[Eril-l] [FORGED] Re: American Chemical Society blocked IPs

Bob Pearson b.pearson at auckland.ac.nz
Tue Jun 7 21:06:35 PDT 2016


Our IronPort email security appliance adds the “FORGED” tag. It is not uncommon for it to add that tag to emails from discussion lists.

IronPort does good stuff with blocking or tagging spam and forgeries etc, but it drives me crazy the way it flags emails in ways I consider inappropriate. I try to accept that spam and security are difficult areas to deal with effectively and economically, but I still get annoyed.

Bob

From: Brian Simboli [mailto:brs4 at lehigh.edu]
Sent: Wednesday, 8 June 2016 12:05 p.m.
To: Bob Pearson <b.pearson at auckland.ac.nz>
Cc: Kathleen Folger <kfolger at umich.edu>; Egan,Noelle <nme26 at drexel.edu>; eril-l at lists.eril-l.org
Subject: Re: [Eril-l] [FORGED] Re: American Chemical Society blocked IPs

Why does the subject header have "[FORGED]" in it?
Just curious.
Thanks

On Tue, Jun 7, 2016 at 5:58 PM, Bob Pearson <b.pearson at auckland.ac.nz<mailto:b.pearson at auckland.ac.nz>> wrote:
Yep, into our 3rd day of being blocked. Identified a compromised account and reset the password and notified ACS. They have asked for the IP addresses used, which I will collate and give them, but they have not unblocked us in the meantime.  ☹

Clearly this was a large-scale planned breach. From my first quick look at IPs they seem to be Russian. I’m curious whether others found the same, or is there a wider geographic spread?

Bob Pearson
Digital Access Librarian
Digital Services
The University of Auckland Library
New Zealand

From: Eril-l [mailto:eril-l-bounces at lists.eril-l.org<mailto:eril-l-bounces at lists.eril-l.org>] On Behalf Of Kathleen Folger
Sent: Wednesday, 8 June 2016 8:37 a.m.
To: Egan,Noelle <nme26 at drexel.edu<mailto:nme26 at drexel.edu>>
Cc: eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>
Subject: [FORGED] Re: [Eril-l] American Chemical Society blocked IPs

Noelle,

Thanks so much for sharing this information. We got a report from ACS of a breach via our proxy server and investigated as we do normally. We identified a compromised user account and reported back to ACS but they have not been responding to our requests to have the block removed.  Now I know why.

-Kathleen

_________________________________________
Kathleen M. Folger, Electronic Resources Officer
University of Michigan Library
312 Hatcher North
Ann Arbor, MI 48109-1190
V:(734) 764-9375<tel:%28734%29%20764-9375>
F:(734) 764-0259<tel:%28734%29%20764-0259>
kfolger at umich.edu<mailto:kfolger at umich.edu>

On Tue, Jun 7, 2016 at 4:19 PM, Egan,Noelle <nme26 at drexel.edu<mailto:nme26 at drexel.edu>> wrote:
Hi All,

Here at Drexel we had a hack of 4 users account on Sunday, and the accounts were used to download massive numbers of articles from ACS.  ACS subsequently blocked our access through our EZProxy IP address.

I just got off the phone with Richard at ACS about this, who let me know that many universities had user accounts hacked in the same way, and this breach was affecting several other publishers as well.   I was surprised I hadn’t seen any traffic about the issue on this listserv – has anyone else been blocked by ACS or another publisher in the last few days for excessive downloading?

FYI – ACS says they are not unblocking any IP addresses until they have the issue resolved, at which time they’ll email all their affected customers about reinstated access.

Thanks, Noelle

-------------------------------------------------------------------
Noelle Egan
eResources & Acquisitions Librarian
Drexel University Libraries
Drexel University
3300 Market Street
W. W. Hagerty Library
Philadelphia, PA 19104
Tel: 215.895.2752<tel:215.895.2752>  |  Fax: 215.895.2070<tel:215.895.2070>
drexel.edu/library<http://www.library.drexel.edu/>


_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org


_______________________________________________
Eril-l mailing list
Eril-l at lists.eril-l.org<mailto:Eril-l at lists.eril-l.org>
http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org



--

Brian Simboli

Science Librarian

Library and Technology Services

E.W. Fairchild Martindale

Lehigh University

8A East Packer Avenue

Bethlehem, PA 18015-3170

(610) 758-5003  Fax (610) 758-6524

E-mail:  brs4 at lehigh.edu<mailto:brs4 at lehigh.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20160608/a839bcca/attachment-0001.html>


More information about the Eril-l mailing list