Educause Security Discussion mailing list archives
Re: Abuse of web proxy access to library databases
From: Mark Wilson <wilsodm () AUBURN EDU>
Date: Fri, 22 Feb 2008 11:17:49 -0600
We have seen many logins to our ezproxy dB via China, India, and all over the world. Most are compromised accounts. Check your ezproxy logs and do a whois lookup on IPs outside the US. Right now we are concentrating on the offshore logins and disabling accounts. Not sure how the compromises are happening. Some (students) have admitted to falling for a paypal/band phishing scam. Definitely recommend you check this out ASAP. Mark Wilson, CISSP Network Security Specialist Auburn University (334) 844-9347
Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU> 2/22/2008 7:25 AM >>>
Colleagues- Just wanted to alert you to potential exposure of usernames/passwords for access to various online database services. We were alerted anonymously yesterday that one of our student account credentials had been posted to a "clearing house" site - in Iran, of all places. We have locked that account after verifying that the credentials were real. We uncovered the following site in a Google search that appears to offer dozens of usernames/passwords for logging into various databases with university credentials (including ours) http://nejoom.persianblog.ir/1386_3_nejoom_archive.html Might want to check it out in case there are compromised accounts from your institution listed. Regards, Jeff Giacobbe Dir. Systems, Security, Networking Montclair State University
Attachment:
Mark Wilson.vcf
Description:
Current thread:
- Abuse of web proxy access to library databases Jeff Giacobbe (Feb 22)
- <Possible follow-ups>
- Re: Abuse of web proxy access to library databases Mark Wilson (Feb 22)
- Re: Abuse of web proxy access to library databases Mike Iglesias (Feb 22)
- Re: Abuse of web proxy access to library databases Jeremy Mooney (Feb 22)