<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div style="padding-bottom: 10px; padding-top: 5px;">
<div style="padding:12px; border:1px solid #8D3970; background-color:#F7F9FA; color:#8D3970; font-size:14px; line-height:22px; font-family: Calibri, Arial, Helvetica, sans-serif;">
<strong>CAUTION:</strong> This e-mail originated outside the University of Southampton.
</div>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Yes - the privacy statement is a field that was added to the request dataset.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">It is stored as the version of the privacy statement that was agreed e.g. 'request_v1'.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">We only have one version at the moment, but if we revised this to make a v2 statement, we would store 'request_v2' in the database.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">John<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> jens.witzel@uzh.ch [mailto:jens.witzel@uzh.ch]
<br>
<b>Sent:</b> 13 September 2021 14:47<br>
<b>To:</b> John Salter <J.Salter@leeds.ac.uk><br>
<b>Cc:</b> eprints-tech@ecs.soton.ac.uk; jens.witzel@uzh.ch<br>
<b>Subject:</b> Antwort: Re: [EP-tech] Spam to submitter via "Copy request" form<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Hi John</span><br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">thanks a lot for your quick answer. I'll keep an eye on it. Q: Do you store the "</span>Privacy Agreement"
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">click? <br>
</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">Of cause we analyse apaches logfiles and feed our badbot list, but unfortunately at the moment of sending the form it's to late ;-)</span><br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">Anybody else doing the same or something different?<br>
<br>
Cheers<br>
Jens</span><br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">-- <br>
Jens Witzel<br>
Zentrale Informatik<br>
Universität Zürich<br>
Stampfenbachstrasse 73<br>
CH-8006 Zürich<br>
<br>
mail: <a href="mailto:jens.witzel@uzh.ch">jens.witzel@uzh.ch</a><br>
phone: +41 44 63 56777<br>
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997596445%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=48tPj7cH%2FTMwVhNU3RJemgLjWgwse5H0Uv4dlG%2Br0ds%3D&reserved=0" originalSrc="http://www.zi.uzh.ch/" shash="IhlEkb5PFPOvSC9FNai9O+WtPt6n+VbWUljMhRX2j64GUNNHBvuAQ7GV14MeSn4tNd73V5BT7jgH+cgDOoB8d/Ea8SLD2rx7clyqGkcXpEMbD5+j3JXynk0khQ+QQVnRFwIG4JecxvISvN3qHU47qnPxoV1UOGNHgciZVdIrfJs=">http://www.zi.uzh.ch</a></span><br>
<br>
<img border="0" width="16" height="16" id="_x0000_i1025" src="cid:image001.gif@01D7A8AF.C98F8BD0" alt="Inactive hide details for "John Salter" ---13.09.2021 15:30:46---Hi Jens, We use the recaptcha stuff e.g. https://eprints.white"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#424282">"John
Salter" ---13.09.2021 15:30:46---Hi Jens, We use the recaptcha stuff e.g. <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprints.whiterose.ac.uk%2Fcgi%2Frequest_doc%3Fdocid%3D23483&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997606400%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=e4DDdAuvzUGJTGKldKDAoZXuoZmdLQcV5R5tRTsV048%3D&reserved=0" originalSrc="https://eprints.whiterose.ac.uk/cgi/request_doc?docid=23483" shash="RQKqwThIWWNIjlrMSgHbDPNtxiuoOJGX1Jo3jZR1Pj9u88sM8hgXWTSU50Oqx1deln7XoaloX8U9wRnyerIYNS/J2lLTBqjKR3lV1JuqG3gJr0V/YEef2g15a4YASmy9egsSaOAwgR8peCQyrw3WzcKH3EFaeqivWBENRHoXxME=">
https://eprints.whiterose.ac.uk/cgi/request_doc?docid=23483</a></span><br>
<br>
<span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#5F5F5F">Von: </span>
<span style="font-size:7.5pt;font-family:"Arial",sans-serif">"John Salter" <<a href="mailto:J.Salter@leeds.ac.uk">J.Salter@leeds.ac.uk</a>></span><br>
