As it says, you don't delete it, it is needed by EZproxy.

Sébastien

-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu]
Envoyé : 12 août 2014 09:01
À : EZProxy discussion list
Objet : [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors. There were actually three, two of which we were able to delete. The third one is anonymous and when we attempt to terminate it, get:

Session Mzoe543gbVbD4YO is an anonymous session used to support AnonymousURL and/or SingleSession. It cannot be terminated.

How do we delete this session.

Thank you,
Jaime

--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send req

I believe that session is an internal one necessary for the correct
functioning of EZproxy. I don't think you can/want to terminate it.

Eric
--
Eric H.M.M. Condic
Manager of Embedded Systems
Kresge Library
Oakland University
Rochester MI 48309-4484
Phone: 248-370-2467
FAX: 248-370-2474


---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

Thank you Sebastien. Would this session not be seen by our vendor?
Jaime

----- Original Message -----
From: "Sébastien Nadeau" <***@bibl.ulaval.ca>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 9:05:11 AM
Subject: RE:[ezproxy] Deleting anonymous user sessions

As it says, you don't delete it, it is needed by EZproxy.

Sébastien

-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu]
Envoyé : 12 août 2014 09:01
À : EZProxy discussion list
Objet : [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors. There were actually three, two of which we were able to delete. The third one is anonymous and when we attempt to terminate it, get:

Session Mzoe543gbVbD4YO is an anonymous session used to support AnonymousURL and/or SingleSession. It cannot be terminated.

How do we delete this session.

Thank you,
Jaime
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

Jaime,

Did the vendor give you a reason why a "session of excessive duration" is a problem? I have heard of problems of excessive ~downloading~, but wouldn't have thought being logged on ~too long~ would be a problem.

Curious,
John

-----Original Message-----
From: Jaime Jamison [mailto:***@psu.edu]
Sent: Tuesday, August 12, 2014 7:01 AM
To: EZProxy discussion list
Subject: [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors.

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe

John,

No, literally, "due to excessive session duration." They also could not provide a log when I requested one.

"There is no log file provided for an excessive session duration.
Suffice it to say the excessive session duration exceeded specific abuse monitoring thresholds."

Definitely curious. It would seem to be sci-hub.org again though.

Jaime

----- Original Message -----
From: "John Benedetto" <***@unm.edu>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 9:38:55 AM
Subject: RE:[ezproxy] Deleting anonymous user sessions

Jaime,

Did the vendor give you a reason why a "session of excessive duration" is a problem? I have heard of problems of excessive ~downloading~, but wouldn't have thought being logged on ~too long~ would be a problem.

Curious,
John

-----Original Message-----
From: Jaime Jamison [mailto:***@psu.edu]
Sent: Tuesday, August 12, 2014 7:01 AM
To: EZProxy discussion list
Subject: [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors.

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

We have received a complaint about this a couple of times as well.
Basically a user connects to a database and just leaves their browser on
that site for a long period of time. The vendor claims this is a
"security risk" since anyone could come up to the machine and start
using their database. Kinda thin, I think paranoia is running strong
with some of our vendors. ;-). We just try to find the user who
connected using the log file and let them know that when they are done
they should close the browser or move to another page.
--
Eric H.M.M. Condic
Manager of Embedded Systems
Kresge Library
Oakland University
Rochester MI 48309-4484
Phone: 248-370-2467
FAX: 248-370-2474


---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

I don't know, but since it's not a real user session, I don't think it should be a concern, and if it's one, it's in the hands of OCLC to solve it.

Here we enforce a 20 minutes session timeout:

MaxLifetime 20

Some users complained in the beginning, but now they are used to it and it makes it safer, especially on public workstations in other libraries and documentation centers.

Sébastien


-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu]
Envoyé : 12 août 2014 09:19
À : EZProxy discussion list
Objet : Re: [ezproxy] Deleting anonymous user sessions

Thank you Sebastien. Would this session not be seen by our vendor?
Jaime

----- Original Message -----
From: "Sébastien Nadeau" <***@bibl.ulaval.ca>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 9:05:11 AM
Subject: RE:[ezproxy] Deleting anonymous user sessions

As it says, you don't delete it, it is needed by EZproxy.

Sébastien

-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu] Envoyé : 12 août 2014 09:01 À : EZProxy discussion list Objet : [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors. There were actually three, two of which we were able to delete. The third one is anonymous and when we attempt to terminate it, get:

Session Mzoe543gbVbD4YO is an anonymous session used to support AnonymousURL and/or SingleSession. It cannot be terminated.

How do we delete this session.

Thank you,
Jaime
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu


---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to services

Yeah, and as soon as you suspect sci-hub.org, look up the user concerned for this excessive session duration. There's a good chance this user's account has been compromised and his password stolen.

Sébastien


-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu]
Envoyé : 12 août 2014 09:45
À : EZProxy discussion list
Objet : Re: [ezproxy] Deleting anonymous user sessions

John,

No, literally, "due to excessive session duration." They also could not provide a log when I requested one.

"There is no log file provided for an excessive session duration.
Suffice it to say the excessive session duration exceeded specific abuse monitoring thresholds."

Definitely curious. It would seem to be sci-hub.org again though.

Jaime

----- Original Message -----
From: "John Benedetto" <***@unm.edu>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 9:38:55 AM
Subject: RE:[ezproxy] Deleting anonymous user sessions

Jaime,

Did the vendor give you a reason why a "session of excessive duration" is a problem? I have heard of problems of excessive ~downloading~, but wouldn't have thought being logged on ~too long~ would be a problem.

Curious,
John

-----Original Message-----
From: Jaime Jamison [mailto:***@psu.edu]
Sent: Tuesday, August 12, 2014 7:01 AM
To: EZProxy discussion list
Subject: [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors.

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu

--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To

Most of the cases of this we see are actually compromised credentials being used elsewhere w/ some internal rate limiting so they don't trigger any other heuristics aside from long duration and typically at the campus level we record their login credentials associated with concurrent sessions on several different continents.

Unfortunately last I checked the time-out mechanism is still broken w/ Shibboleth. Haven't had a chance to check after the most recent update though, so that might be fixed.

Jon Gorman
University of Illinois

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To

We've identified and shut down the compromised user - operating from 10 different IPs.

----- Original Message -----
From: "Sébastien Nadeau" <***@bibl.ulaval.ca>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 10:16:53 AM
Subject: RE: [ezproxy] Deleting anonymous user sessions

Yeah, and as soon as you suspect sci-hub.org, look up the user concerned for this excessive session duration. There's a good chance this user's account has been compromised and his password stolen.

Sébastien


-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu]
Envoyé : 12 août 2014 09:45
À : EZProxy discussion list
Objet : Re: [ezproxy] Deleting anonymous user sessions

John,

No, literally, "due to excessive session duration." They also could not provide a log when I requested one.

"There is no log file provided for an excessive session duration.
Suffice it to say the excessive session duration exceeded specific abuse monitoring thresholds."

Definitely curious. It would seem to be sci-hub.org again though.

Jaime

----- Original Message -----
From: "John Benedetto" <***@unm.edu>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 9:38:55 AM
Subject: RE:[ezproxy] Deleting anonymous user sessions

Jaime,

Did the vendor give you a reason why a "session of excessive duration" is a problem? I have heard of problems of excessive ~downloading~, but wouldn't have thought being logged on ~too long~ would be a problem.

Curious,
John

-----Original Message-----
From: Jaime Jamison [mailto:***@psu.edu]
Sent: Tuesday, August 12, 2014 7:01 AM
To: EZProxy discussion list
Subject: [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors.

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to ***@itec.suny.edu

We ran into this last year - several sessions using different ips, but switching vendors so they just burbled along under their radar. I realized that there was no real reason for any session to last overnight, so I made a little script that emails me each morning any sessions that are still there. Then I can look their user up and end them manually via the web interface. (we keep user session data for 5 days for stuff like this.)

-----Original Message-----
From: Jaime Jamison [mailto:***@psu.edu]
Sent: Tuesday, August 12, 2014 10:47 AM
To: EZProxy discussion list
Subject: Re: [ezproxy] Deleting anonymous user sessions

We've identified and shut down the compromised user - operating from 10 different IPs.

----- Original Message -----
From: "Sébastien Nadeau" <***@bibl.ulaval.ca>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 10:16:53 AM
Subject: RE: [ezproxy] Deleting anonymous user sessions

Yeah, and as soon as you suspect sci-hub.org, look up the user concerned for this excessive session duration. There's a good chance this user's account has been compromised and his password stolen.

Sébastien


-----Message d'origine-----
De : Jaime Jamison [mailto:***@psu.edu] Envoyé : 12 août 2014 09:45 À : EZProxy discussion list Objet : Re: [ezproxy] Deleting anonymous user sessions

John,

No, literally, "due to excessive session duration." They also could not provide a log when I requested one.

"There is no log file provided for an excessive session duration.
Suffice it to say the excessive session duration exceeded specific abuse monitoring thresholds."

Definitely curious. It would seem to be sci-hub.org again though.

Jaime

----- Original Message -----
From: "John Benedetto" <***@unm.edu>
To: "EZProxy discussion list" <***@ls.suny.edu>
Sent: Tuesday, August 12, 2014 9:38:55 AM
Subject: RE:[ezproxy] Deleting anonymous user sessions

Jaime,

Did the vendor give you a reason why a "session of excessive duration" is a problem? I have heard of problems of excessive ~downloading~, but wouldn't have thought being logged on ~too long~ would be a problem.

Curious,
John

-----Original Message-----
From: Jaime Jamison [mailto:***@psu.edu]
Sent: Tuesday, August 12, 2014 7:01 AM
To: EZProxy discussion list
Subject: [ezproxy] Deleting anonymous user sessions

All,

We were notified of an EZproxy session of excessive duration by one of our vendors.

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@bibl.ulaval.ca.
To unsubscribe, send request to ***@itec.suny.edu

---
You are currently subscribed to ezproxy as: ***@psu.edu.
To unsubscribe, send request to ***@itec.suny.edu
--
James A. Jamison
Electronic Resources Specialist
Pennsylvania State University
Serials & Acquisitions
126 Paterno Library
University Park, PA 16802
Phone: (814) 867-0886
Fax: (814) 863-7293
***@psu.edu

---
You are currently subscribed to ezproxy as: ***@drexel.edu.
To unsubscribe, send request to ***@itec.suny.edu


---
You are currently subscribed to ezproxy as: gee-***@m.gmane.org.
To unsubscribe, send request to servic