Dear all,

after the attack on advanced search, we see now a similar attack on simple search. That was for a while under our radar, hidden by the attacks from alibaba-inc.com.

grep -c /cgi/search/simple /var/log/httpd/access_log_zora-20250*

/var/log/httpd/access_log_zora-20250403:272

/var/log/httpd/access_log_zora-20250410:225

/var/log/httpd/access_log_zora-20250417:848

/var/log/httpd/access_log_zora-20250424:474

/var/log/httpd/access_log_zora-20250501:531

/var/log/httpd/access_log_zora-20250508:1249

/var/log/httpd/access_log_zora-20250515:1660

/var/log/httpd/access_log_zora-20250522:2277

/var/log/httpd/access_log_zora-20250529:1565

/var/log/httpd/access_log_zora-20250605:6203

/var/log/httpd/access_log_zora-20250612:50389

/var/log/httpd/access_log_zora-20250619:44590

/var/log/httpd/access_log_zora-20250626:73182

(numbers of accesses to cgi/search/simple is usually very low in our case because we don’t offer the link to /cgi/search/simple in a user’s browser because of our use of Elasticsearch as main search engine).

The queries are of a similar format as with advanced search: filling in some terms in the search field and cycling through pages, e.g.

/cgi/search/simple?_action_search=1&cache=22035948&exp=0%7C1%7C-date%2Fcreators_name%2Feditors_name%2Ftitle%7Carchive%7C-%7Cq%3Aabstract%2Fbook_title%2Fcreators_name%2Fcreators_orcid%2Fdate%2Fdocuments%2Fdoi%2Feditors_name%2Feditors_orcid%2Fisbn%2Fkeywords%2Fpublication%2Fpubmedid%2Ftitle%3AALL%3AIN%3Aulrich+mehnert%7C-%7Ceprint_status%3Aeprint_status%3AANY%3AEQ%3Aarchive%7Cmetadata_visibility%3Ametadata_visibility%3AANY%3AEQ%3Ashow&order=-date%2Fcreators_name%2Feditors_name%2Ftitle&screen=Search&search_offset=60

Measures taken: Similar to https://www.eprints.org/eptech/msg10122.html

Kind regards

Martin