Help:تدقيق مستخدم

This page is a translated version of the page Help:CheckUser and the translation is 2% complete.
This is a technical manual for the CheckUser special page with Wikimedia-specific considerations. For the extension itself, see the CheckUser extension page on www.mediawiki.org website.

Special:CheckUser allows a user with a checkuser flag to access confidential data stored about a user, IP address, or CIDR range. This data includes IP addresses used by a user, all users who edited from an IP address or range, all edits from an IP address or range, User agent strings, and X-Forwarded-For headers.

This tool is usually used to counter users creating bad-faith sock puppet accounts. (Note: checkuser may refer to an access to confidential information, a user with permission to do so, or the technical flag.)

Wikimedia Privacy and Confidentiality Policies

Checkusers under the Wikimedia Foundation are subject to the terms of use, the privacy policy, the access to nonpublic information policy, the CheckUser policy and a confidentiality agreement for nonpublic information. Revealing stored confidential data about a user is prohibited except on a limited set of cases detailed in the policies mentioned above.

If possible, the checkuser should attempt to resolve the situation without releasing any information, or by releasing the minimum possible information. The following information is commonly permissible. This list is not comprehensive, and cannot replace the checkuser's judgment. If the checkuser is at all doubtful, they should give no detail and answer like a Magic 8-Ball:

  • confirmation that a user is a sockpuppet without noting personal information;
  • information released by the user;
  • the ISP edited from, if it is large enough that the information is not personally identifiable;
  • the country, which is generally not personally identifiable.

Mailing list

Wikimedia CheckUsers have access to the private mailing list checkuser-l. They may use this list to discuss or get help, ideas and second opinions.

Notes

  • CheckUser is not magic wiki pixie dust. Almost all queries about IPs will be because two editors were behaving the same way. An editing pattern match is the important thing; the IP match is really just extra evidence (or not).
  • Most dialup and a lot of DSL and cable IPs are dynamic. They might change every session, every day, every week, every few months or hardly ever. Unless the access times are right next to each other, be cautious in declaring a match. After a while, you get to know which ISPs change quickly or slowly.
  • If it's a proxy, it might not be a match, depending on the size of the organisation running the proxy (per whois output). If it's an ISP proxy, it is not so likely to be a match.
  • If it's an AOL address, you're out of luck — AOL sends each page request through a different proxy.
  • If a username is using lots of different IPs in various countries, the IPs may well be open proxies. Check with an open proxy checker.
  • Edits from addresses allocated to hosting facilities almost always indicates the use of compromised hosting servers to nefarious ends. Note, however, that the user may have a legitimate shell account on the machine.
  • For IPv6 addresses, you may wish to check the user's entire /64 subnet, because it is possible that the user may be using more than one address out of their range.

Useful tools

"Unix" here includes Unix-like, Linux and Mac OS X computers.

  • whois: On Unix, start a terminal and type whois [IP address] at the command line. This should tell you who owns the IP, what the range is and may also note what they use it for. On Windows, All Net Tools has a pretty good web-based whois (which does an nslookup as well).
  • nslookup: On Unix or Windows, nslookup [IP address] at the command line will give you the fully qualified domain name associated with the IP. Note that not all IPs have a domain name, so don't worry if nothing comes back. If you're on Windows, the All Net Tools whois also gives you the FQDN.
  • Open proxy checking: David has yet to find a good tool for this. (proxycheck doesn't do what I want.) There are a number of online proxy checkers, such as Nmap. (I have not tried them.) Help needed. I usually work on a combination of online proxy list checking and educated guesswork ;-) w:en:User:Tawker runs a web-based proxy checker. To request access to it, contact him on his talk page.
  • Checks for other abuse of an IP: rbls.org gives the status of any IP address on a number of Realtime Blackhole Lists. Note that some RBL blocks should be expected, e.g. many block home dynamic IPs for SMTP, but that's not a problem for a wiki. If a user only uses open proxies or addresses marked as sources of abuse, your suspicions may be raised.
  • Related anon contributions: rangecontribs tool gives anon edits from a given subnet (dead link).

