Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
license_violation_procedures [2019/10/02 15:59]
kgberry
license_violation_procedures [2020/10/28 15:14]
jaimetaylor
Line 1: Line 1:
-====== License Violation Procedures ====== +======License Violation Procedures======
-When provided with evidence or notification from publisher that someone is excessively or systematically downloading licensed content through the UMass Amherst network, collect as much information as possible and report it to [[mailto: abuse@oit.umass.edu|abuse@oit.umass.edu]] with the subject line **"​Library proxy abuse."​** +
-Include in this email: +
-  * IP address (if other than 128.119.168.112{our proxy server}) +
-  * timestamp of incident +
-  * User account name+
  
 +Violations are reported by vendors to us via eleres. The IP address and timestamp of violation are often noted. Sometimes a special string is sent by the vendor to the proxy server so you can find the offending time/​IP/​account in the proxy logs. The vendor will let you know what it is in their communication. ​
  
 +Our proxy server address is 128.119.168.112. ​
  
-If the abuse is coming from off-campus, ​the IP address will be that of the proxy server ​128.119.168.112: + 
-Get the time of the incident from the vendor +  - Identify ​the compromised account. 
-- Review the proxy logfile ​in the EZproxy admin site. the logfile ​is visible ​in EZproxy'​s admin for current day only+  ​Temporarily block the IP
-    - To access past UNIX side saved logs: +  ​Report account to [[mailto: abuse@umass.edu|abuse@umass.edu]] 
-      - Login and change to logs directory e.g. **cd logs** +  - Respond to vendor letting them know you have blocked and reported the account
-      - View available logs e.g. **ls** +  OIT will respond telling you they have reset the account'​s password. Once you have received this notification lift the block on the account. 
-      - Saved logs have timestamp of date/time they were saved in filename. +  - Move all emails into the Proxy Abuse folder in the eleres email account. ​     
-      - Use UNIX commands to search entries in log to find offending username, below is one way using the **more** command+ 
 +==== Identify compromised account ==== 
 + 
 +  - Review the proxy logfile. ​ 
 +    - If investigating the abuse on the same day as it occurred, you can simply view the logfile in EZproxy'​s admin for the current day
 +      - Search via the IP/time or the code to find the account
 +    ​- If investigating the abuse on a different day you need to  
 +      ​- To access past UNIX side saved logs: 
 +        - Login and change to logs directory e.g. **cd logs** 
 +        - View available logs e.g. **ls** 
 +        - Saved logs have timestamp of date/time they were saved in filename. 
 +        - Use UNIX commands to search entries in log to find offending username, below is one way using the **more** command
                  * **more filename** opens file                  * **more filename** opens file
                  * **/​20110605:​02** goes to that text string timestamp forward in the file                  * **/​20110605:​02** goes to that text string timestamp forward in the file
                  * **h** will display a help file of commands                  * **h** will display a help file of commands
                  * **q** will quit you out of the **more** function                  * **q** will quit you out of the **more** function
-    ​- If using Putty, you can right click on header to copy screen to Clipboard +        ​- If using Putty, you can right click on header to copy screen to Clipboard 
-    - Alternatively use psftp to ftp the entire logfile to your PC +        - Alternatively use psftp to ftp the entire logfile to your PC
-   * Collect UMass NetID of offender and timestamp from log.+
  
 +====Temporarily block IP====
 +      * Set up a local file somewhere in your C Drive for the software to use when you edit the text files.
 +Using a FTP client (preferably WinSCP- Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server.
 +      * The Username and Password can be obtained from Scott, Kat, or Jack.
 +  * Once logged in, Identify the user.txt file in the main directory.
 +      * There are a couple old files and backups that are not used anymore. Make sure you select the correct one.
 +  * Drag the  file from the right pane into the left pane (the local folder on your C Drive).
 +      * Allow it to overwrite or change the existing version if there is one.
 +  * Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++ - Put in a SysHelp Ticket to get it on your machine).
 +      * The file has a specific structure. The beginning has administrative information,​ etc.
 +        * Different sections are commented out using a #
 +      * Find the line that begins with #Add user to be blocked....
 +        * Add a new line in this format= Netid::deny
 +  * Save the local copy.
 +      * Drag the local file back into the Proxy Server and allow it to overwrite the existing file.
 +  * Go to the EZProxy Admin and login with the same credentials as the Server.
 +      * Restart the Server **AFTER** you've updated the file.
 +
 +
 +====Report account to OIT====
 +
 +==EXAMPLE email reporting violations to abuse@oit.umass.edu with the subject line "​Library proxy abuse."​ ==
 +
 +We have identified a suspected abuse of a UMass NetID (below) going through the library proxy server. **Give some information about the IP addresses**. Can you please force a reset of their password?
 +
 +NetID: XXXXXXXX
 +
 +==EXAMPLE response email to vendor requesting the block be lifted so UMA can regain access to a resource==
 +
 +We have identified the offending user id and placed a deny request in our proxy. Our University IT is forcing a reset of their password. Please lift any blocks against our IP address.
 +
 +====Lift block on IP====
 +Using a FTP client (preferably WinSCP- Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server.
 +      * The Username and Password can be obtained from Scott, Kat, or Jack.
 +  * Once logged in, Identify the user.txt file in the main directory.
 +      * There are a couple old files and backups that are not used anymore. Make sure you select the correct one.
 +  * Drag the  file from the right pane into the left pane (the local folder on your C Drive).
 +      * Allow it to overwrite or change the existing version if there is one.
 +  * Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++ - Put in a SysHelp Ticket to get it on your machine).
 +      * The file has a specific structure. The beginning has administrative information,​ etc.
 +        * Different sections are commented out using a #
 +      * Find the line that begins with #Add user to be blocked....
 +        * Remove the line that contains the netid in question.
 +  * Save the Local copy.
 +      * Drag the local file back into the Proxy Server and allow it to overwrite the existing file.
 +  * Go to the EZProxy Admin and login with the same credentials as the Server.
 +      * Restart the Server **AFTER** you've updated the file.
  
  
Line 29: Line 83:
 {{:​oit_abuse_workflow.jpg|}} {{:​oit_abuse_workflow.jpg|}}
 n.b. "​label"​ in the above refers to the email subject line n.b. "​label"​ in the above refers to the email subject line
- 
- 
---- //​[[cturner@library.umass.edu|Primary contact: Christine Turner]]// 
license_violation_procedures.txt · Last modified: 2023/08/15 13:58 by 172.24.102.74
[unknown link type]Back to top
www.chimeric.de Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0