Archive for 2019

GOAJ4: Malware and other issues, part 2

Friday, March 1st, 2019

If you recall this post, the first part included a link to eight malware-infected journals within the first 3,000 scanned OA journals not from one of four countries, and said I’d probably add to that list when I was halfway through the remainder.

I’m halfway through. Of the 3,200 journals scanned in this group, there were four infected journals last year, including one “BM” (an infection at a lower level such that I could analyze the journal while blocking the infected call). This time around, unfortunately, there are more: 14 in all, including three from Colombia, two each from Bulgaria, Iran, Poland, and Ukraine, and one each from Chile, Serbia and Taiwan.

I’ve added those journals to the existing Google sheet and added a column for “Group,” where “2” is the earlier group and “3” the new group. When I finish the scan, “4” will be the remainder. (“1” is the original list of malware-infected journals issued earlier.) Within groups, they’re sorted by country, then publisher.

Here’s the link in plain text:

I’m hoping some or all of these can be fixed; I’ll retest the, no earlier than April 15, 2019.

Other Problems

I’m also posting a Google sheet with XN (apparently not OA) and XX (not usable for various reasons) cases for the first 9,200 journals (except for Indonesia, where those were included in the malware sheet).

The Google sheet is here.

It includes 293 journals. Many of these are transitory problems, but this is still far too many. “Cod” defines whether the journal is XN (apparently not OA) or XX (other problems). “Note” offers a brief note on what’s going on, where I had one–e.g., error 404 (75 of them), ad (10) and parking (15) pages, “to”–timeout (34), “dns”–unable to resolve URL (60), “db”–database failure (13) and others, including blank pages (7).

I’ll run the first retest, of all XM/XN/XX journals and all journals where more 2017 issues might have been added, on April15 or two weeks after I finish the first scan, whichever comes last. I’ll scan remaining XM a third time after finishing that scan. Then comes the fun part: data crunching and writing the books.

I will update both spreadsheets when the first pass is complete–some time in late March if all goes well. Since there were 17 XM and BM journals last year among those 3,200-odd journals, I anticipate slightly more additions than this time around. (Not surprising: most infections seem to happen at universities, and I’m scanning alphabetically by publisher, so U…:about 1,800 plus all the remaining universities that don’t start with Uni…

Here’s a plain-text link to the second sheet:

GOAJ3: February 2019 update

Thursday, February 28th, 2019

Readership figures for GOAJ3 (unfortunately missing most of today, 2/28, and the last day of each month)–and, for now, I’ll keep reporting on GOAJ2 as well.

All links available from the project home page, as always.

GOAJ3: 2012-2017

  • The dataset: 959 views, 141 downloads
  • GOAJ3: 2,840 PDF ebooks + 237 copies of first few chapters (C&I 18.3)
  • Countries: 873 PDF ebooks
  • Subject supplement (C&I 18.4): 296 downloads
  • No paperbacks

GOAJ2: 2011-2016

  • The dataset: 695 views, 129 downloads.
  • GOAJ2: 2,459 PDF ebooks (and two paperbacks), plus 1,390 copies of chapters 1-7 (C&I 17.4)
  • Countries: 1,064 PDF ebooks (no paperbacks)
  • Subject supplement (C&I 17.5): 2,047 copies

Gray OA

OA and Malware: A halfway post

Friday, February 8th, 2019

You might think of this as a really tiny issue of Cites & Insights–and it’s the only one you’ll see in February or, almost certainly, March.

I’m roughly halfway through the initial scan of DOAJ journals for GOAJ4: Gold Open Access Journals 2013-2018 (“roughly”: I’ve done 6,000 and have 6,415 left to do). Seemed like a good point to pause, save off the first 6,000 (so I can save the “done” spreadsheet faster–in a second instead of two or three) and comment on a few things.

Malware So Far, Everybody Else

As noted in previous posts, I deliberately scanned four countries out of order because they had significant numbers of malware-infected journals last year, and I was hoping that DOAJ contacts could help inform the infected publishers (all universities) to fix the problems. Note that the four countries, including two of the most prolific OA publishers, accounted for 3,058 of the journals scanned so far–leaving 2,942 others, or about a third of the others.

