<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<div style="padding-bottom: 10px; padding-top: 5px;">
<div style="padding:12px; border:1px solid #8D3970; background-color:#F7F9FA; color:#8D3970; font-size:14px; line-height:22px; font-family: Calibri, Arial, Helvetica, sans-serif;">
<strong>CAUTION:</strong> This e-mail originated outside the University of Southampton.
</div>
</div>
<div>
<p><font size="2" face="sans-serif">Thanks again John</font><br>
<br>
<font size="2" face="sans-serif">i just looked at the request table ... very interesting :-) Storing the
</font><font size="2" color="#1F497D" face="Calibri">the privacy statement</font><font size="2" face="sans-serif"> is a good idea</font><font size="2" face="sans-serif">.</font><br>
<br>
<font size="2" face="sans-serif">Kind regards<br>
Jens<br>
<br>
</font><br>
<font size="2" face="sans-serif">-- <br>
Jens Witzel<br>
Zentrale Informatik<br>
Universität Zürich<br>
Stampfenbachstrasse 73<br>
CH-8006 Zürich<br>
<br>
mail: jens.witzel@uzh.ch<br>
phone: +41 44 63 56777<br>
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824202052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=c3J8JHpYbz1TxADMoEepIUMP9DqMHva2sDUgkFDjt68%3D&reserved=0" originalSrc="http://www.zi.uzh.ch/" shash="IBDgNS1ssUJ/h5RH6g9C6QEmNo+LCrr/tXFZFzg5PqJLTlh/PRj4q8oIzDgGK2P4zICq+Uq++38jxH72HTO5U/ES3vn2nmQmU8yluqJxW0xPfwQfdvs9MNkHJhUkwhj5Z3wTVPfjIF/84kK/3btYkjjfrdNs6IpH0ijQi6SO6bc=">http://www.zi.uzh.ch</a></font><br>
<br>
<img width="16" height="16" src="cid:1__=4EBB0DDCDFDE82408f9e8a93df938690918c4EBB0DDCDFDE8240@lotus.uzh.ch" border="0" alt="Inactive hide details for "John Salter" ---13.09.2021 16:00:07---Yes - the privacy statement is a field that was added to the r"><font size="2" color="#424282" face="sans-serif">"John
Salter" ---13.09.2021 16:00:07---Yes - the privacy statement is a field that was added to the request dataset. It is stored as the ve</font><br>
<br>
<font size="1" color="#5F5F5F" face="sans-serif">Von: </font><font size="1" face="sans-serif">"John Salter" <J.Salter@leeds.ac.uk></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">An: </font><font size="1" face="sans-serif">"jens.witzel@uzh.ch" <jens.witzel@uzh.ch></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Kopie: </font><font size="1" face="sans-serif">"eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Datum: </font><font size="1" face="sans-serif">13.09.2021 16:00</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Betreff: </font><font size="1" face="sans-serif">RE: Antwort: Re: [EP-tech] Spam to submitter via "Copy request" form</font><br>
</p>
<hr width="100%" size="2" align="left" noshade="" style="color:#8091A5; ">
<br>
<br>
<br>
<font size="2" color="#1F497D" face="Calibri">Yes - the privacy statement is a field that was added to the request dataset.</font><br>
<font size="2" color="#1F497D" face="Calibri">It is stored as the version of the privacy statement that was agreed e.g. 'request_v1'.</font><br>
<font size="2" color="#1F497D" face="Calibri">We only have one version at the moment, but if we revised this to make a v2 statement, we would store 'request_v2' in the database.</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri">Cheers,</font><br>
<font size="2" color="#1F497D" face="Calibri">John</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" face="Calibri"><b>From:</b></font><font size="2" face="Calibri"> jens.witzel@uzh.ch [</font><font size="2" face="Calibri"><a href="mailto:jens.witzel@uzh.ch">mailto:jens.witzel@uzh.ch</a></font><font size="2" face="Calibri">]
</font><font size="2" face="Calibri"><b><br>
Sent:</b></font><font size="2" face="Calibri"> 13 September 2021 14:47</font><font size="2" face="Calibri"><b><br>
To:</b></font><font size="2" face="Calibri"> John Salter <J.Salter@leeds.ac.uk></font><font size="2" face="Calibri"><b><br>
