[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Archive under attack, security issue

Subject: [EP-tech] Archive under attack, security issue
From: J.Salter at leeds.ac.uk (John Salter)
Date: Thu, 4 Jan 2018 10:43:32 +0000
In-reply-to: <EMEW3|8fc0beb6f9c7962c9507899100d79b6cu03AA914eprints-tech-bounces|ecs.soton.ac.uk|CAB8fwFPQNKWjjE6iOyv=3obcCyFhnRPgZ-0Yoy4MFSaW17A_iA@mail.gmail.com>
References: <CAB8fwFOJY0gudH+T6mKbWUiFQpAs+xhh369HfFvEU4atN7Ru4w@mail.gmail.com> <DB6PR0301MB22645DEF3B29A6B6D2E461FBC41E0@DB6PR0301MB2264.eurprd03.prod.outlook.com> <EMEW3|1b2029eaa24b1b44afeba17ea6f5c4b1u02DZB14eprints-tech-bounces|ecs.soton.ac.uk|CAB8fwFOJY0gudH+T6mKbWUiFQpAs+xhh369HfFvEU4atN7Ru4w@mail.gmail.com> <EMEW3|410ac4440e238df7ba5f9462bec60131u02Dxo14eprints-tech-bounces|ecs.soton.ac.uk|DB6PR0301MB22645DEF3B29A6B6D2E461FBC41E0@DB6PR0301MB2264.eurprd03.prod.outlook.com> <CAB8fwFPQNKWjjE6iOyv=3obcCyFhnRPgZ-0Yoy4MFSaW17A_iA@mail.gmail.com> <CAB8fwFPQNKWjjE6iOyv=3obcCyFhnRPgZ-0Yoy4MFSaW17A_iA@mail.gmail.com> <EMEW3|8fc0beb6f9c7962c9507899100d79b6cu03AA914eprints-tech-bounces|ecs.soton.ac.uk|CAB8fwFPQNKWjjE6iOyv=3obcCyFhnRPgZ-0Yoy4MFSaW17A_iA@mail.gmail.com> <DB6PR0301MB22643F4CD3E6BAF66D7E2290C41F0@DB6PR0301MB2264.eurprd03.prod.outlook.com>

Hi Alfredo,
In the apache error log - possibly in /var/log/httpd/error_log - but that depends on which server you're running.

You might see something like 'Error contacting recaptcha' if that is the case.

Cheers,
John

From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of Alfredo Cosco
Sent: 04 January 2018 10:10
To: eprints-tech at ecs.soton.ac.uk
Subject: Re: [EP-tech] Archive under attack, security issue

Hello,
sorry the right url is: http://www.rmoa.unina.it

@john: where do I find errors?

The server contains only eprints instances.

I try to upgrade the script, and I'll let you know.

Thanks
Alfredo

2018-01-03 14:59 GMT+01:00 John Salter <J.Salter at leeds.ac.uk<mailto:J.Salter at leeds.ac.uk>>:
Hi Alfredo,
Is there anything in the error logs?
Can your server access other websites? It need to be able to contact the Recaptcha service to confirm the response.

It might also be worth looking at:
https://github.com/eprints/eprints/pull/468
which updates the reCaptcha to v2, and has a configuration setting for a proxy - if you server uses on when trying to contact external services.

I think it should work OK on v3.3.14.

Cheers,
John

From: eprints-tech-bounces at ecs.soton.ac.uk<mailto:eprints-tech-bounces at ecs.soton.ac.uk> [mailto:eprints-tech-bounces at ecs.soton.ac.uk<mailto:eprints-tech-bounces at ecs.soton.ac.uk>] On Behalf Of Alfredo Cosco
Sent: 03 January 2018 13:34
To: eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>
Subject: [EP-tech] Archive under attack, security issue

Hello,
it's some days that one of my archives is under a flood of fake registrations.

I activated a re-captcha plug-in but nothing changed.

The Archive is: http://www.rmaos.unina.it

How can I stop this?

I need help

Thanks,
Alfredo

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20180104/e1c0d5e6/attachment-0001.html

Follow-Ups:
- [EP-tech] Archive under attack, security issue
  - From: J.Salter at leeds.ac.uk (John Salter)

References:
- [EP-tech] Archive under attack, security issue
  - From: alfredo.cosco at gmail.com (Alfredo Cosco)
- [EP-tech] Archive under attack, security issue
  - From: J.Salter at leeds.ac.uk (John Salter)
- [EP-tech] Archive under attack, security issue
  - From: alfredo.cosco at gmail.com (Alfredo Cosco)
- [EP-tech] Archive under attack, security issue
  - From: J.Salter at leeds.ac.uk (John Salter)

Prev by Date: [EP-tech] Refresh Abstracts removing Boxes from Summary Page
Next by Date: [EP-tech] Default fields on Manage Deposits/Review screens
Next by thread: [EP-tech] Re: Eprints divisions problem
Index(es):
- Date
- Thread