Autoblock

An autoblock is an automatic block of an IP address, done by the MediaWiki software. Autoblocks are the result of an attempt to edit the wiki from an IP address recently used by a blocked user.

Each time a user edits the wiki, the IP address used to connect to the site is recorded by the MediaWiki software that powers the wiki. A log of IP addresses used by every user is kept privately, accessible only by users with checkuser access to the MediaWiki software. When a blocked user attempts to edit the site, the IP from which they are editing is "autoblocked" with the same settings as the blocked user (with the exception of the duration and blocking e-mail), so that they may not make the same edit anonymously or under a different user name. If another user then attempts to use that autoblocked IP, they are autoblocked as well, and any other IPs that they may attempt to use while blocked, are autoblocked as well. Then other users who use those IPs may also be blocked, and onward. In some situations, this system can spiral and many users may be autoblocked even if they did nothing blockworthy.

Unblocking an autoblocked user
If a user is autoblocked, such as if a named user was unblocked, but their IP address is still autoblocked, an admin can clear the autoblock by:
 * Reviewing the list at Special:BlockList, and searching for the user's account name. This is a case-sensitive search.
 * Identifying the #xxxxx number that is associated. If searching on this number, be sure to include the "#"
 * Unblocking the #xxxxx by clicking the "unblock" link

Note that once the autoblock is cleared, the user's account name will no longer appear in the list.

Log messages
Sometimes the term Autoblock disabled will show up in a block message. This means that when the user was blocked, that only their username was blocked, but other users on the same IP are still free to edit.

The default setting for a block is to have Autoblock enabled, but it generally does not say this explicitly in a block message. To disable the default autoblocking of an account, admins must manually uncheck the box that says "".

How it works


When an autoblock occurs, users may be autoblocked as the result of a block on another user, who was probably using the same ISP. So a different user may end up blocked, even though they have personally done nothing wrong. This is referred to as "collateral damage". Example:


 * 1) User:Susan, an administrator, blocks User:Bort for 24 hours. Unknown to Susan, Bort uses AOL to edit the wiki, and an autoblock was enabled at the time of the block.
 * 2) User:Steven, who also uses AOL from home, and is currently assigned the IP address last used by Bort, signs on to the wiki
 * 3) The MediaWiki software, detecting the use of the IP by Steven, and assuming it to be Bort, issues a 24 hour block on Steven, in admin Susan's name. Susan is not notified of the block.
 * 4) Steven receives a "You have been blocked" message, doesn't understand what an autoblock is, and angrily demands to know why admin Susan has blocked him.
 * 5) Steven tries to login from his work computer (which does not use AOL).
 * 6) The MediaWiki software senses that Steven is trying to get around his block, and autoblocks his work IP as well.
 * 7) One of Steven's co-workers, who happens to use the same work IP, tries to access the wiki.
 * 8) The MediaWiki software senses the co-worker, and autoblocks them too, as well as any future IPs they may use.
 * 9) And so on...

It is important for users to understand that administrators do not set autoblocks; once they have blocked a user with autoblocking enabled, autoblocks are set by the MediaWiki software. Autoblocks do not appear in administrators' block logs, and the administrators are not notified of them. This is a necessary consequence to keep logged-in users' IP addresses private. So while the IP address responsible for each edit is recorded by the MediaWiki software, this cannot be accessed, even by administrators and even when the user is blocked.

Tracking
If is enabled a cookie will be set on a autoblocked user's browser. This means that the user will still be blocked even after logging out and moving to a new IP address. In addition, a LocalStorage item is added, that will be used to recreate the cookie if it's deleted.

This cookie means that, when a blocked user moves to a new IP address, the original block will be loaded and (because it's an autoblock) that new IP address will now be blocked.

This form of tracking is dependent on the user's browser retaining the cookie or LocalStorage item, and so will not work for all blocked users in all situations. The feature is intended to provide a small extra level of protection against blocks being circumvented.

Disabling autoblocking
When a block is issued, autoblocking is usually turned on by default, except for common dynamic IP ranges, such as those used by AOL. A list of such automatically exempt IP ranges can be found at MediaWiki:Autoblock whitelist.

Administrators can disable autoblocking at the time of blocking a user, by unchecking the checkbox. Once an "enabled" block is placed, it can also be fixed by modifying the user's block, but this should not be done unless absolutely necessary.

Automatic reset
There is an internal autoblock expiry time variable, $wgAutoblockExpiry, which is set to 24 hours, meaning that autoblocks only last for 24 hours. However, in the case of dynamic IP pools (such as those used by AOL), this may affect hundreds of users before the block expires. So in the case of an indefinite block, autoblocks may continue to be set by the software, weeks or months after the initial block has been set. Older indefinite blocks, dating from before the autoblock exemption whitelist and the option to disable when blocking, may also trigger autoblocks.

Ipblocklist
When IP addresses are autoblocked, they appear in Special:Ipblocklist (but not in the admin's block log) with a special mask that prevents the IP from being seen. Autoblocks register on Special:Ipblocklist and in the banner available to the blocked user, with the name of the admin that set the original block. However, the admin is not notified that an autoblock has been placed. Diligent administrators who lift a block early, may wish to check the Ipblocklist in order to check for any autoblocks that need to be cleared.

Tips

 * It is helpful for all involved, especially AOL users, who are often chronically autoblocked by collateral damage, to remain patient and remember that it is the software that is responsible for the autoblock, not the administrator who is unfortunate enough to have his or her name appear on the block log.
 * Equally important is for admins to check Special:Ipblocklist regularly, and unblock all autoblocks from a particular user if more than two autoblocks are set in rapid succession.
 * If more than two IPs are autoblocked within seconds/minutes of each other, it is a good indication that it is a dynamic IP pool and the blocks are collateral damage.