[Eril-l] hackers, messed up COUNTER data, and ezproxy vs openathens

Athena Hoeppner athena at ucf.edu
Thu Aug 26 10:24:44 PDT 2021


I've had far fewer emails form publishers about suspicious activity or systematic downloads since we switched to OpenAthens and force logins for on campus users (starting from library links, anyhow). We used to have some suspicious activity emails every few months.  It has been about a year since I've seen one.

Athena

Athena Hoeppner
Discovery Services Librarian
University of Central Florida, Orlando
407-823-5049 | athena at ucf.edu

From: Eril-l <eril-l-bounces at lists.eril-l.org> On Behalf Of Melissa Belvadi
Sent: Thursday, August 26, 2021 1:00 PM
To: eril-l at lists.eril-l.org
Subject: [Eril-l] hackers, messed up COUNTER data, and ezproxy vs openathens

Hi, all.


We've had two more "rounds", for a couple months late last year and then again in May-June of this year, where our COUNTER data for some major journal publishers is worthless because breached-password events caused absurd spikes across every journal in the package (both ft uses and turnaways).  We have self-hosted ezproxy, with a Shibboleth/LDAP server doing the authentication.
Knowing that there's just no way for us to enforce password security so that leaks never happen, I was wondering if anyone could speak to whether it would make any significant difference to this problem if we were to switch from ezproxy to open athens. I know open athens would rely on that same underlying authentication, but I was given the impression that it had additional ways to prevent such hacking, especially if it is coming from overseas (we all know which countries' IPs these incidents originate from).

Could anyone who has switched from ezproxy to open athens and had previously experienced these kinds of problems share with us whether you've seen such breaches that are big enough to impact COUNTER data cease after you switched?


Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca<mailto:mbelvadi at upei.ca>  902-566-0581
ORCID iD: 0000-0002-4433-0189
my public calendar<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2F0fbab27c909e4493be65313bd66d66b6%40upei.ca%2F5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692%2Fcalendar.html&data=04%7C01%7Cathena%40ucf.edu%7C1a1b749616644812d14908d968b2f3c6%7Cbb932f15ef3842ba91fcf3c59d5dd1f1%7C0%7C1%7C637655940122795942%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BiDOVoZSPb0g8IL5JkZZRo8a6IAYDRECXqpgKv%2FZlpU%3D&reserved=0>
Make an appointment<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmbelvadi.youcanbook.me%2F&data=04%7C01%7Cathena%40ucf.edu%7C1a1b749616644812d14908d968b2f3c6%7Cbb932f15ef3842ba91fcf3c59d5dd1f1%7C0%7C1%7C637655940122805934%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GW7qGzKSlTW9vVRJyylS01LrV4M3EHUqPXuR4kho7zw%3D&reserved=0> via YouCanBookMe


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20210826/da044e6a/attachment.html>


More information about the Eril-l mailing list