[unisog] cornell.edu blog being used for spam - and now virginia.edu as well
Russell Fulton
r.fulton at auckland.ac.nz
Sat Nov 24 23:04:17 GMT 2007
Ali, Saqib wrote:
>
> If your university is putting up Wordpress blog servers, please ensure
> that you are installing spam block plugin as well. I think this
> problem will only get worse......
>
>
As Dan has already pointed out most universities do not have tight
central control over servers. Any one of hundreds of small groups can
and do put up their own web based services. Some of these groups (or
their admins) are naive and /or inexperienced which leads to bungles
like these. This situation is far from ideal but the benefits of the
open academic environment generally outweigh the problems which given
the number of webservers involved is fairly small.
Most of us (central security folk) spend quite a lot of time and effort
educating people in our faculties about such matters but the reality is
that there are always folk who for one reason or another miss the
message. For instance much of the work of putting up such sites is done
by grad students who turn over very rapidly.
Speaking for UoA we have several hundred web servers exposed to the
Internet and we get one or two abused a year. We consider this risk
well worth the freedom this practice allows our academics.
Most universities are well aware of these risks and have well
established incident response policies that can deal with such matters
very quickly. Mail to abuse or security @ auckland.ac.nz will get a
compromised server off the net in a minimum of 6 - 8 hours (over night
on a weekend). Most issues are dealt with much quicker than this.
Russsell
More information about the unisog
mailing list