[EP-tech] Archive under attack, security issue

[Adam Field]

Hmmm…  I can’t load an archive at the URL you gave.

 

Here are three suggestions.  If either look good, get back and I can discuss further how to implement:

 

a)       Turn off registration and do a nightly update of user records from your institutional HR system.  You’ll need to talk to IT or HR to find out how to get a nightly list of academic usernames.  You can even authenticate against your LDAP server if you take this option.

b)       Only allow people within certain email domains to register for accounts.  E.g. *@unina.it and *@gmail.com could be allowed

c)       Turn off registration and create accounts for people by hand (depends on your use-cases, but sometimes this is a viable option)

 

Regards

 

--

Adam

 

 

 

From: <eprints-tech-bounces at ecs.soton.ac.uk> on behalf of Alfredo Cosco <alfredo.cosco at gmail.com>
Reply-To: <eprints-tech at ecs.soton.ac.uk>
Date: Wednesday, 3 January 2018 13:34
To: <eprints-tech at ecs.soton.ac.uk>
Subject: [EP-tech] Archive under attack, security issue

 

Hello,

it's some days that one of my archives is under a flood of fake registrations.

 

I activated a re-captcha plug-in but nothing changed.

 

The Archive is: http://www.rmaos.unina.it

 

How can I stop this?

 

I need help

 

Thanks,

Alfredo

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/ *** EPrints developers Forum: http://forum.eprints.org/ 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20180103/1b5a1864/attachment.html