Hello all,
We have recently analyzed the logs in our Dspace instance
and noticed a distinct behaviour of some IPs. I searched the mail-list
and found out that some people had the same problem: a certain IP
downloading the same bitstream over and over in a certain period. While
trying to figure out what kind of IP it was we stumbled upon Project
Honey Pot, and turns out that it has an implementation as an Apache
module. I didn't get into much details about it, and I thought I should
ask here if anyone have tried to use it, or if there's something else to
do about these IPs. I have searched for other IPs with a similar
behaviour and spotted some IPs with few accesses but using the same
method: consecutive access to the same bitstream. One had only 8
accesses, but all of them at the same time. The other one has more than
a thousand accesses, a lot of them at the same time.
So far we have only thought of checking the data we have,
after a certain period, and blocking suspicious IP, but now I'm thinking
that using the Honey Pot should be an interesting idea, even if we block
only IPs with a very high level of threat.
Any suggestions?
Thanks,
Rafael
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
