EPrints Technical Mailing List Archive

Message: #07051

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Archive under attack, security issue

Hmmm…  I can’t load an archive at the URL you gave.


Here are three suggestions.  If either look good, get back and I can discuss further how to implement:


a)       Turn off registration and do a nightly update of user records from your institutional HR system.  You’ll need to talk to IT or HR to find out how to get a nightly list of academic usernames.  You can even authenticate against your LDAP server if you take this option.

b)       Only allow people within certain email domains to register for accounts.  E.g. *@unina.it and *@gmail.com could be allowed

c)       Turn off registration and create accounts for people by hand (depends on your use-cases, but sometimes this is a viable option)









From: <eprints-tech-bounces@ecs.soton.ac.uk> on behalf of Alfredo Cosco <alfredo.cosco@gmail.com>
Reply-To: <eprints-tech@ecs.soton.ac.uk>
Date: Wednesday, 3 January 2018 13:34
To: <eprints-tech@ecs.soton.ac.uk>
Subject: [EP-tech] Archive under attack, security issue



it's some days that one of my archives is under a flood of fake registrations.


I activated a re-captcha plug-in but nothing changed.



How can I stop this?


I need help




*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/ *** EPrints developers Forum: http://forum.eprints.org/