A few months ago we experienced a flurry of illegal use on a few of our library’s restricted resources. Tracing the IP numbers through the logs, I tracked the culprit(s) down to a network in mainland China. While I’m not in favor of Google and Yahoo censoring the internet for those users, I now find myself doing a bit of that in reverse.
Why? Do a google search for our proxy server’s name and among the many legitimate hits you’ll receive you’ll also find a few pages giving out information for illegally logging into our server. The pages are in Chinese—which reduces the number of people who might understand and make use of the information to merely one fourth of the people on this planet—but there it is. Here’s the text of one entry I found in a Chinese forum, from a reader who appears to be trying to grasp a few concepts from higher mathematics (you can blame Babelfish for this ridiculous translation):
“…I only the undergraduate course higher mathematics foundation, now wants further to study, wants to grasp some like artificial intelligence the and so on nerve network, svm method, but these to me said too abstrusely, these two days in looked a book, supports the vector machine introductory remarks and the statistical study theory essence, really is very difficult, inside involves some mathematics theories are very very many did not know, felt is unable to continue watching also without knowing where to begin starts. Who can give directs? You thought which mathematics foundation studies these aspects also to need? Can recommend the book which is connected?”
Another reader in the forum was quite helpful and offered a gift:
Gift: https://mutex.gmu.edu:2048/login *deleted*
The deleted portion contained specific details on credentials that could be used to log into our validation server. I spent some time trying to figure out a way to stop this theft. I first set a few parameters within EZproxy which can help to identify and then block inappropriate use (e.g., triggered by downloading hundreds of articles in a short amount of time). That worked, but as soon as I blocked one offending address, another appeared. I finally abandoned sophistication and picked up a blunt instrument. I added a line in ezproxy.cfg file which instructed the server to simply redirect any request that originated from a broad range of IP addresses—basically any address in the 221.xxx.xxx.xxx range (which covers nearly 15 million possible addresses):
E 221.0.0.0-221.225.255.255
The illegal usage stopped abruptly. I can still open our server to this Chinese network if the need arises but I will do so only after I have a specific (and verifiable) request. EZproxy quite reasonably expresses concern every time it launches (a sort of “did you really mean to do that?” message) but my Great Wall is holding.
WARNING: address range applies to 14811136 hosts: 221.0.0.0-221.225.255.255
Actually, I’m not blocking every address in China by any means. Here is a list of every network registered with apnic.net for country=cn:
http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn