Recently the University Repository was the victim of a spammer using its inbuilt functions to send spam to a number of members of staff the following is a short report on the incident
How did it happen?
The attackers performed a search for all repository items with a full text document. They then individually requested each file. The files that are
The requests were from domains such as dynamic.isp.telekom.rs - basically a free IP service in Serbia that effectively masks the computer which could be in any part of the world
What have we put in place in response to this? In short, we have removed the function - you now need to log in to see restricted files
. . .
As far as we can tell from
the usage of the repository, the function had vanishingly small legitimate use, so we are not planning on re-enabling it. Please let us know in the comments below if this function is something that you would find useful and we can examine ways of analysing (ensuring in sanitising no spam is allowed through the text field) the form. future