License Violation Procedures
Violations are reported by vendors to us via eleres. The IP address and timestamp of violation are often noted. Sometimes a special string is sent by the vendor to the proxy server so you can find the offending time/IP/account in the proxy logs. The vendor will let you know what it is in their communication.
Our proxy server address is 128.119.168.112.
Identify the compromised account.
Temporarily block the IP.
-
Respond to vendor letting them know you have blocked and reported the account.
OIT will respond telling you they have reset the account's password. Once you have received this notification lift the block on the account.
Move all emails into the Proxy Abuse folder in the eleres email account.
Identify compromised account
Review the proxy logfile.
If investigating the abuse on the same day as it occurred, you can simply view the logfile in EZproxy's admin for the current day.
Search via the IP/time or the code to find the account.
If investigating the abuse on a different day you need to
To access past UNIX side saved logs:
Login and change to logs directory e.g. cd logs
View available logs e.g. ls
Saved logs have timestamp of date/time they were saved in filename.
Use UNIX commands to search entries in log to find offending username, below is one way using the more command
more filename opens file
/20110605:02 goes to that text string timestamp forward in the file
h will display a help file of commands
q will quit you out of the more function
If using Putty, you can right click on header to copy screen to Clipboard
Alternatively use psftp to ftp the entire logfile to your PC
Temporarily block IP
Using a FTP client (preferably WinSCP- Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server.
The Username and Password can be obtained from Scott, Kat, or Jack.
Once logged in, Identify the user.txt file in the main directory.
There are a couple old files and backups that are not used anymore. Make sure you select the correct one.
Drag the file from the right pane into the left pane (the local folder on your C Drive).
Allow it to overwrite or change the existing version if there is one.
Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++ - Put in a SysHelp Ticket to get it on your machine).
The file has a specific structure. The beginning has administrative information, etc.
Find the line that begins with #Add user to be blocked….
Save the local copy.
Drag the local file back into the Proxy Server and allow it to overwrite the existing file.
Go to the EZProxy Admin and login with the same credentials as the Server.
Restart the Server AFTER you've updated the file.
Report account to OIT
EXAMPLE email reporting violations to abuse@umass.edu with the subject line "Library proxy abuse."
We have identified a suspected abuse of a UMass NetID (below) going through the library proxy server. Give some information about the IP addresses. Can you please force a reset of their password?
NetID: XXXXXXXX
EXAMPLE response email to vendor requesting the block be lifted so UMA can regain access to a resource
We have identified the offending user id and placed a deny request in our proxy. Our University IT is forcing a reset of their password. Please lift any blocks against our IP address.
You will need to ask the vendor for this information, as some vendors do not include all of it in the logs they send.
The dates, times the incident took place, and the timezone of this date & time information.
The campus IP address the mis-use was coming from.
The vendor's IP address and network port of the service that is being mis-used.
Lift block on IP
Using a FTP client (preferably WinSCP- Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server.
The Username and Password can be obtained from Scott, Kat, or Jack.
Once logged in, Identify the user.txt file in the main directory.
There are a couple old files and backups that are not used anymore. Make sure you select the correct one.
Drag the file from the right pane into the left pane (the local folder on your C Drive).
Allow it to overwrite or change the existing version if there is one.
Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++ - Put in a SysHelp Ticket to get it on your machine).
The file has a specific structure. The beginning has administrative information, etc.
Find the line that begins with #Add user to be blocked….
Save the Local copy.
Drag the local file back into the Proxy Server and allow it to overwrite the existing file.
Go to the EZProxy Admin and login with the same credentials as the Server.
Restart the Server AFTER you've updated the file.
OIT's Workflow for Abuse Reports (7/20/11):
n.b. “label” in the above refers to the email subject line
Boilerplate for message to patrons about Text & Data Mining violations
Hi [name],
The vendor has suspended our connection to this resource due to excessive use and suspected text & data mining activity. Our license terms with the vendor unfortunately do not allow for text and data mining, and the pattern of your recent use of the database suggests this kind of activity. Please do not perform text and data mining research with [database].
We are working with the vendor and campus IT to resolve the issue. If you would like to explore ways to use the Libraries' resources to accomplish your research goals within the bounds of our contractual obligations with our resource vendors, please contact your department's liaison librarian. And please let me know if there is anything else I can assist you with.
Thanks, [your name & title]
Databases that DO and DO NOT allow Text & Data Mining
Databases that DO NOT allow TDM:
Resources that DO allow TDM: (For sure, based on CORAL)