<span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#5F5F5F">An: </span>
<span style="font-size:7.5pt;font-family:"Arial",sans-serif">"<a href="mailto:eprints-tech@ecs.soton.ac.uk">eprints-tech@ecs.soton.ac.uk</a>" <<a href="mailto:eprints-tech@ecs.soton.ac.uk">eprints-tech@ecs.soton.ac.uk</a>>, "<a href="mailto:jens.witzel@uzh.ch">jens.witzel@uzh.ch</a>"
<<a href="mailto:jens.witzel@uzh.ch">jens.witzel@uzh.ch</a>></span><br>
<span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#5F5F5F">Datum:
</span><span style="font-size:7.5pt;font-family:"Arial",sans-serif">13.09.2021 15:30</span><br>
<span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#5F5F5F">Betreff:
</span><span style="font-size:7.5pt;font-family:"Arial",sans-serif">Re: [EP-tech] Spam to submitter via "Copy request" form</span><o:p></o:p></p>
<div class="MsoNormal">
<hr size="2" width="100%" noshade="" style="color:#8091A5" align="left">
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<br>
<span style="font-family:"Calibri",sans-serif">Hi Jens,<br>
We use the recaptcha stuff e.g. </span><a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprints.whiterose.ac.uk%2Fcgi%2Frequest_doc%3Fdocid%3D2348396&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997606400%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eCqdWYT%2Fg9AFPwZjX7%2BAoSWVVOsoSSpkwi5mtUhPSVM%3D&reserved=0" originalSrc="https://eprints.whiterose.ac.uk/cgi/request_doc?docid=2348396" shash="ckqG8eOndjBu5zf2oO5chk4SBg50B9c8BDxAtsv3qch4MJrEg3HXkiScDW0Zc3qnBnsLLnMAJXOknu4P2z6HNYwhNmBCNKyme9EskfnJTdt6Xeg9iUgwF3zynzXw+4cbpqMw7p9UDDrBslfZd4EnlF0UXWYJKuFoKdbwJK8VHYk="><span style="font-family:"Calibri",sans-serif">https://eprints.whiterose.ac.uk/cgi/request_doc?docid=2348396</span></a><span style="font-family:"Calibri",sans-serif"> .</span><br>
<span style="font-family:"Calibri",sans-serif">The google.com version and recaptcha.net are essentially the same thing - but recaptcha.net isn't blocked in e.g. China, so we use that.</span><br>
<br>
<span style="font-family:"Calibri",sans-serif">This does work well for us, and we also use recaptcha.net on our account creation and 'contact us' pages on our eTheses repository.</span><br>
<br>
<span style="font-family:"Calibri",sans-serif">As the request details are stored in the EPrints database, you could do some analysis of these spam requests, and see if there are common themes - e.g. links in the request reason, or email addresses supplied?</span><br>
<span style="font-family:"Calibri",sans-serif">You could also look at historic Apache logs and see if they all originate from the same place?</span><br>
<br>
<span style="font-family:"Calibri",sans-serif">Cheers,</span><br>
<span style="font-family:"Calibri",sans-serif">John</span><br>
<br>
<br>
<o:p></o:p></p>
<div class="MsoNormal">
<hr size="2" width="100%" align="left">
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif"> <a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk">eprints-tech-bounces@ecs.soton.ac.uk</a> <<a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk">eprints-tech-bounces@ecs.soton.ac.uk</a>>
on behalf of jens.witzel--- via Eprints-tech <<a href="mailto:eprints-tech@ecs.soton.ac.uk">eprints-tech@ecs.soton.ac.uk</a>><b><br>
Sent:</b> 13 September 2021 13:34<b><br>
To:</b> <a href="mailto:eprints-tech@ecs.soton.ac.uk">eprints-tech@ecs.soton.ac.uk</a> <<a href="mailto:eprints-tech@ecs.soton.ac.uk">eprints-tech@ecs.soton.ac.uk</a>><b><br>
Subject:</b> [EP-tech] Spam to submitter via "Copy request" form</span> <br>
<br>
<b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#8D3970">CAUTION:</span></b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#8D3970"> This e-mail originated outside the University of Southampton.
