[Eril-l] hackers, messed up COUNTER data, and ezproxy vs openathens
Margo Duncan
mduncan at uttyler.edu
Fri Aug 27 07:28:43 PDT 2021
Hi Melissa,
We also use self-hosted EZProxy and have blocked IP ranges at the beginning of our config file using the RejectIP directive. This is a little bit of a blunt instrument, but has been working for us.
Margo Duncan, MLS
Electronic Resources & Collection Development Librarian
Robert R. Muntz Library | The University of Texas at Tyler
903.566.7174 | mduncan at uttyler.edu<mailto:mduncan at uttyler.edu>
From: Eril-l <eril-l-bounces at lists.eril-l.org> On Behalf Of Melissa Belvadi
Sent: Friday, August 27, 2021 7:39 AM
To: Nikki DeMoville <ndemovil at calpoly.edu>; eril-l at lists.eril-l.org
Subject: Re: [Eril-l] hackers, messed up COUNTER data, and ezproxy vs openathens
Yes, we think we've done what we can within ezproxy's options, but every time we lower the usage limits further than what we have, we interfere with a legitimate use by one or other unhappy faculty.
And usage limits also don't impact the hackers' effect on our turnaway data (TR_J2 in COP5), which is also being rendered useless by these incidents for those months.
And thanks, Paul Butler, for the blacklist work you do - we most definitely take advantage of your updates for that!
Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca<mailto:mbelvadi at upei.ca> 902-566-0581
ORCID iD: 0000-0002-4433-0189
my public calendar<https://urldefense.com/v3/__https:/outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html__;!!E8kiGCC_!mF8qSTgYd0ZiUJ14XVpBZ9yRb2olIJRorHRHXx-5VJ82hCntaFSTp1Z4emZ9C6TtmQ$>
Make an appointment<https://urldefense.com/v3/__https:/mbelvadi.youcanbook.me/__;!!E8kiGCC_!mF8qSTgYd0ZiUJ14XVpBZ9yRb2olIJRorHRHXx-5VJ82hCntaFSTp1Z4emYvDc1zJQ$> via YouCanBookMe
________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org<mailto:eril-l-bounces at lists.eril-l.org>> on behalf of Nikki DeMoville <ndemovil at calpoly.edu<mailto:ndemovil at calpoly.edu>>
Sent: Thursday, August 26, 2021 4:36 PM
To: eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org> <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>>
Subject: Re: [Eril-l] hackers, messed up COUNTER data, and ezproxy vs openathens
WARNING: The sender of this email could not be verified and may not match the person in the 'FROM' field. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca<mailto:phishing at upei.ca> and delete this email.
CAUTION: This email originated from outside of UPEI. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are uncertain, please forward to phishing at upei.ca<mailto:phishing at upei.ca> and delete this email.
Hi Melissa,
I'm sure you've already explored this, but just to make sure, have you tried adjusting your UsageLimit in EZproxy to make it harder for the bad actors using stolen credentials to mass download? I'm sure they can find ways around it, but it might slow them down.
https://help.oclc.org/Library_Management/EZproxy/Configure_resources/UsageLimit?sl=en<https://urldefense.com/v3/__https:/help.oclc.org/Library_Management/EZproxy/Configure_resources/UsageLimit?sl=en__;!!E8kiGCC_!mF8qSTgYd0ZiUJ14XVpBZ9yRb2olIJRorHRHXx-5VJ82hCntaFSTp1Z4emZggdqtOQ$>
Nikki DeMoville (she/her/hers)
Coordinator - Electronic Resources, Acquisitions, and Resource Sharing
Robert E. Kennedy Library
California Polytechnic State University
San Luis Obispo, California
Direct 805-756-5780
Fax 805-756-1415
ndemovil at calpoly.edu<mailto:ndemovil at calpoly.edu>
Due to the COVID-19 situation, I am working remotely. Please use email for all communications.
________________________________
From: Eril-l <eril-l-bounces at lists.eril-l.org<mailto:eril-l-bounces at lists.eril-l.org>> on behalf of Melissa Belvadi <mbelvadi at upei.ca<mailto:mbelvadi at upei.ca>>
Sent: Thursday, August 26, 2021 9:59 AM
To: eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org> <eril-l at lists.eril-l.org<mailto:eril-l at lists.eril-l.org>>
Subject: [Eril-l] hackers, messed up COUNTER data, and ezproxy vs openathens
Hi, all.
We've had two more "rounds", for a couple months late last year and then again in May-June of this year, where our COUNTER data for some major journal publishers is worthless because breached-password events caused absurd spikes across every journal in the package (both ft uses and turnaways). We have self-hosted ezproxy, with a Shibboleth/LDAP server doing the authentication.
Knowing that there's just no way for us to enforce password security so that leaks never happen, I was wondering if anyone could speak to whether it would make any significant difference to this problem if we were to switch from ezproxy to open athens. I know open athens would rely on that same underlying authentication, but I was given the impression that it had additional ways to prevent such hacking, especially if it is coming from overseas (we all know which countries' IPs these incidents originate from).
Could anyone who has switched from ezproxy to open athens and had previously experienced these kinds of problems share with us whether you've seen such breaches that are big enough to impact COUNTER data cease after you switched?
Melissa Belvadi
Collections Librarian
University of Prince Edward Island
mbelvadi at upei.ca<mailto:mbelvadi at upei.ca> 902-566-0581
ORCID iD: 0000-0002-4433-0189
my public calendar<https://urldefense.com/v3/__https:/outlook.office365.com/owa/calendar/0fbab27c909e4493be65313bd66d66b6@upei.ca/5fa60af92c6d451c9ddf90c0bb11e00f15552192987609852692/calendar.html__;!!E8kiGCC_!mF8qSTgYd0ZiUJ14XVpBZ9yRb2olIJRorHRHXx-5VJ82hCntaFSTp1Z4emZ9C6TtmQ$>
Make an appointment<https://urldefense.com/v3/__https:/mbelvadi.youcanbook.me/__;!!E8kiGCC_!mF8qSTgYd0ZiUJ14XVpBZ9yRb2olIJRorHRHXx-5VJ82hCntaFSTp1Z4emYvDc1zJQ$> via YouCanBookMe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20210827/5d24d081/attachment.html>
More information about the Eril-l
mailing list