills, all IP addresses matching in CU results should be actively scanned with w:nmap – not just checked in proxy lists. I would like to be wrong about Xe, but verification is vital. I assume the issue has been raised on the CU mailing list; it goes cross-wiki because, there are edits and image uploads elsewhere. I would strongly dispute that Xe has vanished for some two-odd years and just recently returned. But, I am not about to sit and sift through hundreds of blocks I have imposed in that timeframe to establish which were most likely socks of Saqib. The above-listed user who is supposedly the interview subject is probably the most important one. I would expect put in touch with Xyr via CC. From there, assuming the interview took place, I can establish a variety of details around this. --Brian McNeil / talk 08:34, 27 June 2010 (UTC)[reply]

Further

edit
There is a whole bunch of auto created user accounts on the range he used (30+). None of them have been used on Wikinews. User agents do not match and without any edit history it is not possible to say for sure, but there does appear to be quite a few more socks. --Cspurrier (talk) 18:05, 27 June 2010 (UTC)[reply]

Re-check request(s)

edit
  •   Recheck request. I would like to see the range re-checked and socks blocked per evolving consensus on WN:AAA. I assume this has been raised on CU-l and other projects are being checked. The Saki account here was created, then renamed to permit unification.
I will continue clarifying what went on with Creative Commons. -- Brian McNeil (alt. account) /alt-talkmain talk 15:05, 29 June 2010 (UTC)[reply]
Updates
Further
  Done. -- Cirt (talk) 20:06, 3 August 2010 (UTC)[reply]
Question

Just how many of the above, and the below, originate inside the Federally Administered Tribal Areas of Pakistan? Do we sill have an active checkuser who knows how to use, and read results from, the appropriate tools? One prepared to actively scan in-question IPs, and to widen CU ranges out to the matching IP ranges? -- Brian McNeil (alt. account) /alt-talkmain talk 19:49, 3 August 2010 (UTC)[reply]

  • Clearly created as a sock, but perhaps not knowingly declared. Have asked Xe on both talk pages why. Time of edits matches with noticeable increase of PK-related edits/uernames that may relate to the still-posted Saki/Saqib investigation. (I also note my final request for a re-check on that one to get the additional socks has not been carried out.) -- Brian McNeil (alt. account) /alt-talkmain talk 05:25, 29 July 2010 (UTC)[reply]
--InfantGorilla (talk) 11:15, 29 July 2010 (UTC)[reply]
Likely related accounts from technical CU check info
  1. Bhaskar Debbarma (talk · contribs)
  2. Dhingu (talk · contribs)
  3. Gagansethi (talk · contribs)
  4. Shameem (talk · contribs)
  5. Sathya731 (talk · contribs)
  6. Ahmed Kamal823 (talk · contribs)
  7. Superanish (talk · contribs)

-- Cirt (talk) 19:37, 3 August 2010 (UTC)[reply]

Some of these are little-used SUL accounts (sleepers?) that have been dormant for several years. --InfantGorilla (talk) 20:07, 3 August 2010 (UTC)[reply]
Actually, no, most were created as accounts, locally on this site, within the last couple months. -- Cirt (talk) 20:11, 3 August 2010 (UTC)[reply]
But as far as we know, there's no sock abuse, right? None of the users listed above have any contributions. Benny the mascot (talk) 20:14, 3 August 2010 (UTC)[reply]
One of them has a user page, but its other edits are pretty insubstantial: http://en.wikiversity.org/wiki/User:Shameem --InfantGorilla (talk) 20:22, 3 August 2010 (UTC)[reply]
  • It would be nice to have previously made comments accusing me of paranoia withdrawn; and, such, in some way, noted. Those who have been on-project for considerably less time should take careful note of the above; you have not seen this level of CU-related information before. This is, generally, done as quietly, and nonpublicly, as possible. I am very unhappy to be proven right in this way. That because it means that repeated admonishment of myself, and numerous of the disputes around these issues, are through applying AGI to the wrong people. Do I need to go through the last 5k edits to the wiki, pick out the suspects, and be proven right again? I can, from casual observation, say there are probably numerous contributors in the last 2-3 days who will turn out to be part of the same, probably shared, sock army.
This is a serious problem. Would people, as a matter of urgency, start treating it as such? -- Brian McNeil (alt. account) /alt-talkmain talk 21:39, 3 August 2010 (UTC)[reply]
  • Bump. This is important, and needs dealt with; Benny, the creation of socks by a user with a long history of abusing them is serious. This is not Wikipedia you're arguing someone should be allowed a range of accounts, thus, ultimately, the ability to self-publish without the community realising it. -- Brian McNeil (alt. account) /alt-talkmain talk 05:22, 5 August 2010 (UTC)[reply]
  • This request is getting far too convoluted and I am simply unable to understand the discussion thread. Brian - what I suggest happens is that you refactor your suspicions into a regular request so that I can run it. --Skenmy talk 16:09, 10 August 2010 (UTC)[reply]