</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">Hi out there</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
we have received some feedback regarding spam via the "Copy Request". Lots of emails gone to one submitter. Does anybody use any capture or something else in this direction?</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
First I found something in /usr/local/eprints/lib/workflows/request/default.xml (line 22ff.) - using googles capture
</span><a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Frecaptcha%2Fabout%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997616360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6YBkaIjYjnFm7qxnmcB%2FTc3mDl9ObSG5BtLnuRvijsw%3D&reserved=0" originalSrc="https://www.google.com/recaptcha/about/" shash="NDYEjKVY6EadyESt06vTtP212AS0u0/oPXFkJa0hp/7NDJhf8L2kmH2LB+JFhx26dl9LBO8lIbjh3x/JI0YKNkgMvyBRTsR2h6fWymQgbZFtBkorOSlxpdxPFiH5Ta5D6moi/s+rx9x6A3IlA2Q8DGkTYgxa1BSFYdMKC8fjAYk="><span style="font-size:10.0pt;font-family:"Arial",sans-serif">https://www.google.com/recaptcha/about/</span></a><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> but
for sure we will have problems with data privacy.</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
Second i found some hints in the Eprints wiki: A captcha pseudo-field based on </span>
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frecaptcha.net%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997616360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8aNss56jgPczJuMQ895Unz5dSBdEBte0wkDFEk9Pres%3D&reserved=0" originalSrc="http://recaptcha.net/" shash="MOZ+2GyRAT70+shY050Pb0mIEp17eQDbiUOlRVGSb1/E7tq75A968fm7SgpsLg5ChJofn479LtBOno5RozG0XMXUHjhNhFChaDW1o4Fdoqm5WJPuuFmJFYbHpLbF43cE4aOsVB1ILICEoQ/D5o+nHba5fOCq/xRiDQNPz0wh3wY="><span style="font-size:10.0pt;font-family:"Arial",sans-serif">http://recaptcha.net/</span></a><u><span style="color:blue"><br>
</span></u><a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FNew_Features_in_EPrints_3.2&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997626315%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QGN4N9UyIg%2Feu15eVuNaXMmPQkODbOVldiebnwWm4RQ%3D&reserved=0" originalSrc="https://wiki.eprints.org/w/New_Features_in_EPrints_3.2" shash="YBNoXMij/YGqZAQpXbeWwL43rnL6VmDthDbHkV6N4725LUYg3qxGTzTLohTpWtmXqmxrKS1hf0zqZAm7u+YtDvENrEhae1R+vLVzfX97RHFybqht6vFT2TjPTL0/MkyyB+3f8QoqvL+su5lBZgPdrsHQGzLap5nneys3OFp2j/U="><span style="font-size:10.0pt;font-family:"Arial",sans-serif">https://wiki.eprints.org/w/New_Features_in_EPrints_3.2</span></a><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
Anything else? Cookies, Perl driven stuff? What do you guys use?</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
Every hint is welcome<br>
<br>
Jens</span><br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
-- <br>
Jens Witzel<br>
Zentrale Informatik<br>
Universität Zürich<br>
Stampfenbachstrasse 73<br>
CH-8006 Zürich<br>
<br>
mail: <a href="mailto:jens.witzel@uzh.ch">jens.witzel@uzh.ch</a><br>
phone: +41 44 63 56777<u><span style="color:blue"><br>
</span></u></span><a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C4cdca1b5fc984fa5526e08d976bec5c4%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671383997626315%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Rb7Oe%2F7Ii2I2SA9P66ymNQP987tH27%2F5H%2F15g06%2Fc8k%3D&reserved=0" originalSrc="http://www.zi.uzh.ch/" shash="l519p0uAFCaKJOTvlRwFBpa/hnh3JBNWtmCSFdpzZnRadSc7a8JWVAJPtZ3a2FjXt4qbtIPZB0nQ3JPQSOYFMMQNTUPwb8Rxu/TqilGwRU+2GjViytjkeHEZA3n+0TZatNppituCwcB/T9N7YxYKCK3OkHpDI/fVMKubksQagFI="><span style="font-size:10.0pt;font-family:"Arial",sans-serif">http://www.zi.uzh.ch</span></a><o:p></o:p></p>
</div>
</div>
</body>
</html>