The resulting posts and, in some cases, URLs for Google Sheets of the infected journals:

  • Indonesia, which has a worse malware problem than last year
  • Malaysia, which seems to have fixed its malware problem entirely
  • Romania, which has about the same level of infection as last year
  • Brazil, which has more than last year but still a tiny percentage.

Originally, I said I’d post the remaining cases when I was done with the scan–but I’ve changed that slightly, thinking that some cases could be fixed early. Instead, I’m posting a Google Sheet now that contains all the others in the first 6,000 journals. I’ll add to that sheet when I’m roughly three-quarters of the way done (say around 9,200 journals), probably early March, and add to it again when I’m done with the first pass (with luck, early April). The final scan of infected journals won’t happen until at least April 15 or two weeks after that post, whichever come last.

Here’s the link as plain text:

Here’s the thing: the spreadsheet includes all of eight (8) journals, one in each of eight countries. There may be more in the remaining 6,415 journals, but so far it’s not a big problem.

Still Avoiding PlanS

In the October 2018 Cites & Insights, one of a group of small essays was titled “One I Do Not Plan to Cover,” explaining why I was ignoring PlanS (at least for the moment)–not even tagging items for later discussion.

Briefly, the reasons were that too much was being written for me to follow; that it’s European and I’m not; that I don’t know that I understand all the issues; that I’ve never published in APC-based OA journals (or in any peer-reviewed journals in quite a while); that I was seeing growing honesty from scholars of a sort I found disheartening; and that there was stuff about “academic freedom”that struck me as remarkable.

All those reasons are still valid, especially the penultimate one–and there’s another one that I predicted to myself and wanted to avoid.

That last one: I suspected the long knives would come out in force, attempting in various ways to undermine serious OA or any attempts to upset the current regime. That was a pretty safe prediction, to be sure…

As to the penultimate one: We’re seeing a lot of the Yabbuts come out: That is, “Oh, I’m all for OA, but...” Pretty much like “Some of my best friends are X, but…”

I suspect that around 705-80% of scholars-who-publish just don’t care (or in some cases know) about OA as something that affects them. They have their access, coming out of the library’s budget (aka Somebody Else’s Problem) and they don’t much care about wider distribution for their scholarship–as long as it gets cited and/or helps them get promoted.

I don’t think there’s anything new about the Yabbuts. I do think they’ve been made aware that something serious might actually happen, making the BUT more important.

There’s also another reason I’m staying away: I haven’t read PlanS, and from what I’ve been unable to avoid hearing about it, I suspect I wouldn’t be wholly in favor (e.g., provisions that effectively make it unfeasible for the thousands of very small academic and society journals with no formal funding) to keep going. And since I haven’t read the thing, I may be wrong…

So I’m staying away.

Really Unfortunate, If True

One final and somewhat blind note. I tagged an article that, if I didn’t misunderstand it in a brief skim, seemed to be seriously suggesting that one retired librarian should determine what articles should be included in review articles, and specifically biomed articles. Oh, not in those words, but arguing that articles in “predatory” journals–defined only by reference to The Lists–shouldn’t be included in review articles.

If I read it correctly, this is appalling. Here’s a counter proposal: no articles in any journal published by a publisher with an article that’s probably caused more lost lives (and recurrence of supposedly-obliterated diseases!) than all articles in Listed journals put together should be considered for reviews. Whoops: There goes 10% of the literature.

And, of course, I don’t really believe all Elsevier journals should be tarred because of one article that The Lancet took a long time–twelve years–to fully retract. That would be like smearing thousands of articles and hundreds of journals because one person thinks one of the journals looks bad, without providing any reason. Which is, of course, the whole thing with The Lists. [You can read a pretty good summation of the killer-article history in Wikipedia.)

Now I see that the Master of the Lists is writing for THE (Tabloid on Higher Education? I may have that wrong). And far too many people still treat the lists as significant.


Enough of this. Back to the journal scan: 9,415 left to go.

GOAJ: January 2019 figures

Thursday, January 31st, 2019

eadership figures for GOAJ3 (unfortunately missing most of today, 12/31, and the last day of each month)–and, for now, I’ll keep reporting on GOAJ2 as well.