Usage

Basic interface

  1. Go to Special:CheckUser (make sure you are on a wiki where you have access).
  1. In the user field, type in the username (without the 'user:' prefix), IP address, or CIDR range.
    • IP: any IPv4 (most common) or IPv6 address.
    • CIDR: you can check a range of IP addresses by appending the CIDR prefix (up to /16 for IPv4 (65,536 addresses) or /48 (1,208,925,819,614,629,174,706,176 addresses) for IPv6). For notation, see Range blocks.
    • XFF: you can check a client IP address provided by X-Forwarded-For headers by appending /xff (for example, 127.0.0.1/xff).
  1. Select the information you want to retrieve.
    • Get IPs: returns IP addresses used by a registered user.
    • Get edits from IP: returns all edits made by a user (registered or anonymous) from an IP address or range.
    • Get users: returns user accounts that have edited from an IP or range.
  1. In the reason field, type in the reason you are accessing the confidential data. Try to succinctly summarise the situation (for example, "cross-wiki spam"); this will be logged. This may be needed by the Ombudsman Commission.

Information returned

A typical entry in the checkuser results for a user summary ("get users") is as follows:

  • Example (Talk | contribs) (20:11, ٠٣ مارس ٢٠٢٤ -- 20:12, ٠٣ مارس ٢٠٢٤) [5]
    1. 127.0.0.37 XFF: 127.0.0.1, 127.0.0.5
    2. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11

This is formatted to fit a lot of information into a format that can very easily be listed and skimmed, but is difficult to read unless you know what the information provided is. The information is laid out as follows:

  • username (user links) (time period when they edited from the given IP or range) [number of edits from the IP or range]
    1. IP address edited from XFF: XFF information provided (can be spoofed)

Each IP/XFF combination used to edit is listed, in order of use.

The last ten user agents (browser, operating system, system language, and versions) for each user for edits made in the IP or range are listed afterwards.

XFF Format

XFF (X-Forwarded-For) headers indicate the series of IP addresses used from the user's computer (first) to the server hosting MediaWiki (last).

In this example:

aaa.aaa.aaa.aaa XFF: 10.4.46.42, 127.0.0.1, aaa.aaa.aaa.aaa, 208.80.152.46

  • the first two addresses (10.4.46.42, 127.0.0.1) are private to the originating network and can't be reached directly from the public Internet,
  • the third address (aaa.aaa.aaa.aaa) is the "public face" of the editor, usually a broadband or dialup ISP, a company gateway, (but possibly an anonymizer or a malware-compromised server),
  • the last address (208.80.152.46) is one of the Wikimedia squids (sq36.wikimedia.org).


روابط لصفحات المساعدة الأخرى

مساعدة محتويات
ميتا · ويكي الأخبار · ويكيبيديا · ويكي الاقتباس · ويكاموس · ويكيميديا كومنز · ويكي بيانات · ميدياويكي · ويكي الكتب · ويكي مصدر · دليل ميدياويكي · جوجل
إصدارات صفحة المساعدة هذه (بالنسبة إلى اللغات الأخرى ، انظر المزيد)
ما الروابط هنا على ميتا أو من ميتا · ويكيبيديا · ميدياويكي
قراءة
اذهب · بحث · مساحة الاسم · اسم الصفحة · الجزء · خلفية · إعادة توجيه · الفئة · صفحة الصور · صفحات خاصة · نسخة قابلة للطباعة
تتبع التغييرات
التغييرات الأخيرة (المحسن) | التغييرات ذات الصلة · مشاهدة الصفحات · فرق · سجل الصفحات · تعديل الملخص · مساهمات المستخدم · تحرير بسيط · تحرير الدوريات
تسجيل الدخول والتفضيلات
تسجيل الدخول · تفضيلات · نمط المستخدم
التحرير
بدء صفحة جديدة · التحرير المتقدم · تحرير الأسئلة الشائعة · تصدير · استيراد · اختصارات · تحرير الصراع · مقاس الصفحه
الرجوع
الروابط · URL · روابط الخطوط · ربط إنترويكي · الحواشي
النمط والتنسيق
أمثلة على ويكي · CSS · بطاقة مرجعية · HTML في wikitext · معادلة · قائمة · الطاولة · فرز · الألوان · الصور وتحميل الملفات
إصلاح الأخطاء
عرض المعاينة · اختبارات · جارٍ الرجوع عن التعديلات
أداء متقدم
توسيع · قالب · قوالب متقدمة · وظيفة محلل · المعلمة الافتراضية · متغير · رسالة النظام · الاستبدال · مجموعة مصفوفة · عملية حسابية · تضمين الصفحة
الآخرين
الشخصيات الخاصة · إعادة تسمية (نقل) صفحة · تحضير صفحة للترجمة · صفحة الحديث · التوقيعات · القضايا القانونية للمحررين