We do log userids with ezproxy. However we collect logs as monthly files. When we process them for patron statistical categories, we then delete the original log file. So what log files we have older than one month are anonymized. /Ray Ray Schwartz Systems Specialist Librarian [log in to unmask] David and Lorraine Cheng Library Tel: +1 973 720-3192 William Paterson University Fax: +1 973 720-2585 300 Pompton Road Mobile: +1 201 424-4491 Wayne, NJ 07470-2103 USA http://nova.wpunj.edu/schwartzr2/ -----Original Message----- From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Joshua Welker Sent: Wednesday, November 19, 2014 3:53 PM To: [log in to unmask] Subject: [CODE4LIB] Balancing security and privacy with EZproxy Balancing security and privacy with EZproxy In recent months, we have been contacted several times by one of our vendors about our databases being accessed by rogue Chinese IP addresses. With the massive proliferation of online security breaches and password dumps, attackers are gaining access to student accounts and using them to access subscription resources through EZproxy. The vendor catches this happening and alerts us sometimes, but probably more often than not we have no idea. When we do find out, we force the students to change their passwords. We currently log IP addresses in EZproxy and can see when one of these rogue IP addresses is accessing a resource. However, we do not log user IDs in EZproxy, so we can’t tell which student account was compromised. Logging the user IDs would be a quick fix, but it has major privacy implications for our patrons, as we would have a record of every document they access. Have any other institutions encountered this problem? Are any best practices established for how to deal with these security breaches? I apologize for cross-posting. Josh Welker Information Technology Librarian James C. Kirkpatrick Library University of Central Missouri Warrensburg, MO 64093 JCKL 2260 660.543.8022