Bjornengelhardt

edit

218.186.8.235 has just been blocked for using xyr time to request a hard anal fuck. What is concerning is that, as well as the two vandal edits, I see this. It looks legit; worse, it looks like that user failed to log in and used their IP. Is this a case of someone logging out to be a vandal? Blood Red Sandman (Talk) (Contribs) 17:48, 9 August 2010 (UTC)[reply]

  Unrelated --Skenmy talk 17:55, 9 August 2010 (UTC)[reply]
That's what I like to hear. Blood Red Sandman (Talk) (Contribs) 18:00, 9 August 2010 (UTC)[reply]

Cyrus the Virus

edit

This sock-builder identified above (who may or may not be a one-and-the same with a certain other socker) could do with being looked at again. I've blocked all the accounts; per my block-change summary on the first, I have given xyr a name so we can identify them.

  1. Bhaskar Virusxxx (talk · contribs)
  2. Bhaskar Debbarma (talk · contribs)
  3. Dhingu (talk · contribs)
  4. Gagansethi (talk · contribs)
  5. Shameem (talk · contribs)
  6. Sathya731 (talk · contribs)
  7. Ahmed Kamal823 (talk · contribs)
  8. Superanish (talk · contribs)

Also, is this user - created a day after the other bhaskars - related? Bhaskar6557 (talk · contribs)

And is this Saki (talk · contribs) (Saqib) or is Cyrus a different threat?

I want to know what other socks have been created in the long interim between their identification and my blocking, and I want to know the underlying IP(s). And I want a pony. Blood Red Sandman (Talk) (Contribs) 18:36, 19 August 2010 (UTC)[reply]

  •   Comment For the benefit of Skenmy, who doesn't seem to be keeping up here,...
Saquib (talk · contribs), AKA Saki (talk · contribs), AKA (most-likely) all of the above, and dozens of others I've blocked since the initial permaban, are at-question here.
Do any, or all, of the clearly identified socks have overlapping IP allocations? Have cross-allocation checks been performed? Have repeatedly used IPs been checked for 'unusual' services via an active scan? Have any IPs been identified as in ranges used for shared, or standalone, hosting (thus might be in-use as semi-private proxies)? I got no notice of a request to refactor this ten days ago. Why should I? Doing so is more work than actually running the checks. Now, will what seems to be a persistent socking and trolling problem be looked at?
If you've CU on this project, and you will not look at this thoroughly, then give me permission to escalate it to a Steward. Or, escalate it to the CU mailing list yourself. CheckUser is not supposed to be purely reactive; the privilege, initially, automatically went to 'crats because they're charged with projecting the long-term interests of the project. So, be proactive. Please? --Brian McNeil / talk 00:26, 20 August 2010 (UTC)[reply]
  •   Done Bhaskar Virusxxx, Bhaskar Debbarma, Dhingu, Gagansethi, Shameem, Sathya731, Ahmed Kamal823 all share an ip and appear to be the same user. There is no data available for Superanish. IP range and country do not overlap with any previously checked user. IP belongs to be a huge mobile provider and appears to be assigned for a short period of time. There are a number of possibly legit users (no edits, but otherwise poor matches) on the ip range, so a range block would be inappropriate. No open proxies or other oddities. Bhaskar6557 is in the same country as the others, but on a different mobile provider. --Cspurrier (talk) 03:16, 20 August 2010 (UTC)[reply]


