Jump to content

Autoblock

From mediawiki.org
An example of an autoblock causing collateral damage. This display makes it look like admin Curps blocked multiple other users (identified by anonymizing six digit numbers). In actuality, Curps only blocked one user, and all the others were "collateral damage" caught by the autoblock because they were using related IP addresses to the blocked user.

An autoblock is an automatic block of an IP address, done by the MediaWiki software. Autoblocks are the result of an attempt to edit the wiki from an IP address recently used by a blocked user, so that they may not make the same edits anonymously or under a different username.

Each time a user edits the wiki, the IP address used to connect to the site is recorded by the MediaWiki software that powers the wiki. A log of IP addresses used by every user is kept privately, accessible only by users with checkuser access to the MediaWiki software.

The autoblock will duplicate most of the block settings, including if the block is sitewide or partial, but does not include the original duration, blocking email, and hardblock.

Unblocking an autoblocked user

If a user is autoblocked, such as if a named user was unblocked, but their IP address is still autoblocked, an admin can clear the autoblock by:

  • Reviewing the list at Special:BlockList, and searching for the user's account name. This is a case-sensitive search.
  • Identifying the #xxxxx number that is associated. If searching on this number, be sure to include the "#"
  • Unblocking the #xxxxx by clicking the unblock link

Note that once the autoblock is cleared, the user's account name will no longer appear in the list.

Messages

Log messages

Sometimes the term autoblock disabled will show up in a block message. This means that when the user was blocked, that only their username was blocked, but other users on the same IP address are still free to edit.

The default setting for a block is to have Autoblock enabled, but it generally does not say this explicitly in a block message. To disable the default autoblocking of an account, admins must manually uncheck the box that says Automatically block the last IP address used by this user, and any subsequent IP addresses they try to edit from, for a period of $1.


Main functions

Gmaxwell shortly after vandalizing the English Wikipedia under the username Bad article creation bot.
His vandalism caused harej to accidentally autoblock the entire Wikiconference NYC 2009. A Wikipedia admin Kirill Lokshin looks on with disapproval.

When an autoblock occurs, users may be autoblocked as the result of a block on another user, who was probably using the same ISP. So a different user may end up blocked, even though they have personally done nothing wrong. This is referred to as "collateral damage". Example:

  1. User:Susan, an administrator, blocks User:Bort for 24 hours. Unknown to Susan, Bort uses AOL to edit the wiki, and an autoblock was enabled at the time of the block.
  2. User:Steven, who also uses AOL from home, and is currently assigned the IP address last used by Bort, signs on to the wiki.
  3. Steven receives a "You have been blocked" message when he clicks "Edit", doesn't understand what an autoblock is, and angrily demands to know why admin Susan has blocked him.
  4. Steven tries to edit from his work computer (which does not use AOL). He learns that autoblocks only propagate from usernames to IP addresses, and decides to resume normal editing there.

It is important for users to understand that administrators do not set autoblocks; once they have blocked a user with autoblocking enabled, autoblocks are set by the MediaWiki software. Autoblocks do not appear in administrators' block logs, and the administrators are not notified of them. This is a necessary consequence of keeping logged-in users' IP addresses private. So while the IP address responsible for each edit is recorded by the MediaWiki software, this cannot be accessed, even by administrators and even when the user is blocked.

Tracking

MediaWiki version:
1.29

If $wgCookieSetOnAutoblock is enabled a cookie ({$wgCookiePrefix }BlockID) will be set on an autoblocked user's browser. This means that the user will still be blocked even after logging out and moving to a new IP address.

When the cookie is set, and a user tries to edit a page, MediaWiki will load the original block specified in the cookie and prevent the user from making the edit. This does not, however, create a new autoblock for the new IP address. That only happens if the user logs into the original blocked account.

This form of tracking is dependent on the user's browser retaining the cookie, and so will not work for all blocked users in all situations. The feature is intended to provide a small extra level of protection against blocks being circumvented.

Disabling autoblocking

When a block is issued, autoblocking is usually turned on by default, except for common dynamic IP ranges, such as those used by AOL.

MediaWiki version:
1.9

A list of such automatically exempt IP ranges can be set in MediaWiki:Block-autoblock-exemptionlist.

Lines starting with * indicate exempt addresses, with the text after being an IP range (leading and trailing whitespace is ignored). All other lines are ignored and may be used as comments. An example of such a page is Wikipedia's exemption list.

Administrators can disable autoblocking at the time of blocking a user, by unchecking the checkbox. Once an "enabled" block is placed, it can also be fixed by modifying the user's block, but this should not be done unless absolutely necessary.

Automatic reset

There is an internal autoblock expiry time variable, $wgAutoblockExpiry , which is set to 24 hours, meaning that autoblocks only last for 24 hours. However, in the case of dynamic IP address pools (such as those used by AOL), this may affect hundreds of users before the block expires. So in the case of an indefinite block, autoblocks may continue to be set by the software, weeks or months after the initial block has been set. Older indefinite blocks, dating from before the autoblock exemption whitelist and the option to disable when blocking, may also trigger autoblocks.

MediaWiki version:
1.20

Manually lifting the original account block automatically lifts every auto block that was created as a consequence of that block. (If the original block merely expires automatically, any dependent autoblocks are not immediately lifted.)


Ipblocklist

When IP addresses are autoblocked, they appear in Special:Ipblocklist (but not in the admin's block log) with a special mask that prevents the IP address from being seen. Instead, the block is identified by the block ID and is labeled "Autoblock #xxxxxx" in the BlockList. Autoblocks register on Special:Ipblocklist, Special:AutoblockList and in the banner available to the blocked user, with the name of the admin that set the original block. However, the admin is not notified that an autoblock has been placed. Diligent administrators who lift a block early may wish to check the blocklist in order to check for any autoblocks that need to be cleared.

Tips

  • It is helpful for all involved, especially AOL users, who are often chronically autoblocked by collateral damage, to remain patient and remember that it is the software that is responsible for the autoblock, not the administrator who is unfortunate enough to have their name appear on the block log.
  • Equally important is for admins to check Special:Ipblocklist and Special:AutoblockList regularly, and unblock all autoblocks from a particular user if more than two autoblocks are set in rapid succession.
  • If more than two IP addresses are autoblocked within seconds/minutes of each other, it is a good indication that it is a dynamic IP address pool and the blocks are collateral damage.