151:
407:
303:
234:
As a general rule, I will usually block IPs for the length of time that they seem to have been used by the sockmaster. If they've been on the IP for a month, block it for a month. If they come back on the same IP, block it for a few more months this time. If an IP has only been used for a day or so,
163:
abusive. Users who are soft-blocked (blocked with account creation enabled) for username violations are permitted to create a new account. Sequential use of accounts (i.e. one account starts editing after the other stops) is generally not considered to be a policy violation, even if the relationship
359:
Non-admin SPI clerks can request that an administrator block users at SPI. Any admin can act on this. The clerk will often specify how long the account/IP should be blocked, which makes things easy for you. Clerks typically know what they're talking about, but you are ultimately the one responsible
281:
If the behavioural evidence suggests a connection, but is not quite enough to block on its own, and at least one previous account has edited in the past few months, you can request CU to compare named accounts. Please leave a comment to explain your CU request. Do not request CU to connect accounts
272:
These are cases where CheckUser has not been requested. You should approach these by evaluating the behavioural evidence presented. If you are convinced that the reported user is engaging in sockpuppetry, block and/or warn as appropriate and close the case. If you don't find the evidence convincing
350:
These are cases where CU has been requested but not yet run, endorsed or declined. If the socking is obvious, you can just block the user. However, you should leave the case open for a clerk or CU to evaluate the CU request. Closing a case in this situation is effectively declining the CU request,
466:
If the master account is globally locked or there is a notice on the SPI page about cross-wiki abuse, it's a good idea to request global locks on the sock accounts and note that you have done so. There's a checkbox for this in the "Block/tag socks" dialog of SPIhelper. But if you don't want to do
230:
IPs should only be blocked at SPI if they are actively editing (i.e. have edited within the past 24-48 hours) or if there is evidence that the IP/range has been used by the sockmaster for at least a week or so. Otherwise an IP block is unlikely to accomplish anything. If an IP made 2 edits a week
376:
These are cases where a clerk, CU or admin has requested additional evidence from the filer. Sometimes the filer will provide more evidence and you can treat this as you would an "open" case. Sometimes they won't, and if it's been a week or so and they haven't responded you can just close it.
277:
If the reported users are clearly different people, or the behaviour is not a violation of the sockpuppetry policy, or the totality of the evidence is not enough to be reasonably certain that sockpuppetry is occurring, simply close the case without action and explain why you are doing
164:
between the accounts is undisclosed; the user may have just forgotten their password or wanted to change their username. Consider whether someone who appears to be editing while logged out is "IP socking" or if they merely forgot to log in.
219:
If you are going to block sockpuppet accounts but leave the master unblocked or partially blocked, block the socks with autoblock disabled (there's a checkbox for this in SPIhelper). Otherwise the master will be unable to
501:
235:
you probably shouldn't block it for much longer than that. Some IPs are static and some are dynamic but if you don't want to get into that I think this rule is OK as a first approximation.
124:
turn a pretty blue colour. You are not allowed to use the pretty blue colour, but you are permitted to informally say things such as "I think running a check would be a good idea", or to
27:
368:
These are cases where CheckUser was originally requested but was declined by a clerk or CU. These can basically be handled like "open" cases, except you can't request CU again.
33:
SPI has a reputation as a complex and insular area of the project, but with the right tools, it's not actually that scary. Before you start contributing, please install
194:
Sockpuppet accounts are blocked indefinitely. Sanctions for someone who's caught socking for the first time are subject to admin discretion and may include:
526:
However, if someone's requesting CU to connect an account and an IP, or an IP to an IP(!), feel free to close it as no one is ever going to run that check.
45:
As a patrolling administrator, you can handle most of the routine tasks at SPI. There are only a few activities that are restricted to CUs and clerks:
446:
403:
and have an SPI clerk do it if you want. However, this might make the clerks sad and SPIhelper's dropdown menu makes tagging pretty easy.
289:
meritless but there isn't enough behavioural evidence to block or request CU, or if CU is not possible, you can change the case status to
120:, which is essentially an affirmation by a clerk that the check is within policy and a CU should run it. Endorsement makes the listing on
394:
484:
536:
438:
If the CU result is a bit weaker but still supportive of socking (e.g. "likely" or "possilikely") you can tag as "proven".
