Re: Abuse of web proxy access to library databases

[Mike Iglesias <iglesias () UCI EDU>]

Mark Wilson wrote:
> We have seen many logins to our ezproxy dB via China, India, and all
> over the world.  Most are compromised accounts.
>
> Check your ezproxy logs and do a whois lookup on IPs outside the US.
> Right now we are concentrating on the offshore logins and disabling
> accounts. Not sure how the compromises are happening.  Some (students)
> have admitted to falling for a paypal/band phishing scam.

You can use the Geo-IP-PurePerl from CPAN with a small perl script to find out
the country an IP is in.  We use this in perl scripts to check logins to our
VPN from outside the US and generate a report to users every month of their
VPN usage from outside the US.  We usually have a few users tell us that the
usage was not them.  We can't just disable any account that has used the VPN
from outside the US because at any given time we have a lot of students and
faculty studying or researching abroad.

If you use the Geo-IP perl module, be sure to update the database it uses
periodically.  I think it is updated once or twice a month.


--
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2270