Greg L

edit

Greg L (talk · contribs)

Examining this user's global contributions suggested a close-parallel with other recent contributors to en.WN, but near-zero non-Wikipedia contributions. The user's contributions on en.WP in the past 500 edits appear most involved with votes and policy wonking (engaging in dispute discussions on talk pages), notably recent Manual of Style. No contributions in the past 5 days, yet suddenly involved in another project's style guide discussions. Chooses not to disclose where xe was linked to the discussion, which would confirm meat puppetry rather than sock puppetry. - Amgine | t 16:20, 25 September 2010 (UTC)[reply]

  Done No matches. --Cspurrier (talk) 17:34, 25 September 2010 (UTC)[reply]


Mike3620

edit

Mike3620 (talk · contribs), a new Wikinewsie, has been disruptively trying to circumvent the review process, and repeatedly recreating a comments page despite requests not to do so and an explanation why not. Suddenly, up pops PacketFactory (talk · contribs) and makes pretty much the same edits on the same propaganda piece. Can we have confirmation these are one and the same? Blood Red Sandman (Talk) (Contribs) 16:07, 4 October 2010 (UTC)[reply]

There was sufficient information in the contributions to justify an indef block of PacketFactory. A CU may still be warranted. --InfantGorilla (talk) 16:17, 4 October 2010 (UTC)[reply]
  Confirmed. Mike3620 (talk · contribs) = PacketFactory (talk · contribs). Cheers, -- Cirt (talk) 16:28, 4 October 2010 (UTC)[reply]

User blocked by Blood Red Sandman (talk · contribs) for repeat recreation of seriously non-NPOV, editorial-style, puff piece.

In response to block, blanked explanation of such from talk, deceptively using "no longer open proxy" claim.

By email, gave seriously contradictory reason for project interest to that blanked from (but in history) of user's page.

Chameleon-like nature inspires no confidence; strongly suspect CU may reveal edits from open proxies in multiple countries - possibly even other accounts not as-yet made use of in any sort of disruptive manner. --Brian McNeil / talk 00:03, 5 November 2010 (UTC)[reply]

  • Interesting. The 'iffy English' notice I blanked from xyr userpage claimed a location in Oslo, Norway. The quite fluent email appeal claimed peer2peer affiliation.
First thought is: Is the earliest IP (via nmap scan) an open proxy, and thus subjectible to a permanent block? Next, do all the used IPs come from the same ISP and country? Likely an overreaction, but there's a minor hint at an alternative trolling/disruption option to Tor being quietly played with. If so, someone should alert Tim and other devs. In any case, if the IPs are geographically disparate, I'd hit them all with nmap. --Brian McNeil / talk 10:43, 5 November 2010 (UTC)[reply]
Nothing appears out of the ordinary, all the IPs are coming from an educational facility. -- Cirt (talk) 20:35, 5 November 2010 (UTC)[reply]
Indeed. ;) -- Cirt (talk) 21:14, 5 November 2010 (UTC)[reply]

Two blocked as unnacceptable usernames, third with copyvio/plagiarism 'issues'. All, apparently, from India. Just seems so weird to see three new contributors from same geolocation in such close succession. --Brian McNeil / talk 19:48, 8 November 2010 (UTC)[reply]

  • If so, then I suspect this is also one and the same with a username vandal who I recall registering numerous accounts under the names of press agencies. On that basis, I'd like the AIP one checked for open proxy (the ability to apparently bypass IP blcoks suggests proxy use) and if connected, I'd like them all checked thus, please. Blood Red Sandman (Talk) (Contribs) 19:54, 8 November 2010 (UTC)[reply]
    •   Comment - Same locale, but they seem to be different based on technical evidence, including different useragents. Behavioral evidence may prove otherwise. As far as the "weirdness" of it - U.S. President Barack Obama is currently in India on a big business development trip - which may be the cause of this increased interest in the subject at Wikinews - whether from socks or just innocuous new users. -- Cirt (talk) 20:09, 8 November 2010 (UTC)[reply]


Self

edit

This may seem like an odd request, but let me explain:

  • I'd like the full browser string for this edit. This is to establish some tech information about my phone, and its browser - which periodically crashes on the secure connection.
  • I would also like full details on the next edit to this page - it, for security reasons, will not be logged in. However, I'm trying to establish the trustworthiness of a device. I want to establish what browser is in use, what network, &c. I'll indicate it's from me. There may be a followup on that, using the same device from a local WiFi point. --Brian McNeil / talk 11:41, 20 November 2010 (UTC)[reply]
Here is the followup. This is an "ubisurfer", running a possible-GPL-vio Arm Linux kernel. There is an embedded SIM, and it comes up with "server-2104" when it connects, then says it is in London via Google Maps. I'm looking for the full lowdown on this, and their "patented compression technology" --69.70.107.202 (talk) 12:19, 20 November 2010 (UTC)[reply]
  • This is another followup from the device. Should come up as IceWeasel for the browser, but I want to make sure it's just using the access point, and not a proxy, before I log in. Will add a countersign below this in a moment. --80.176.214.2 (talk) 17:54, 20 November 2010 (UTC)[reply]

Irate

edit

Sorry for not listing user by user - on the mobile.

Please CU all users attempting to 'contribute' to this, plus appropriate /24, /18, or /16 ranges for additional sleepers.

And, if possible, check the top-1 version, which links to enWP noticeboard, for sockmaster.

I suspect there's also a requirement to check a lot of these for open proxies too. --Brian McNeil / talk 15:08, 11 December 2010 (UTC)[reply]

  • Yeah, whatever... Does it really matter where a request is?
Moving one to the 'policy approved' position instead of just doing it is a severe case of rearranging deckchairs.
I seriously doubt I'd get the priv back, but this is clear evidence why someone technically competent, and active, should have it. --Brian McNeil / talk 23:34, 11 December 2010 (UTC)[reply]
  1. Truthnews9986 (talk · contribs)
  2. Brixton (talk · contribs)
  3. Pentenville (talk · contribs)
  4. Standford (talk · contribs)
  5. Emley (talk · contribs)
  6. Dizzydoozy (talk · contribs)

The above are all   Confirmed. -- Cirt (talk) 17:40, 12 December 2010 (UTC)[reply]

I blocked some underlying IPs. If it re-occurs again another time additionally after this once more repeated, then please re-notify here and a rangeblock may yet indeed be considered in the future. -- Cirt (talk) 19:59, 12 December 2010 (UTC)[reply]
Check only turned up those two above accounts on the one IP. -- Cirt (talk) 08:12, 19 December 2010 (UTC)[reply]


Mattisse (talk contribs deleted contribs logs block user block log checkuser)

Shut it down

edit

Could we get a checkuser in here to either accept, or reject and close this request please? This dramafest doesn't need to go on any longer. the wub "?!" 12:36, 20 April 2011 (UTC)[reply]

Mailshot sent to the four CheckUsers. — μchip08 12:40, 20 April 2011 (UTC)[reply]
Good. This massive discussion directly violates the most heavily emphasized part of the procedure stated at the top of this page. --Pi zero (talk) 13:06, 20 April 2011 (UTC)[reply]
Noted. I will review and decide shortly --Skenmy talk 18:05, 20 April 2011 (UTC)[reply]

  Not done - CUs need sufficient evidence of socking in order to occur. There seems to be absolutely no evidence here - if I am mistaken then please let me know! --Skenmy talk 18:13, 20 April 2011 (UTC)[reply]

How can brianmc abuse the check user policy if he does not have check user rights? If I recall you asked for him to file the request. If you didn't want him to file said request, you probably should have responded with a polite "no thank you" not with a "I appeal to you to do a checkuser". Bawolff 01:43, 21 April 2011 (UTC)[reply]

(edit conflict) Reply. He threatened me and I felt bullied and agreed that he could request a check user out of fear, thinking that wikinews must allow such filings since he said as a "bureaucrat" he was required to file a check user on the basis of "off wiki info" that someone had given him that I had been unpleasant to this person on wikipedia.[18] I was totally intimidated and reacted out of fear, without thinking. He had already made it clear that he thought I was "stupid" and singled me out for derogatory remarks. I expected that if he he filled the check uses , he would have to present evidence and I would find out who these users are on wikineews who feel I am socking and who say I treated them badly on wikipedia. I would find out who was against me, as clearly there are some who are. I knew there was no evidence of socking, so I did not think he could file a check user. Nevertheless, a "bureaucrat" User:Brian McNeil filed a check user against policy (he had absolutely no evidence); the check user was allowed to play out, even though User:Brian McNeil have violated policy. I am asking is this ok by wikinews standards? Or will he be called to account for blatant violation of policy? I understand he is a "bureaucrat" and all. Does this mean he can intimidate new users in the manner he has done here? Mattisse (talk) 02:18, 21 April 2011 (UTC)[reply]

This is not the place for this discussion. As explained above, discussion about the merits of a CheckUser should be taken elsewhere. Please do not continue to edit this page unless it is something directly related to the checkuser's job (i.e. a new request). Other comments are not appropriate for this venue. — μchip08 01:51, 21 April 2011 (UTC)[reply]
Where is "elsewhere"? Where it the appropriate forum? I have searched and I have not found one. Mattisse (talk) 02:20, 21 April 2011 (UTC)[reply]
Wikinews:Dispute resolutionμchip08 02:38, 21 April 2011 (UTC)[reply]
  •   Comment I have also reviewed this and agree with Skenmy. Additionally, I believe that Brian did not violate checkuser policy in asking for a check user (nor could he really since he is not a CU). While it is a request that we are not going to fill, he was acting reasonably and in good faith asking for it. Socking elsewhere and a self request is perfectly reasonable grounds for asking for a CU. If there was even some weak evidence that socks were abused here, I would have no issue with running the CU. As a general reminder though, socks are not prohibited under Wikinews policy, abusing them is. --Cspurrier (talk) 17:29, 21 April 2011 (UTC)[reply]

  • Per the policy note at the top of this page refrain from turning this into a theatre of war. I have, via this diff, provided all required justification for my actions. Checkusers, please clear this idiocy from this page to avoid this fora being abused further. --Brian McNeil / talk 21:23, 4 May 2011 (UTC)[reply]

kittiesonfireXX

edit

Series of accounts used to disrupt the project. I believe they merit a CU ans rangeblock, should the CU show a rangeblock would appropriately deter. --Brian McNeil / talk 06:29, 4 March 2011 (UTC)[reply]

Could we "just" add kittiesonfire<integer>* to the blacklist temporarily? — μ 09:40, 4 March 2011 (UTC)[reply]
  • I'm not totally up on all the blacklisting tech currently in MW. Does it include usernames? If so, that'd be a start, but the offending users should still be CU'd and a week or two of a selective range block applied. --Brian McNeil / talk 12:02, 4 March 2011 (UTC)[reply]
  • I remember I had to deal with this person last Tuesday, it took me like ten minutes to remove all of their crap. Last night I asked BarkingFish on IRC if he knew somebody who could setup an AbuseFilter thingy to prevent more Kittiesonfire accounts to be created, and it seems he found a solution. :D --Diego Grez return fire 15:10, 4 March 2011 (UTC)[reply]
Barking Fish appears to have added title blacklisted; not sure if that's the right place (don't we want the username blacklist instead?) not a technical person.μ 14:21, 4 March 2011 (UTC)[reply]
Titleblacklist prevents usernames as well as pages; for MW it's pretty much the same... - Amgine | t 19:04, 5 March 2011 (UTC)[reply]
Indeed I did add them to the title blacklist, and as I was advised by Betacommand (IRC User Delta), the addition to the title blacklist prevents pages with a title containing the specified REGEX from appearing. I would have set up the abuse filter, but Delta assured me this was a faster way than messing with the abuse filter's syntax. BarkingFish (talk) 19:41, 5 March 2011 (UTC)[reply]
  •   Comment - There was only one IP address, which was already blocked globally by a Steward. However, there is also:
  •   Confirmed:
  1. Kittiesonfire8 (talk · contribs)
  2. Kittiesonfire9 (talk · contribs)
  3. DiarrheaMilkshake (talk · contribs)
  4. Kittiesonfire6 (talk · contribs)
  5. Kittiesonfire7 (talk · contribs)
  6. Kittiesonfire16 (talk · contribs)
  7. Kittiesonfire17 (talk · contribs)
  8. Kittiesonfire18 (talk · contribs)
  9. PeeOnFavonian (talk · contribs)
  10. Kittiesonfire21 (talk · contribs)
  11. Kittiesonfire22 (talk · contribs)
  12. Kittiesonfire20 (talk · contribs)
  13. Kittiesonfire24 (talk · contribs)
  14. Kittiesonfire25 (talk · contribs)
  15. Kittiesonfire23 (talk · contribs)
  16. Kittiesonfire19 (talk · contribs)
  17. K!ttiesonf!re (talk · contribs)
  18. My name is awesome (talk · contribs)
  19. I set my dick on fire! (talk · contribs)
  20. I set my friends on fire! (talk · contribs)

All above accounts are now blocked. Cheers, -- Cirt (talk) 16:49, 4 March 2011 (UTC)[reply]

This has proven ineffective. Please apply an appropriate rangeblock of, say, a week. I doubt there's much colateral damage likely. --Brian McNeil / talk 08:35, 11 March 2011 (UTC)[reply]
Looks like that was handled already, at WN:AAA. -- Cirt (talk) 22:24, 11 March 2011 (UTC)[reply]

Additional to this request

Could I please get confirmation or denial on 2 3 4 extra accounts which turned up today, User:K!ttiesonf!re, User:My name is awesome, User:I set my dick on fire! and User:I set my friends on fire!? Are they originating from the same IP as the original KittiesonfireXX series? BarkingFish (talk) 20:23, 28 March 2011 (UTC)[reply]

  • All of those are also now   Confirmed. Underlying IPs blocked. There were some newer and different IPs used as well. One rangeblock carried out for now. Cheers, -- Cirt (talk) 22:50, 28 March 2011 (UTC)[reply]

More

edit

Accounts created together in a timely fashion. Some of them vandalised user namespace with consequent blocks by admins. I'm requesting a CU to confirm that all those accounts are indeed the same person. Thanks, Gryllida 01:25, 28 April 2011 (UTC)[reply]

LarryTheDolphin (talk contribs deleted contribs logs block user block log checkuser)

I am filing a request for checkuser on the above account, they joined earlier to find a block in place, and made the following statement as a request for unblock on their talk page, which I have initially declined: "Uhm, why am I blocked? Is it because of that K!ttiesonf!reRELOADED asshole?"

I declined an unblock, until such time as a CU can confirm (or deny) that these are the same user. If they are, the account will remain indefinitely blocked. Could a CU please see their way to performing a check as soon as convenient for them? Thank you. BarkingFish (talk) 22:14, 24 April 2011 (UTC)[reply]

  Confirmed LarryTheDolphin is KITT!ES ON F!RE and most likely the whole mess of other blocked socks --Cspurrier (talk) 22:48, 1 May 2011 (UTC)[reply]
I concur. -- Cirt (talk) 20:18, 2 May 2011 (UTC)[reply]