FANDOM


Are you an admin on a wiki and come across recurring IP address vandals with slightly different addresses each time? There's a neat less-known type of block known as a Range Block. It is a powerful tool and can be used by any administrator on a wiki, only if the vandal's IP addresses are known. If misused it can wreak havoc on a wiki, so it should be used wisely after necessary checks have been made.

Case Study

Let's say there's an IP address called 123.123.123.12 and they vandalise your wiki. So you revert their changes and block them, as usual. However, a few minutes later another IP vandal appears called 123.123.123.13 and they do similar vandalism as the first. You're almost certain they're the same individual since the behaviour and address is so similar, as well as the short timespan when the edits occurred. However, yet another IP appears named 123.123.123.11 causes trouble and thus it continues, you revert and block. And so on.

But did you know there's a better way to go about this when multiple similar IP addresses vandalise?

How It Works

IP addresses are broken up into blocks of numbers.

An example of this would be 148.20.57.0 through to 148.20.57.255.

Once it reaches 255 the next number is 148.20.58.0.

IP addresses can be broken up in to smaller or larger blocks.

The smallest practical block is a block of 4.

This could be one of the following:


148.20.57.0 - 148.20.57.3,
148.20.57.4 - 148.20.57.7,
148.20.57.8 - 148.20.57.11, ...


Of each block of 4 numbers, only two can be assigned to a computer.

The first and last numbers of any block are reserved for network communication.

These are level 30 blocks and can be expressed like this:


148.20.57.0/30,
148.20.57.4/30,
148.20.57.8/30, ...


The next largest block is 8.

They can be as follows:


148.20.57.0 - 148.20.57.7,
148.20.57.8 - 148.20.57.15,
148.20.57.16 - 148.20.57.23, ...


In this block of 8 numbers only 6 can be assigned to a computer as, once again, the first and last numbers in a block are reserved for specific uses in network communication.

These can also be expressed as follows:


148.20.57.0/29,
148.20.57.8/29,
148.20.57.16/29, ...

From this point on, the number of IP addresses in a block continues to double: 16, 32, 64, 128, 256, etc.

A block of 16 would start 148.20.57.0/28.
A block of 32 would start 148.20.57.0/27.
A block of 64 would start 148.20.57.0/26.
A block of 128 would start 148.20.57.0/25.
A block of 256 would start 148.20.57.0/24.

So if you have an IP address and you want to block the range assigned how do you know which one to use? Let's say you have a problem with 148.20.57.34. You can lookup who has this IP address at http://arin.net/whois/?queryinput=148.20.57.34. Say this tells us that this IP address is assigned, along with a LOT of others in a /17 range, to the Department of Defense. We certainly don't want to block a large block of the DoD! The rule of thumb is block as little as possible. Only block a range if there is a cluster of IP addresses giving a problem.

There's a calculator that is very useful for this:

http://www.csgnetwork.com/ipinfocalc.html

Go to this site and enter 148.20.57.34 into the first set of blanks.

Now select Network Prefix Length and enter 27 (this will give a block of 32 addresses) and click Calculate Network Information.

This will show us a block of 32 IP addresses that include 148.20.57.34.

You can use this tool to test ranges to be sure they are what you want before entering the information to initiate the block.

A range block can then be applied by appending /<int> to the IP address on Special:Block, where <int> is the IP range. FANDOM supports up to /16 range blocks, which is 65,536 IP addresses.

Summary

For users who didn't know how range blocks worked or what they are, I hope this blog provided useful insight into that and helps you administer your wiki better. Remember: range blocks are very powerful; a mistake of a /11 range block instead of /12 can have drastic consequences and may cause innocent users of your wiki to appear blocked.

Also, like normal IP address blocks, you should never block them infinitely. While an IP address or range may belong to a VPN or proxy service that is most likely misused by trolls, most IP addresses are recycled over time and a proxy/VPN IP range could later be used by an innocent home user. I find that 3 months is a suitable block for persistent IP range abuse.

Ideally you should aim to block for the smallest effective range possible, although if a large range belongs to a VPN or proxy it is usually okay to block them entirely as well if they're confirmed to be used repeatedly by malicious users.

References

Community content is available under CC-BY-SA unless otherwise noted.