All links available from the project home page, as always.

GOAJ3: 2012-2017

  • The dataset: 918 views, 129 downloads
  • GOAJ3: 2,699 PDF ebooks + 221 copies of first few chapters (C&I 18.3)
  • Countries: 848 PDF ebooks
  • Subject supplement (C&I 18.4): 281 downloads
  • No paperbacks

GOAJ2: 2011-2016

  • The dataset: 678 views, 127 downloads.
  • GOAJ2: 2,433 PDF ebooks (and two paperbacks), plus 1,384 copies of chapters 1-7 (C&I 17.4)
  • Countries: 1,060 PDF ebooks (no paperbacks)
  • Subject supplement (C&I 17.5): 2,037 copies

Gray OA

Malware in Gold Open Access Journals, 2018–Part 4: Brazil

Tuesday, January 29th, 2019

I’ve now finished the scan of Brazil DOAJ journals (as of 1/1/2019), the fourth country with a significant number of malware infections in 2017, and the results are…mixed.

Here’s the spreadsheet of Brazilian DOAJ journals infected with malware when last checked–37 of them, unfortunately. If you want the plain-text URL, it’s here:

As with others it’s arranged by publisher first, then by journal.

That’s a small percentage of Brazil’s DOAJ members: 1301 when downloaded, up from 1,116 that were in the 2017 scan and are still around. Last year, there were 25 solid malware cases, and another nine that could be worked around, for a total of 34. So the total’s only up slightly, and I’m sure a fair number of these can also be worked around (that is, they have “outbound” malware calls that can be blocked without disabling the journal’s website–but shouldn’t be used unless you’re running high-quality real-time-scanning security software, such as Malwarebytes Pro.)

Unfortunately or perhaps not, the picture’s a bit more complex: of the XM infections from last year, 15 have been fixed and three have become unreachable, leaving seven that are still infected. But there are also eight newly-added journals that are malware-infected, and 13 others that have become infected. That’s not so good.

Four universities account for 23 of the problems; the others are scattered.

As always, I’ll test these at least once more, no earlier than April 15, 2019.

What about other countries?

There were other cases of malware, to be sure. Among the nearly 8,000 (7,990 to be precise) left to be scanned, I see 16 that were infected last year: one each from Chile, Italy, and Ukraine; two from Taiwan; three each from the Philippines and Portugal, and four from Iran. Some of those will have been fixed, and some new ones may emerge. Of the 1,800 or so journals I’d scanned before doing these four country scans, there were four malware cases: one each from Iran, Italy, Mexico and the US.

I’ll post a spreadsheet with all remaining malware cases in this year’s scan when the first scan is complete, but that won’t be until early April or very late March (in both cases, assuming all goes well).

Again, here’s the Brazil spreadsheet.

Malware in Gold Open Access Journals 2018: Part 3, Romania

Monday, January 21st, 2019

In last year’s study, Romania had around 290 OA journals, of which eleven had malware–but two of those had the kind of “outbound malware” that didn’t prevent analysis.

This time around, there are around 320–of which 13 have malware. That includes all eleven from last year (I don’t try workarounds until a third pass), so there’s been no improvement.

This Google Sheet shows the 13, arranged by publisher. Note that six journals are from one university (with three publisher names) and four are from another.

Because the “XX” rows (journals not available for other reasons) weren’t interspersed with the same publishers, there’s no reason to believe they’re related, so I’ve only included XM/Malware.

I’ll contact DOAJ (as I did with the Indonesia list and will do with Brazil, probably next week), in the hopes that their contacts can get these squared away. It’s not reasonable for an OA journal to threaten the computers used to access it.

The spreadsheet link again:

Malware in Gold Open Access Journals 2018: Part 2, Malaysia

Sunday, January 20th, 2019

This one’s all good news. That’s why I’m reporting it separately, instead of grouping it with Romania (which I haven’t processed yet).

To wit: in last year’s study, Malaysia had nine instances of malware along with 32 journals reported fully.

This year, with quite a few more journals–63 in all–I encountered no (zero) cases of malware. That isn’t because last year’s infected journals disappeared: they were all there, but none had malware.

So these things can be fixed. Malaysia’s gold OA publishers show that.

