Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
license_violation_procedures [2011/08/18 16:09] cturner |
license_violation_procedures [2025/09/15 18:42] (current) 73.47.190.103 [Boilerplate for message to OIT, patrons, and vendors] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== License Violation Procedures ====== | + | ======License Violation Procedures====== |
| - | When provided with evidence or notification from publisher that someone is excessively or systematically downloading licensed content through the UMass Amherst network, collect as much information as possible and report it to [[mailto: abuse@oit.umass.edu|abuse@oit.umass.edu]]. | + | |
| - | ===== Collecting Information about Systematic Downloading: ===== | + | Violations are reported by vendors via email or to DBHelp. The IP address and timestamp of the violation are often noted. Sometimes a vendor includes their logs containing the information. With the added security features of EZProxy v7 & the campus SSO, most violations are now use by UMass patrons, not compromised NetID credentials as was previously the case. |
| - | The violation may be occurring from off-campus or on. If the incident is local (on-campus), report this in your abuse email, as well as the timestamp of the incident and the IP address where it's coming from. | + | |
| - | If the abuse is coming from off-campus, the IP address will be that of the proxy server - 128.119.168.112: | + | Our proxy server address is 128.119.201.53. This is the external IP address. |
| - | * Get the time of the incident from the vendor | + | |
| - | * Review the proxy logfile. Logfile is visible in web admin for current day only | + | |
| - | * To acces UNIX side saved logs: | + | |
| - | - Login and change to logs directory e.g. **cd logs** | + | |
| - | - View available logs e.g. **ls** | + | |
| - | - Saved logs have timestamp of date/time they were saved in filename. | + | |
| - | - Use UNIX commands to search entries in log to find offending username, below is one way using the **more** command | + | |
| - | * **more filename** opens file | + | |
| - | * **/20110605:02** goes to that text string timestamp forward in the file | + | |
| - | * **h** will display a help file of commands | + | |
| - | * **q** will quit you out of the **more** function | + | |
| - | - If using Putty, you can right click on header to copy screen to Clipboard | + | |
| - | - Alternatively use psftp to ftp the entire logfile to your PC | + | |
| - | * Collect UMass NetID of offender and timestamp from log. | + | |
| - | ===== OIT's Workflow for Abuse Reports (7/20/11): ===== | + | |
| - | {{:oit_abuse_workflow.jpg|}} | + | - Identify the compromised or offending account. |
| + | - Block the IP address or the user. | ||
| + | - Report account to [[mailto: abuse@umass.edu|abuse@umass.edu]] or contact the user. | ||
| + | - Respond to vendor letting them know you have blocked the account. | ||
| + | - Lifting the block: OIT will respond telling you they have reset the account's password; once you have received this notification lift the block on the account. Or, lift the block on the account once the user responds. | ||
| + | - Move all emails into the Proxy Abuse folder in the eleres email account. | ||
| + | |||
| + | ==== Identify the account ==== | ||
| + | |||
| + | - For identifying off-campus users: review the EZProxy logs. | ||
| + | - If the vendor's email or logs indicate the offending behavior originated from the proxy server's IP address, it came from outside the campus IP ranges. | ||
| + | - If investigating the abuse on the same calendar day it occurred, you can view the logs in EZproxy's admin website. | ||
| + | - Log into https://login.silk.library.umass.edu/admin (If you cannot log in, you need to be added to the shibuser.txt file as an admin; contact Margaret or Jaime for this.) | ||
| + | - Navigate to **View ezproxy.log**>**all**. | ||
| + | - Find the user's NetID by searching with Ctrl+F for the timestamp or for the vendor's URL. | ||
| + | - If investigating behavior from a different calendar day, you must access server logs. | ||
| + | - Open WinSCP and log into the EZproxy server. | ||
| + | - For EZProxy server credentials and configurations for WinSCP, see Jaime. | ||
| + | - If you are working from off campus, you first need to be on the GlobalProtect VPN to get inside the firewall. For VPN installation, open a ticket with LTS. | ||
| + | - Click into the **logs** folder in the right pane. This folder contains hourly logs and daily logs for the previous seven days. | ||
