Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Proxy Servers Kevin Guthrie ALA, January 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Open Proxy Servers Kevin Guthrie ALA, January 2003."— Presentation transcript:

1 Open Proxy Servers Kevin Guthrie ALA, January 2003

2 JSTOR – January 20032 Outline Background: what are “open proxies”? What’s the exposure? What happened? How was it done? Not an isolated case What to do

3 JSTOR – January 20033 What has been taken: 51,392 Articles from 11 Titles # of articlesPct. of Run Sociology Journal 1 4,99795% Sociology Journal 2 11,34087% Economics Journal 3 5,51477% Sociology Journal 4 34973% Economics Journal 2 40271% Sociology Journal 5 14,53765% Economics Journal 3 3,61955% Statistics Journal 1 6,55544% Economics Journal 4 1203% Sociology Journal 6 3,72823% Economics Journal 4 231<1%

4 JSTOR – January 20034 Proxy Servers A proxy server is a web server that acts as an intermediary or relay station between a workstation user and the Internet.

5 www.jstor.org proxy.inst.edu IP: 2.3.4.5 User IP: 1.2.3.4 http://www.jstor.org/browse

6 JSTOR – January 20036 Proxy Servers Common Reasons for Their Use Caching Remote access Usage tracking Controlled access Approved filtering

7 JSTOR – January 20037 What is an “open” proxy server? There is a configuration process to specify who is authorized to access the server. It is similar to the configuration process for any web server When a proxy server is not set up with the appropriate access controls, anyone can access that machine and “assume its identity”

8 JSTOR – January 20038 “Open” Proxy Servers: How and Why are they Created Some are organizational or departmental proxy servers incorrectly configured. Some are set up intentionally to provide access to restricted resources (probably for convenience). We believe many are set up accidentally as an unknown by-product of setting up a web server.

9 What’s the Exposure?

10 Search For Lists of Open Proxy Servers

11 Find Lists of Open Proxy Servers

12 Lists of Open Proxy Servers by Domain Type

13 A List of Open.edu Proxies [The server hostnames have been edited to protect the institutions with open proxy servers listed on this page.]

14 What Happened and How it was Discovered

15 JSTOR – January 200315 JSTOR Monitors Use We have triggers to alert us to unusual levels of usage activity We investigate when usage seems unusual

16 JSTOR – January 200316 The Abuse What Happened August 22 nd to the 27 th -- 13413 articles are downloaded from Proxy #1. August 27 th we deny this IP access to JSTOR. ------------------------------------------------------------- August 26 th to September 4 th -- 3859 articles are downloaded from Proxy #2 at a different participating site. September 4 th we deny the IP address of this second proxy.

17 JSTOR – January 200317 The Abuse What Happened It appeared the two abuse situations were related: 1.There was an overlap in journals downloaded, but not an overlap in articles downloaded. 2.Analysis of our log files showed that the URLs being downloaded via Proxy #2 were created through use at Proxy #1.

18 JSTOR – January 200318 The Abuse The Pattern Continues Between August 27 th and October 31 st downloads occurred from: –27 open proxy servers at –16 different sites As JSTOR staff denied each proxy server, the abuse moved on. ~51,000 articles downloaded from 11 journals

19 How Is It Done?

20 JSTOR – January 200320 Automate The Process Download lists of open proxies Automate a process to probe each to see if there is access to restricted resources Identify a set of open proxy servers with such access and set them aside Automate a process to download content From the “confirmed” list – commence downloading.

21 JSTOR – January 200321 Not an Isolated Case We have found web pages providing explicit instructions for others to help them exploit open proxies in order to download content.

22 Not an Isolated Case

23 JSTOR – January 200323 Not an Isolated Case - Translations –“The Bible for Downloading Journal Articles” –“To be blunt about it, you find an overseas proxy. The institution that the proxy server belongs to has spent money to buy the electronic edition of some journal, and then you use this proxy, (so) of course you can download the entire text of that journal!” –“I cannot deny that some servers can download complete texts from many journals, but please, everyone, let’s not grab onto the ones which are easy to use and use them madly. The result of doing so will be to hasten the death of that server! So when you are using them, it’s best to do so equitably!”

24 Not an Isolated Case

25 Questions & Discussion

26 JSTOR – January 200326 What to do? Shibboleth http://shibboleth.internet2.edu/ DLF Certificates http://www.diglib.org/architectures/digcert.htm Education Drive all campus access through a set of properly authenticated proxy servers

27 http://www.jstor.org/

Download ppt "Open Proxy Servers Kevin Guthrie ALA, January 2003."

Similar presentations

Access Problems and Solutions for Full-text Articles Via OARE, the Journal of Forest Research has been opened.

Access Problems and Solutions for Full-text Articles Via OARE, the Journal of Forest Research has been opened.
HINARI – Accessing Articles: Problems and Solutions.

HINARI – Accessing Articles: Problems and Solutions.
HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.

HINARI – Access Problems and Solutions. Full-text Article Access Problems Using the Journals by title A-Z list, we are attempting to access a full-text.
The results for this search are displayed in the Summary format with a total of 3808 citations.

The results for this search are displayed in the Summary format with a total of 3808 citations.
E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
OhioNET EZProxy Service

OhioNET EZProxy Service
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
HINARI Portal (Basic Course: Module 3). Table of Contents  Background  Finding the HINARI website  Logging in to the HINARI website  Finding journals.

HINARI Portal (Basic Course: Module 3). Table of Contents  Background  Finding the HINARI website  Logging in to the HINARI website  Finding journals.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
PubMed Search Options (Basic Course: Module 6). Table of Contents  History  Advanced Search  Accessing full text articles from HINARI/PubMed  Failure.

PubMed Search Options (Basic Course: Module 6). Table of Contents  History  Advanced Search  Accessing full text articles from HINARI/PubMed  Failure.
TUTORIAL NO. 24 Create Alerts and files in EBSCO.

TUTORIAL NO. 24 Create Alerts and files in EBSCO.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
MSF Testing Introduction Functional Testing Performance Testing.

MSF Testing Introduction Functional Testing Performance Testing.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
PubMed/History; Accessing Full-Text Articles (module 4.4)

PubMed/History; Accessing Full-Text Articles (module 4.4)
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

Similar presentations

Ads by Google