[Eril-l] American Chemical Society blocked IPs

Heather Shipman heather.shipman at cornell.edu
Wed Jun 8 08:29:34 PDT 2016


If you see the same user appearing in the logs over and over again, it might be worth getting IT to check their computer for viruses, too. One of our ACS blocks was associated with a single user whose computer had to be referred to Security/IT; it was downloading the same content over and over, and “not honoring” a block from “Network Quarantine”.


Heather Shipman
E-resources Acquisition Specialist
110 Olin Library, Cornell University
Heather.shipman at cornell.edu<mailto:Heather.shipman at cornell.edu> ; 607-254-1499

From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of Sally Krash
Sent: Wednesday, June 08, 2016 8:18 AM
To: eril-l at lists.eril-l.org
Subject: Re: [Eril-l] American Chemical Society blocked IPs

They unblocked us Monday afternoon, after we identified the account associated with the unauthorized use. So, they are working on restoring access to libraries.

Sally Krash
Head of Information Resources Management
W.E.B. Du Bois Library
University of Massachusetts Amherst
413-545-6865
krash at library.umass.edu<mailto:krash at library.umass.edu>

From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of Bob Pearson
Sent: Wednesday, 8 June 2016 9:59 a.m.
To: Kathleen Folger <kfolger at umich.edu<mailto:kfolger at umich.edu>>; Egan,Noelle <nme26 at drexel.edu<mailto:nme26 at drexel.edu>>
Cc: eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>
Subject: [FORGED] Re: [Eril-l] [FORGED] Re: American Chemical Society blocked IPs

Yep, into our 3rd day of being blocked. Identified a compromised account and reset the password and notified ACS. They have asked for the IP addresses used, which I will collate and give them, but they have not unblocked us in the meantime.  ☹

Clearly this was a large-scale planned breach. From my first quick look at IPs they seem to be Russian. I’m curious whether others found the same, or is there a wider geographic spread?

Bob Pearson
Digital Access Librarian
Digital Services
The University of Auckland Library
New Zealand

From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org] On Behalf Of Kathleen Folger
Sent: Wednesday, 8 June 2016 8:37 a.m.
To: Egan,Noelle <nme26 at drexel.edu<mailto:nme26 at drexel.edu>>
Cc: eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>
Subject: [FORGED] Re: [Eril-l] American Chemical Society blocked IPs

Noelle,

Thanks so much for sharing this information. We got a report from ACS of a breach via our proxy server and investigated as we do normally. We identified a compromised user account and reported back to ACS but they have not been responding to our requests to have the block removed.  Now I know why.

-Kathleen

_________________________________________
Kathleen M. Folger, Electronic Resources Officer
University of Michigan Library
312 Hatcher North
Ann Arbor, MI 48109-1190
V:(734) 764-9375
F:(734) 764-0259
kfolger at umich.edu<mailto:kfolger at umich.edu>

On Tue, Jun 7, 2016 at 4:19 PM, Egan,Noelle <nme26 at drexel.edu<mailto:nme26 at drexel.edu>> wrote:
Hi All,

Here at Drexel we had a hack of 4 users account on Sunday, and the accounts were used to download massive numbers of articles from ACS.  ACS subsequently blocked our access through our EZProxy IP address.

I just got off the phone with Richard at ACS about this, who let me know that many universities had user accounts hacked in the same way, and this breach was affecting several other publishers as well.   I was surprised I hadn’t seen any traffic about the issue on this listserv – has anyone else been blocked by ACS or another publisher in the last few days for excessive downloading?

FYI – ACS says they are not unblocking any IP addresses until they have the issue resolved, at which time they’ll email all their affected customers about reinstated access.

Thanks, Noelle

-------------------------------------------------------------------
Noelle Egan
eResources & Acquisitions Librarian
Drexel University Libraries
Drexel University
3300 Market Street
W. W. Hagerty Library
Philadelphia, PA 19104
Tel: 215.895.2752<tel:215.895.2752>  |  Fax: 215.895.2070<tel:215.895.2070>
drexel.edu/library<http://www.library.drexel.edu/>


_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20160608/42765a85/attachment.html>


More information about the Eril-l mailing list