Eric,
This is a thing. It's really damaging for a lot of institutions. And, as you note...it's not well understood in terms of extent. I decided (sort of on my own) that it could be helpful to get our arms around that extent and so built a quick survey. It's only gone to "known" communities in my world. But if you'd be willing to fill it out, I'd be grateful. Several of the questions are about "would you be interested in some more formal gathering" and so far the results are almost universally "yes." I think there is room for us to better map out what's working, at what cost, on which systems. And share. See below...
____________
Apologies for cross-channel distribution:
Has your institution been suffering from bots scraping your systems? Does it feel like a DDOS? Is it having an impact on your services and staff?
All of these are true for the UNC Chapel Hill University Libraries. Through informal and semi-formal channels, we are aware that these are not isolated incidents.
We are interested in getting a better understanding of extent and impact.
Please take a moment to fill out this survey. It should take less than five minutes. (Note that all questions are optional. And if you do provide identifying information, you may opt out of further engagement.
https://forms.office.com/r/2r0MzE4zuw
If you are a part of a community that may be affected, please feel free to share and encourage participation.
Do not hesitate to contact me with questions or concerns.
Thank you,
Tim Shearer
AUL For Digital Strategies and IT
UNC Chapel Hill, University Libraries
-----Original Message-----
From: Code for Libraries <CODE4LIB_at_LISTS.CLIR.ORG> On Behalf Of Eric Blevins
Sent: Wednesday, March 26, 2025 7:27 AM
To: CODE4LIB_at_LISTS.CLIR.ORG
Subject: [CODE4LIB] Bot scraping/DDoS against ILS and discovery layers
[Some people who received this message don't often get email from 000001d7eb585e16-dmarc-request@lists.clir.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Good morning,
First time posting to Code4Lib, but have been a watcher for several years. I'm curious from strictly a numbers standpoint how many libraries might've been impacted recently (say the last couple of weeks or so) by massive bot harvesting of data, basically resulting in a DDoS attack, against your ILS, Discovery Layers, or other systems. I'm actually also curious if non-Innovative/Clarivate product libraries are seeing similar issues. We are an innovative/Clarivate product shop, so we have some awareness that others with those products were impacted. Again, aside from curiosity if you're a non-Clarivate shop, I'm not looking for specifics just wondering about the scope of the attacks against other institutions/orgs.
Regards,
Eric C. Blevins
Sr. Manager of Library Technology
RIT Libraries
Rochester Institute of Technology
Email: Eric.Blevins_at_rit.edu<mailto:Eric.Blevins_at_rit.edu>
Received on Wed Mar 26 2025 - 10:47:01 EDT