26:
This page is intended as a quick guide for admins who want to begin patrolling SPI. Further guidance is available at
34:
424:
Don't tag accounts with egregiously offensive usernames. This only serves to publicize the inappropriate username.
459:
Cases should generally be filed under the oldest account. If this is not the case, you can change the status to
310:
These are cases where a CU has run a check but has not fully actioned the case. This typically occurs because
441:
Proven tags can also be used if CU was not run or was unhelpful but the behaviour is extremely obvious (e.g.
264:, cases are sorted by their status. Here is some guidance on how to handle cases according to their status.
216:
A partial block (rare, but sometimes useful for COI editors or people who are obsessed with a certain page)
338:
provide some guidance on how to interpret and action CU results. For IPs, see the comments on IP blocks in
213:
An indefinite block if the socking is particularly disruptive, or if there are other serious conduct issues
488:
227:
If someone socks again after a previous block or warning, they should probably be blocked indefinitely.
360:
for the block, so don't feel obligated to act on one of these requests if you're not confident in it.
330:
In these cases, you should evaluate the behaviour in conjunction with the CU result (if applicable).
435:
If the CU says the accounts are "confirmed" or "technically indistinguishable", tag as confirmed.
248:
421:
Some LTAs like the attention and will have a notice on their SPI page saying not to tag them.
399:
As a patrolling admin, you don't necessarily have to tag socks. You can change the status to
455:
Clerks can do some weird stuff with dual tags but that's generally not worth worrying about.
335:
201:
175:
8:
517:
if it's an IPv6 and if you want to be thorough, maybe look at the /24 or /20 for an IPv4.
251:, it is usually not worthwhile to block accounts that have not edited in several months.
145:
167:
Sometimes people use multiple accounts or IPs inappropriately but are not necessarily
487:(shows when an account was created and whether or not it is likely stale for CU) and
427:
I don't always bother to tag low effort spam/vandalism socks but it's fine if you do.
185:
141:
502:
Knowledge:Sockpuppet_investigations/SPI/Clerk_and_checkuser_procedures#Patrolling
331:
317:
The CU result was conclusive but the CU is undecided on which sanctions to apply
244:
convinced that they're a spammer, vandal, etc. you can just block them for that.
306:
A lazy CheckUser engages in recreational activities instead of blocking socks
261:
121:
535:
You can figure this out by checking
CentralAuth or, preferably, installing
514:
150:
406:
442:
17:
314:
The CU result was not conclusive and behavioural evaluation is needed
302:
28:
Knowledge:Sockpuppet_investigations/SPI/Administrators_instructions
467:
this, don't worry as the archiving clerk will probably catch it.
415:
Most accounts blocked at SPI should be tagged. Four exceptions:
320:
The filing involves IPs and CUs will not connect IPs to accounts
380:
210:
A temporary block (generally lasting a few days to two weeks)
293:
and request additional behavioural evidence from the filer.
116:"Endorsing" a CU request means changing the case status to
108:
Tell someone that they suck at SPI and need to stop posting
339:
240:
If you're not convinced that someone is a sock, but you
135:
342:. For the most part, stale accounts can be left alone.
432:
Generally, the oldest account is tagged as the master.
395:
User:Blablubbs/SPI clerking cheat sheet § Tagging
418:
Don't tag accounts that are only temporarily blocked.
388:
282:
and IPs as this is forbidden by the privacy policy.
323:Some of the accounts in the case were stale for CU
74:block someone if you don't think they're a sock
83:Request additional information from the filer
255:
86:Request that a clerk merge or rename a case
381:Endorsed, relisted, on hold, clerk request
405:
301:
149:
485:User:Blablubbs/cuStalenesseverywhere.js
463:to request that a clerk move the page.
14:
491:(shows if an account has been tagged).
385:These ones should just be left alone.
340:#General advice on blocks and warnings
537:User:GeneralNotability/mark-locked.js
171:to mislead or disrupt. The templates
136:General advice on blocks and warnings
37:as it will make things a lot easier.
96:Endorse or relist CheckUser requests
23:
389:Tagging and other clerical matters
159:Usage of multiple accounts is not
128:a check by changing the status to
40:
24:
551:
500:Clerks can actually do this. See
449:shows up to make the same edits).
