[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Advice on breach




[Speaking as a publisher:]

If access to the vendor's site is direct from the users PC to the
publishers web site, then it is the publisher who will have to do the
programming to throttle access, or log abuse.  While it is theoretically
possible to log such use using 'transparent caching' or 'network
sniffers', it isn't practical. Let the publisher handle it on his machine.
I note that since he has logged it, he is clearly in a position to stop it
in the future.

If access is through a cache or proxy server under your control, then you
will have to implement code to limit access yourself, if you want limits
on a per user or per IP address basis. If the proxy server is Apache, then
your programmer should have a look at "Mod:Throttle" to see if it can be
adapted to your needs. Otherwise, he can write his own. You would need to
decide what to tie the download limits to - an IP address, a userid,
whatever is available. For proprietary proxy servers you would be
dependent upon the vendor of the proxy - I would be surprised if anything
suitable were available.

I take it that dropping the subscription isn't a better alternative?

We have noticed several instances of users attempting to download our
entire collection, and have typically just cut off that particular IP
address for a couple of days. In every case, the problem user has gotten
the hint and given up.

Somehow it didn't occur to me that librarians would have ready access to
the computer skills necessary to track down the offender in the flesh, but
then this list never ceases to amaze me with the lengths librarians will
go to appease some publishers. In our world only half our subscribers know
their own IP address, and none has ever appealed to this list for advice
on how to best apologize to us!

On Fri, 27 Oct 2000, Helen Anderson wrote:

> We were recently informed by a vendor that one of our users had downloaded
> thousands of articles from one of the vendors titles in very short period
> of time.  Wanting to comply, we identified the culprit and have taken
> appropriate action. Still, the vendor asks us to provide them with an
> assurance that such downloading will not take place again.