| + | - Open the log file that covers the timestamp from the vendor. Saved logs have timestamp of date/time they were saved in filename. | ||
| + | - Find the user's NetID by searching with Ctrl+F for the timestamp or for the vendor's URL. | ||
| + | - Close any open files, then exit WinSCP; do not save the session. | ||
| + | - Note that server logs are retained for one week, so we cannot identify misuse farther back than that. | ||
| + | - For identifying on-campus users: email OIT. | ||
| + | - The vendor's email or logs will indicate the offending behavior originated from within the campus IP address ranges. The current ranges are listed at the top of the EZProxy config file. | ||
| + | - Email [[mailto: itprotect@umass.edu|itprotect@umass.edu]] with the vendor's logs or similar info and ask them to identify the user for you. That email must be sent by Margaret, Camille, or Jaime. To add another person to that whitelist, one of those three can contact OIT. OIT needs the following information to identify the user: | ||
| + | -The dates, times the incident took place, and the timezone of this date & time information. | ||
| + | -The campus IP address the mis-use was coming from. | ||
| + | -The vendor's IP address and network port of the service that is being mis-used. | ||
| + | |||
| + | |||
| + | Note that some vendors are in different time zones (e.g. Elsevier in Europe) and therefore have timestamps in their logs that need to be adjusted to match ours. | ||
| + | |||
| + | ====Temporarily block user or IP address==== | ||
| + | -To block a user: | ||
| + | -With WinSCP, access the EZProxy server as described above. | ||
| + | -Once logged in, open the **shibuser.txt** file in the main directory. | ||
| + | -The file has a specific structure. The beginning has administrative information, etc. | ||
| + | -Some lines are commented out using a #. This means EZProxy does not read these lines as instructions. | ||
| + | -Below the line near the bottom that begins with **#Suspended users listed below** add a new line in this format: **If auth:NameID eq "netid@umass.edu"; Deny suspend.htm** | ||
| + | -Optional: add a commented out line with notes about when & why the user was blocked. | ||
| + | -Save the file. | ||
| + | -Log into the EZProxy Admin website. | ||
| + | -Restart the server by clicking on **Restart EZProxy**, then typing "restart" into the indicated box (capitalization does not matter) and clicking the **here** button. | ||
| + | -To block an IP address: | ||
| + | -With WinSCP, access the EZProxy server as described above. | ||
| + | -Once logged in, open the **config.txt** file in the main directory. | ||
| + | -In the long list of lines beginning with "RejectIP" add a line for the IP address or range you want to block. Use the syntax **RejectIP [ip address/range]** | ||
| + | - The lines are in numerical order. | ||
| + | - Make sure the IP address or range you are blocking is not the EZProxy server's IP address!! (Yes, we've done this.) | ||
| + | - Everyone who tries to access resources from this IP address/range will be denied access, not just the offending user. | ||
| + | -Save the file. | ||
| + | -Log into the EZProxy Admin website. | ||
| + | -Restart the server by clicking on **Restart EZProxy**, then typing "restart" into the indicated box (capitalization does not matter) and clicking the **here** button. | ||
| + | ====Lift block on user or IP address==== | ||
| + | -To lift block on a user: | ||
| + | -With WinSCP, access the EZProxy server as described above. | ||
| + | -Once logged in, open the **shibuser.txt** file in the main directory. | ||
| + | -Delete or comment out the previously added **If auth:NameID eq “netid@umass.edu”; Deny suspend.htm** line. | ||
| + | -Save the file. | ||
| + | -Log into the EZProxy Admin website. | ||
| + | -Restart the server by clicking on **Restart EZProxy**, then typing "restart" into the indicated box (capitalization does not matter) and clicking the **here** button. | ||
| + | -To lift block on an IP address: | ||
| + | -With WinSCP, access the EZProxy server as described above. | ||
| + | -Once logged in, open the **config.txt** file in the main directory. | ||
| + | -Delete or comment out the previously added **RejectIP [ip address/range]** line. | ||
| + | -Save the file. | ||
| + | -Log into the EZProxy Admin website. | ||
| + | -Restart the server by clicking on **Restart EZProxy**, then typing "restart" into the indicated box (capitalization does not matter) and clicking the **here** button. | ||
| + | ===== Flowchart [tktktk] ===== | ||
| + | {{:new_image_filename_goes_here.jpg|}} | ||
| + | |||
| + | |||
| + | |||
| + | ===== Boilerplate for message to OIT, patrons, and vendors ===== | ||
| + | |||
| + | |||
| + | ==EXAMPLE email to OIT asking them to identify an on-campus user====== | ||
| + | |||
| + | [send to [[mailto: itprotect@umass.edu|itprotect@umass.edu]]; must come from Camille, Margaret, or Jaime] | ||
| + | |||
| + | Hello, | ||
| + | |||
| + | We have had a complaint from [vendor] about use that possibly violates the library's license with them. I've attached their logs showing the use in question. Could you please identify the user for me? | ||
| + | |||
| + | [any additional pertinent info if needed] | ||
| + | |||
| + | Thanks, | ||
| + | [Camille/Margaret/Jaime] | ||
| + | |||
| + | ==EXAMPLE email to OIT reporting exploited NetID credentials== | ||
| + | |||
| + | [Send to [[mailto: abuse@umass.edu|abuse@umass.edu]] with the subject line "Library proxy abuse." Note that this rarely happens since UMass started using 2FA & we updated to EZP v7.] | ||
| + | |||
| + | Hello, | ||
| + | |||
| + | We have identified suspected exploitation of a UMass NetID (below). This NetID has connected to the library's proxy server from at least [number] IP addresses in [timespan], [most/all] of which are in [country or region of the world]. Could you please force a reset of their password? | ||
| + | |||
| + | NetID: XXXXXXXX | ||
| + | |||
| + | Thanks, | ||
| + | [your name] | ||
| + | |||
| + | ==EXAMPLE email to patron asking them to cut out license violating behavior== | ||
| + | |||
| + | [you may want to create a DBHelp ticket and use LibAnswers to communicate with the patron] | ||
| + | |||
| + | Hi [name], | ||
| + | |||
| + | [Vendor] has suspended our access to [database] due to excessive use and suspected text & data mining activity. Our license terms with [vendor] do not allow for text and data mining, and the pattern of your recent use of the database suggests this kind of activity. Please do not perform text and data mining research with [database]. | ||
| + | |||
| + | We are working with [vendor] and campus IT to restore UMass's access to [database]. If you'd like to discuss this issue further, or do not think that your research has violated our licesne with [vendor], please reply to this email. If you would like to explore ways to use the Libraries' resources to accomplish your research goals within the bounds of our contractual obligations with our resource vendors, please [[https://www.library.umass.edu/about-the-libraries/liaisons/|contact your department's liaison librarian]]. | ||
| + | |||
| + | Thanks, | ||
| + | [your name & title] | ||
| + | |||
| + | |||
| + | ==EXAMPLE response emails to vendor requesting the block be lifted so UMA can regain access to a resource== | ||
| + | |||
| + | Hello, | ||
| + | |||
| + | We have identified the patron responsible for this behavior, contacted them, and blocked their access pending response. Please restore UMass's access to [resource]. | ||
| + | |||
| + | Thanks, | ||
| + | [your name] | ||
| + | |||
| + | OR | ||
| + | |||
| + | Hello, | ||
| + | |||
| + | We have blocked the IP address(es) that this behavior was originating from. Please restore UMass's access to [resource]. | ||
| + | |||
| + | Thanks, | ||
| + | [your name] | ||
| + | ===== Databases that DO and DO NOT allow Text & Data Mining ===== | ||
| + | Databases that DO NOT allow TDM: | ||
| + | * Newsbank (Access World News) | ||
| + | * APS | ||
| + | * HeinOnline -- does not allow "downloading or printing an entire issue or issues of a publication or journal within the database." | ||
| + | * WestLaw, functionally. "...you may (a) download and print limited extracts of content from our Services solely for your own internal business purposes and...(1) such extracts do not reach such quantity as to have commercial value..." | ||
| + | |||
| + | |||
| + | |||
| + | Resources that DO allow TDM: (For sure, based on CORAL) | ||
| + | * Adam Matthew | ||
| + | * Accessible Archives | ||
| + | * Annual Reviews | ||
| + | * BioOne | ||
| + | * Brill Reference | ||
| + | * CABI | ||
| + | * China/Asia On Demand | ||
| + | * Duke eJournals | ||
| + | * History Makers | ||
| + | * Institute of Physical (eBooks & Journals) | ||
| + | * IP.com | ||
| + | * Microform Academic Publishers (single title resource) | ||
| + | * Oxford eJournals | ||
| + | * ProQuest | ||
| + | * Royal Society eJournals | ||
| + | * Sage eJournals | ||
| + | * SpringerNature eJournals | ||