Cc:</b></font><font size="2" face="Calibri"> eprints-tech@ecs.soton.ac.uk; jens.witzel@uzh.ch</font><font size="2" face="Calibri"><b><br>
Subject:</b></font><font size="2" face="Calibri"> Antwort: Re: [EP-tech] Spam to submitter via "Copy request" form</font><br>
<font size="3" face="Times New Roman"> </font>
<p><font size="2" face="Arial">Hi John</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
thanks a lot for your quick answer. I'll keep an eye on it. Q: Do you store the "</font><font size="3" face="Times New Roman">Privacy Agreement"
</font><font size="2" face="Arial">click? </font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
Of cause we analyse apaches logfiles and feed our badbot list, but unfortunately at the moment of sending the form it's to late ;-)</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
Anybody else doing the same or something different?<br>
<br>
Cheers<br>
Jens</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
-- <br>
Jens Witzel<br>
Zentrale Informatik<br>
Universität Zürich<br>
Stampfenbachstrasse 73<br>
CH-8006 Zürich<br>
<br>
mail: </font><a href="mailto:jens.witzel@uzh.ch"><font size="2" color="#0000FF" face="Arial"><u>jens.witzel@uzh.ch</u></font></a><font size="2" face="Arial"><br>
phone: +41 44 63 56777</font><font size="2" color="#0000FF" face="Arial"><u><br>
</u></font><a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824202052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=c3J8JHpYbz1TxADMoEepIUMP9DqMHva2sDUgkFDjt68%3D&reserved=0" originalSrc="http://www.zi.uzh.ch/" shash="IBDgNS1ssUJ/h5RH6g9C6QEmNo+LCrr/tXFZFzg5PqJLTlh/PRj4q8oIzDgGK2P4zICq+Uq++38jxH72HTO5U/ES3vn2nmQmU8yluqJxW0xPfwQfdvs9MNkHJhUkwhj5Z3wTVPfjIF/84kK/3btYkjjfrdNs6IpH0ijQi6SO6bc="><font size="2" color="#0000FF" face="Arial"><u>http://www.zi.uzh.ch</u></font></a><font size="3" face="Times New Roman"><br>
<br>
</font><img src="cid:1__=4EBB0DDCDFDE82408f9e8a93df938690918c4EBB0DDCDFDE8240@lotus.uzh.ch" width="16" height="16" alt="Inactive hide details for "John Salter" ---13.09.2021 15:30:46---Hi Jens, We use the recaptcha stuff e.g. https://eprints.white"><font size="2" color="#424282" face="Arial">"John
Salter" ---13.09.2021 15:30:46---Hi Jens, We use the recaptcha stuff e.g. </font>
<a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprints.whiterose.ac.uk%2Fcgi%2Frequest_doc%3Fdocid%3D23483&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824202052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=8m2cyJNLrAAaNFp%2FLb67VUGDGFvj45kYo%2BvuATMecZQ%3D&reserved=0" originalSrc="https://eprints.whiterose.ac.uk/cgi/request_doc?docid=23483" shash="XTo+jvlXwPlDWtiBYv5f0I+5kTlNMwZgJHMXpyNrMOV1wbR67xH4ycGv8BO+rjCCB4RRcSlvym0CXhl+qbJs4fhEC+i5xNGfuCzmTzQKOXHcGEMXUh/ceNSF4BQNMyOhz8apHWSJVZOkZMCI1CAnWdCwPf3T87iFPVIbIZSJJWc="><font size="2" color="#0000FF" face="Arial"><u>https://eprints.whiterose.ac.uk/cgi/request_doc?docid=23483</u></font></a><font size="3" face="Times New Roman"><br>
</font><font size="1" color="#5F5F5F" face="Arial"><br>
Von: </font><font size="1" face="Arial">"John Salter" <</font><a href="mailto:J.Salter@leeds.ac.uk"><font size="1" color="#0000FF" face="Arial"><u>J.Salter@leeds.ac.uk</u></font></a><font size="1" face="Arial">></font><font size="1" color="#5F5F5F" face="Arial"><br>
An: </font><font size="1" face="Arial">"</font><a href="mailto:eprints-tech@ecs.soton.ac.uk"><font size="1" color="#0000FF" face="Arial"><u>eprints-tech@ecs.soton.ac.uk</u></font></a><font size="1" face="Arial">" <</font><a href="mailto:eprints-tech@ecs.soton.ac.uk"><font size="1" color="#0000FF" face="Arial"><u>eprints-tech@ecs.soton.ac.uk</u></font></a><font size="1" face="Arial">>,
"</font><a href="mailto:jens.witzel@uzh.ch"><font size="1" color="#0000FF" face="Arial"><u>jens.witzel@uzh.ch</u></font></a><font size="1" face="Arial">" <</font><a href="mailto:jens.witzel@uzh.ch"><font size="1" color="#0000FF" face="Arial"><u>jens.witzel@uzh.ch</u></font></a><font size="1" face="Arial">></font><font size="1" color="#5F5F5F" face="Arial"><br>
Datum: </font><font size="1" face="Arial">13.09.2021 15:30</font><font size="1" color="#5F5F5F" face="Arial"><br>
Betreff: </font><font size="1" face="Arial">Re: [EP-tech] Spam to submitter via "Copy request" form</font><br>
</p>
<hr width="100%" size="2" align="left" noshade="">
<br>
<font size="3" face="Times New Roman"><br>
<br>
</font><font size="3" face="Calibri"><br>
Hi Jens,<br>
We use the recaptcha stuff e.g. </font><a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprints.whiterose.ac.uk%2Fcgi%2Frequest_doc%3Fdocid%3D2348396&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824211997%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=PRrL8UgWgvE8M4zgXZZqlFyo0ixuRWiEswrFP%2FGP4gw%3D&reserved=0" originalSrc="https://eprints.whiterose.ac.uk/cgi/request_doc?docid=2348396" shash="WvTqKYi3QAfIpbjgKHi8DBg3E8Y+nq4WC3hlffPBP8Y68MWMeKSBcGsGhNh+T4kdYBcICzfNx4hMw936u+R2Hw9fUaVXWKX33jM2tNhc94DPFdKrUyAHTcPOMMcPlgqyk/xQvD0odUgHTGIgJAagHbCTISkKm/qPTWO8j1rNNZ8="><font size="3" color="#0000FF" face="Calibri"><u>https://eprints.whiterose.ac.uk/cgi/request_doc?docid=2348396</u></font></a><font size="3" face="Calibri"> .<br>
The google.com version and recaptcha.net are essentially the same thing - but recaptcha.net isn't blocked in e.g. China, so we use that.</font><font size="3" face="Times New Roman"><br>
</font><font size="3" face="Calibri"><br>
This does work well for us, and we also use recaptcha.net on our account creation and 'contact us' pages on our eTheses repository.</font><font size="3" face="Times New Roman"><br>
</font><font size="3" face="Calibri"><br>
As the request details are stored in the EPrints database, you could do some analysis of these spam requests, and see if there are common themes - e.g. links in the request reason, or email addresses supplied?<br>
You could also look at historic Apache logs and see if they all originate from the same place?</font><font size="3" face="Times New Roman"><br>
</font><font size="3" face="Calibri"><br>
Cheers,<br>
John</font><font size="3" face="Times New Roman"><br>
<br>
</font><br>
<hr width="100%" size="2" align="left">
<br>
<font size="2" face="Calibri"><b><br>
From:</b></font><font size="2" face="Calibri"> </font><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><font size="2" color="#0000FF" face="Calibri"><u>eprints-tech-bounces@ecs.soton.ac.uk</u></font></a><font size="2" face="Calibri"> <</font><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><font size="2" color="#0000FF" face="Calibri"><u>eprints-tech-bounces@ecs.soton.ac.uk</u></font></a><font size="2" face="Calibri">>
on behalf of jens.witzel--- via Eprints-tech <</font><a href="mailto:eprints-tech@ecs.soton.ac.uk"><font size="2" color="#0000FF" face="Calibri"><u>eprints-tech@ecs.soton.ac.uk</u></font></a><font size="2" face="Calibri">></font><font size="2" face="Calibri"><b><br>
Sent:</b></font><font size="2" face="Calibri"> 13 September 2021 13:34</font><font size="2" face="Calibri"><b><br>
To:</b></font><font size="2" face="Calibri"> </font><a href="mailto:eprints-tech@ecs.soton.ac.uk"><font size="2" color="#0000FF" face="Calibri"><u>eprints-tech@ecs.soton.ac.uk</u></font></a><font size="2" face="Calibri"> <</font><a href="mailto:eprints-tech@ecs.soton.ac.uk"><font size="2" color="#0000FF" face="Calibri"><u>eprints-tech@ecs.soton.ac.uk</u></font></a><font size="2" face="Calibri">></font><font size="2" face="Calibri"><b><br>
Subject:</b></font><font size="2" face="Calibri"> [EP-tech] Spam to submitter via "Copy request" form</font><font size="3" face="Times New Roman"> <br>
</font><font size="2" color="#8D3970" face="Calibri"><b><br>
CAUTION:</b></font><font size="2" color="#8D3970" face="Calibri"> This e-mail originated outside the University of Southampton.