Malware in Gold Open Access Journals 2018: Part 1, Indonesia

Friday, January 18th, 2019

When I prepared GOAJ3: Gold Open Access Journals 2012-2017, I found an unfortunately large number of OA journals that Malwarebytes Pro flagged as being or calling to malware–and most of the problems were in Indonesia, with significant numbers as well in Brazil, Malaysia and Romania. I reported on those issues and alerted DOAJ; some of them were fixed before I did the final check of problematic journals.

I was hoping that this year’s scan (which began January 3) would find most of these problems fixed–but within the first 1,500 journals, there were still a significant number of malware hits from Indonesia and a few others.

So, in the interest of seeing if these problems can be fixed, I detoured from my normal testing order (alphabetic by publisher) to finish the four problematic countries first.

I’ve now finished the scan of Indonesia’s gold OA journals–1,373 of them. Unfortunately, what was a widespread problem last year (in the end, 136 infected journal sites) is now even worse, with 198 journals flagged as malware (and another 88 that were unreachable, many of which may also be malware).

The good news is that 55 of the problematic journals in 2017 are now OK. The bad news is that 145 previously-OK journals are now infected (usually at the domain level–that is, before the slash) or otherwise unreachable, as are 556 newly-added journals.

Almost all of these–all but six–are published by universities, Five universities account for 106 of them.

I will retest all malware-infested and unreachable journals after the overall scan is complete, but no earlier than April 15. I’m hoping that many (all?) of these will be fixed.

I’ve made a Google Sheets spreadsheet of the problematic journals available at

The spreadsheet is arranged by publisher, and interleaves XX (other problems) and XM (malware). For XX, most journals have a note describing the problem–e.g., “dns” for server resolution problems, “refused” for refusal to connect, “db” for database failures.

I’ll post either one or two separate notes and spreadsheets after scanning Malaysia and Romania (which should be done within the week) and Brazil (a HUGE set of journals with very few problems), which should be done in early February. NOTE: Make that three more notes, but at most two more spreadsheets. I’ve finished scanning Malaysia’s OA journals, and as discussed here, it’s all good news: there were no malware infections.

Note: a few of the XM journals have second-level malware: outbound calls that Malwarebytes Pro prevents from occurring while leaving the joiurnal’s home page available. That’s still dangerous if you’re not using really good malware prevention, but I’ll code these differently in the second pass.

Also note: a few (dozen?) journals have a different issue that Malwarebytes Pro did NOT flag, and I didn’t penalize them: the first time you click on any menu item, an ad pops up, but then it’s OK. Except for one case, the ad’s always the same: an English-language free dating service. These popovers (the ad takes up the whole window) should be eradicated and represent sloppy software security, but they fall into a different category.

If you know of folks in Indonesia who might be able to fix these security issues, please pass this on. The spreadsheet, once again, is at

GOAJ4: Starting the Deep Dive

Friday, January 4th, 2019

Just a quick note that I’ve completed downloading, crosschecking, and normalization for GOAJ4: Gold Open Access Journals 2013-2018 and have begun the months-long process of gathering data.

The Good News

The starting count is 12,415 journals. That will certainly not be the final count of fully-analyzed journals, given duplicates and other issues. (Will there be more than 12,000 fully analyzable? Based on last year’s records, it may be close…)

The data is in better shape than ever before at this point in the process.

I’ve done the first 350 journals (sorted by publisher, as that allows the most efficiency).

The Bad News

Malware is still a problem, especially (so far) in Indonesia. Efforts to reach out to the mostly-academic publishers to convince them to clean up their software don’t seem to be wholly effective. (Of 11 Indonesian titles scanned so far, five had malware sufficient to block analysis.)

I will probably post a spreadsheet of some sort listing journals with malware, once I’m at least a quarter or half way through. As usual, malware-infected sites will get two more chances, one no earlier than late April 2017.

[A special one-finger salute to WordPress’s new “friendly” editor–if there are no tags on this post, it’s because I can find no way to select them, or to allow comments, once I’ve started adding comments. Bring back the “unfriendly” WYSIWYG editor–oh, and along with it, the ability to edit HTML directly. This is a TERRIBLE “upgrade.”]