Re: Abuse of web proxy access to library databases

[Mark Wilson <wilsodm () AUBURN EDU>]

We have seen many logins to our ezproxy dB via China, India, and all
over the world.  Most are compromised accounts.

Check your ezproxy logs and do a whois lookup on IPs outside the US.
Right now we are concentrating on the offshore logins and disabling
accounts. Not sure how the compromises are happening.  Some (students)
have admitted to falling for a paypal/band phishing scam.

Definitely recommend you check this out ASAP.

Mark Wilson, CISSP
Network Security Specialist
Auburn University
(334) 844-9347



> > > Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU> 2/22/2008 7:25 AM >>>
Colleagues-

Just wanted to alert you to potential exposure of usernames/passwords
for access to various online database services.  We were alerted
anonymously yesterday that one of our student account credentials had
been posted to a "clearing house" site - in Iran, of all places. We
have
locked that account after verifying that the credentials were real.

We uncovered the following site in a Google search that appears to
offer
dozens of usernames/passwords for logging into various databases with
university credentials (including ours)

http://nejoom.persianblog.ir/1386_3_nejoom_archive.html

Might want to check it out in case there are compromised accounts from

your institution listed.

Regards,

Jeff Giacobbe
Dir. Systems, Security, Networking
Montclair State University

Attachment: Mark Wilson.vcf
Description: