Tuesday, August 11, 2015

The University Repository Request Copy Spam

Recently the University Repository was the victim of a spammer using its inbuilt functions to send spam to a number of members of staff the following is a short report on the incident

How did it happen?
The attackers performed a search for all repository items with a full text document. They then individually requested each file. The files that are
restricted (embargoed) bring up a page, which allows the corresponding author to be sent a message. They wrote a script that injected the spam into this page and sent it.

Who?
The requests were from domains such as dynamic.isp.telekom.rs  - basically a free IP service in Serbia that effectively masks the computer which could be in any part of the world 

What?
What have we put in place in response to this? In short, we have removed the function - you now need to log in to see restricted files . . .



As far as we can tell from analysing the usage of the repository, the function had vanishingly small legitimate use, so we are not planning on re-enabling it. Please let us know in the comments below if this function is something that you would find useful and we can examine ways of sanitising (ensuring in future no spam is allowed through the text field) the form.

No comments: