Jump to content

User:MLauba/Rangeblocks

From Wikipedia, the free encyclopedia

Rangeblocks are a tool meant to block several contiguous IP addresses in one single go. They may be tricky: Too broad rangeblocks can block 65k addresses and catch thousands of innocent users to swat a single IP hopping fly.

The documentation doesn't provide a step by step process on how to do rangeblocks, but throws a ton of tech at you. So if you're like me, your natural instinct is to stay away from them (myself and many others throw the term "I don't do rangeblocks" around quite often). After all, there's a potential if you screw up to screw up on a grand scale, and no telling how to undo the damage.

Without further ado, here's what I found out (for an IPv4 rangeblock) and apparently carried out without blocking a small city:

Simple process[edit]

  • Discover the smallest and largest IP addresses used by the user that needs to be blocked
  • Find the correct rangeblock address and the right suffix
  • Verify the potential collateral damage
  • Use sound judgement to implement the most narrow rangeblock possible.

Step by step breakdown[edit]

  1. To do a rangeblock, you need to find an IP address appended with the right subnet mask suffix (X.Y.Z.N/suffix)
  2. Check out the IPs used by the user you need to block:
    • If they are all in an IP range between X.Y.Z.0 and X.Y.Z.255, your rangeblock will only affect 254 IP addresses at most. To rangeblock, you'll need to find out a suffix number (see below) between /24 (broadest) and /30 (finest)
    • If they are between X.Y.0.0 and X.Y.255.255, your rangeblock will affect between 255 and 65,536 IP addresses. To rangeblock, your suffix will be between /16 (broadest) and /23 (finest). You will probably want to pause before doing anything rash, in particular with the /16 to /18 suffixes.
    • If they are broader than that (in other words, the number for Y also varies), this is a problem that cannot be fixed with a simple rangeblock. Protection, edit filters are tools that will help here. Go back to AN or ANI, or the Village Pump (Technical), for solutions.
  3. Go to the IP Address Range Calculator.
    • Enter the lowest IP address you found in the field "Specify your Network Address"
    • Two lines below, click the radio button in front of "Enter a Network Prefix Length", using the boundaries indicated above (so between 30 and 24, or 23 and 16). Click the "Calculate Network Information" button.
    • Now look at the Calculated results.
    • The first line gives you the correct address to use in your rangeblock as the starting point.
    • The last line gives you the end of the range you have selected. You can ignore the other two lines at this stage.
    • Go back to the field "Enter a Network Prefix Length" and progressively reduce the number (every time you decrease the number by 1, the range doubles in size), until you can fit the smallest IP address and the largest one within the boundaries you have selected.
    • Your correct, minimal range will be the IP in the Network Address field with the suffix number in the Network Prefix Length field. It will be in this format X.Y.Z.N/M - eg. 192.168.0.8/30
  4. Now before you do anything drastic, check out this tool: http://tools.wmflabs.org/xtools/rangecontribs/
    • Paste the range including suffix in the field called CIDR /List. Hit submit
    • Look at the results and use this insight to get a feel for the amount of legit contributions in this range. These are essentially collateral damage of your rangeblock. Use the judgement you got your mop for.
  5. With all the information you gathered, you can now simply paste the right rangeblock with its suffix in the block interface. The block settings will apply to every IP in the range you specified.

Remember that IP blocks should be limited in time, narrow, soft blocks preferred over hard blocks. If anything more drastic is required, consensus will be needed.

That's all I got. Rangeblocks are useful, but must be weighted against the damage they cause. If the disruption can be curbed by semi-protection only, that should be the preferred choice. If we're dealing with dynamic IPs all around the place, other means may be required.

Last but not least, the above tutorial has been written based on a single rangeblock (so far). Remember to use your judgement over mine - you own your administrative actions, and their consequences

Retrieved from "https://wiki.riteme.site/w/index.php?title=User:MLauba/Rangeblocks&oldid=699721460"