354:
273:enough, you have a few choices:
154:Not all socks are created equal.
35:User:GeneralNotability/spihelper
460:
400:
290:
129:
117:
105:Merge or rename a case yourself
529:
520:
507:
494:
477:
445:gets blocked and the next day
13:
1:
452:Otherwise, tag as suspected.
363:
345:
191:are useful for this purpose.
7:
371:
10:
556:
489:User:RoySmith/tag-check.js
392:
297:
247:As blocks are meant to be
231:ago, just close the case.
139:
99:Decline CheckUser requests
483:Other useful scripts are
470:
256:Handling cases by status
410:An example of dual tags
267:
411:
307:
155:
80:Add CheckUser requests
409:
305:
153:
140:Further information:
336:User:Blablubbs/8ball
102:Archive closed cases
89:Request global locks
58:Things you can't do
515:check the /64 first
412:
351:which is a no-no.
308:
285:If the case isn't
207:for minor offenses
197:A warning such as
156:
114:
113:
547:
539:
533:
527:
524:
518:
511:
505:
498:
492:
481:
462:
402:
292:
206:
200:
190:
184:
180:
174:
131:
119:
48:
47:
555:
554:
550:
549:
548:
546:
545:
544:
543:
542:
534:
530:
525:
521:
512:
508:
499:
495:
482:
478:
473:
397:
391:
383:
374:
366:
357:
348:
332:User:ST47/8ball
300:
270:
258:
204:
198:
188:
182:
178:
172:
148:
138:
43:
41:Do's and don'ts
22:
21:
20:
12:
11:
5:
553:
541:
540:
528:
519:
506:
493:
475:
474:
472:
469:
457:
456:
453:
450:
439:
436:
433:
430:
429:
428:
425:
422:
419:
390:
387:
382:
379:
373:
370:
365:
362:
356:
355:Awaiting admin
353:
347:
344:
328:
327:
326:The CU is lazy
324:
321:
318:
315:
299:
296:
295:
294:
283:
279:
269:
266:
257:
254:
253:
252:
245:
238:
237:
236:
228:
225:
224:
223:
222:
221:
214:
211:
208:
192:
165:
137:
134:
112:
111:
110:
109:
106:
103:
100:
97:
92:
91:
90:
87:
84:
81:
78:
75:
69:
66:
60:
59:
56:
42:
39:
15:
9:
6:
4:
3:
2:
552:
538:
532:
523:
516:
510:
503:
497:
490:
486:
480:
476:
468:
464:
454:
451:
448:
447:User:Spicy2.0
444:
440:
437:
434:
431:
426:
423:
420:
417:
416:
414:
413:
408:
404:
396:
386:
378:
369:
361:
352:
343:
341:
337:
333:
325:
322:
319:
316:
313:
312:
311:
304:
288:
284:
280:
276:
275:
274:
265:
263:
262:main SPI page
250:
246:
243:
239:
233:
232:
229:
226:
218:
217:
215:
212:
209:
203:
196:
195:
193:
187:
177:
170:
166:
162:
158:
157:
152:
147:
143:
133:
127:
123:
107:
104:
101:
98:
95:
94:
93:
88:
85:
82:
79:
76:
73:
70:
67:
64:
63:
62:
61:
57:
54:
50:
49:
46:
38:
36:
31:
29:
19:
531:
522:
509:
496:
479:
465:
458:
398:
384:
375:
367:
358:
349:
329:
309:
286:
271:
259:
249:preventative
241:
205:}}
199:{{
189:}}
183:{{
179:}}
173:{{
168:
160:
125:
115:
71:
52:
44:
32:
25:
202:uw-sockwarn
176:uw-agf-sock
161:necessarily
146:WP:GOODSOCK
77:Close cases
65:Block socks
51:Things you
443:User:Spicy
393:See also:
287:completely
142:WP:BADSOCK
18:User:Spicy
364:CUdecline
346:CUrequest
169:intending
130:CUrequest
68:Tag socks
372:Moreinfo
291:moreinfo
186:uw-login
298:Checked
260:On the
126:request
118:endorse
122:WP:SPI
471:Notes
461:clerk
401:clerk
220:edit.
16:<
513:But
334:and
268:Open
181:and
144:and
278:so.
242:are
72:Not
53:can
30:.
132:.
55:do
504:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.