</font><font size="2" face="Arial"><br>
Hi out there<br>
<br>
we have received some feedback regarding spam via the "Copy Request". Lots of emails gone to one submitter. Does anybody use any capture or something else in this direction?<br>
<br>
First I found something in /usr/local/eprints/lib/workflows/request/default.xml (line 22ff.) - using googles capture
</font><a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Frecaptcha%2Fabout%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824211997%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=UZh7yHMkpAb%2BxEQupE%2FByWZuH%2Bl0fMg6wYrBhJ6I%2F44%3D&reserved=0" originalSrc="https://www.google.com/recaptcha/about/" shash="Wp8GHz+foS7ba7XwudOG6qLcpn0Y3DASJ4VLyf+Rg0OjxD9HgBuugkcjuJMQ505daqqeaIhNRSKMpgif92MKZbnB4In8Qd9C/fDJtIGNDm6KQK19s8OU9oiT/Q1FlfZxYQrgcdkTziQS6mNzgIzFsikFKxunrZunZ6WOE+lQU64="><font size="2" color="#0000FF" face="Arial"><u>https://www.google.com/recaptcha/about/</u></font></a><font size="2" face="Arial"> but
for sure we will have problems with data privacy.<br>
<br>
Second i found some hints in the Eprints wiki: A captcha pseudo-field based on </font>
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frecaptcha.net%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824221958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=69Vb4jiETAj%2BC%2FRbs0SMNEEXGhIqiuP0b%2FSVCJpWkDw%3D&reserved=0" originalSrc="http://recaptcha.net/" shash="HZivh/PtDr3nuge1nuo2iLf0jJ+utBOwSRpu3GC/dgUXcK33LEh3SKxQozDIcGNaBcHU8EDi45h+m8AbntZjLTBNLE/tDAs53mbj1ZxgZD0QnzXKeB8ov0E0EyyrVNK4X3HA6su2cdVrcMYy7rPggw0iU3XpJhw4rg1ftqSlr7c="><font size="2" color="#0000FF" face="Arial"><u>http://recaptcha.net/</u></font></a><font size="3" color="#0000FF" face="Times New Roman"><u><br>
</u></font><a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FNew_Features_in_EPrints_3.2&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824221958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=N23ujqmDunFs9OG24vX8uDPA6%2BPP%2BYv%2FTEeKmXkiXPM%3D&reserved=0" originalSrc="https://wiki.eprints.org/w/New_Features_in_EPrints_3.2" shash="eOPV0aZ5czQjZvNK9xrBR07kBmtHw+rgqnLSnNKpZ7Azu0XS5F2GgMO2v+cjW9uDSVYEh/ZXdfTRAMebVxLG49KLISwzW4l3a6JxZxIEUXfNUb5wpDSDyIIJb1Ilb5OO4x/pckPwkftC+aVa+7h3u91s4M43gzUnnKGu8OXYbn8="><font size="2" color="#0000FF" face="Arial"><u>https://wiki.eprints.org/w/New_Features_in_EPrints_3.2</u></font></a><font size="2" face="Arial"><br>
<br>
Anything else? Cookies, Perl driven stuff? What do you guys use?<br>
<br>
Every hint is welcome<br>
<br>
Jens<br>
<br>
-- <br>
Jens Witzel<br>
Zentrale Informatik<br>
Universität Zürich<br>
Stampfenbachstrasse 73<br>
CH-8006 Zürich<br>
<br>
mail: </font><a href="mailto:jens.witzel@uzh.ch"><font size="2" color="#0000FF" face="Arial"><u>jens.witzel@uzh.ch</u></font></a><font size="2" face="Arial"><br>
phone: +41 44 63 56777</font><font size="3" color="#0000FF" face="Times New Roman"><u><br>
</u></font><a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2be7549d0d06467ce72f08d976c17943%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637671396824221958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=j1o8tbsA%2FK8iZDkUJx9t9EIruh%2FF2LHclFvITPuIQD8%3D&reserved=0" originalSrc="http://www.zi.uzh.ch/" shash="gBdoDj4IJn20V5+HcN4FLOMDWhsR+Gz8sR3oSJ1gjcXageZKWplJ4s5ftVk2w27ZAgx5256knFiubm1oB/kILx/DLTAfD2LtFJrk30SK7u0u3PHBCUzfF6EHayB+5Uf1O5PYHn8h3w2Wf+SN433X8kwjl0JsLVHYtSbXSkwJ5VA="><font size="2" color="#0000FF" face="Arial"><u>http://www.zi.uzh.ch</u></font></a><br>
<br>
</div>
</body>
</html>