Archive for January, 2019

GOAJ: January 2019 figures

Thursday, January 31st, 2019


eadership figures for GOAJ3 (unfortunately missing most of today, 12/31, and the last day of each month)–and, for now, I’ll keep reporting on GOAJ2 as well.

All links available from the project home page, as always.

GOAJ3: 2012-2017

  • The dataset: 918 views, 129 downloads
  • GOAJ3: 2,699 PDF ebooks + 221 copies of first few chapters (C&I 18.3)
  • Countries: 848 PDF ebooks
  • Subject supplement (C&I 18.4): 281 downloads
  • No paperbacks

GOAJ2: 2011-2016

  • The dataset: 678 views, 127 downloads.
  • GOAJ2: 2,433 PDF ebooks (and two paperbacks), plus 1,384 copies of chapters 1-7 (C&I 17.4)
  • Countries: 1,060 PDF ebooks (no paperbacks)
  • Subject supplement (C&I 17.5): 2,037 copies

Gray OA



Malware in Gold Open Access Journals, 2018–Part 4: Brazil

Tuesday, January 29th, 2019

I’ve now finished the scan of Brazil DOAJ journals (as of 1/1/2019), the fourth country with a significant number of malware infections in 2017, and the results are…mixed.

Here’s the spreadsheet of Brazilian DOAJ journals infected with malware when last checked–37 of them, unfortunately. If you want the plain-text URL, it’s here: https://docs.google.com/spreadsheets/d/1izVn7-QzvgB-XzWFTiKoLPmu5jEyS_WuwyBpKaUjazM/edit?usp=sharing

As with others it’s arranged by publisher first, then by journal.

That’s a small percentage of Brazil’s DOAJ members: 1301 when downloaded, up from 1,116 that were in the 2017 scan and are still around. Last year, there were 25 solid malware cases, and another nine that could be worked around, for a total of 34. So the total’s only up slightly, and I’m sure a fair number of these can also be worked around (that is, they have “outbound” malware calls that can be blocked without disabling the journal’s website–but shouldn’t be used unless you’re running high-quality real-time-scanning security software, such as Malwarebytes Pro.)

Unfortunately or perhaps not, the picture’s a bit more complex: of the XM infections from last year, 15 have been fixed and three have become unreachable, leaving seven that are still infected. But there are also eight newly-added journals that are malware-infected, and 13 others that have become infected. That’s not so good.

Four universities account for 23 of the problems; the others are scattered.

As always, I’ll test these at least once more, no earlier than April 15, 2019.

What about other countries?

There were other cases of malware, to be sure. Among the nearly 8,000 (7,990 to be precise) left to be scanned, I see 16 that were infected last year: one each from Chile, Italy, and Ukraine; two from Taiwan; three each from the Philippines and Portugal, and four from Iran. Some of those will have been fixed, and some new ones may emerge. Of the 1,800 or so journals I’d scanned before doing these four country scans, there were four malware cases: one each from Iran, Italy, Mexico and the US.

I’ll post a spreadsheet with all remaining malware cases in this year’s scan when the first scan is complete, but that won’t be until early April or very late March (in both cases, assuming all goes well).

Again, here’s the Brazil spreadsheet.

Malware in Gold Open Access Journals 2018: Part 3, Romania

Monday, January 21st, 2019

In last year’s study, Romania had around 290 OA journals, of which eleven had malware–but two of those had the kind of “outbound malware” that didn’t prevent analysis.

This time around, there are around 320–of which 13 have malware. That includes all eleven from last year (I don’t try workarounds until a third pass), so there’s been no improvement.

This Google Sheet shows the 13, arranged by publisher. Note that six journals are from one university (with three publisher names) and four are from another.

Because the “XX” rows (journals not available for other reasons) weren’t interspersed with the same publishers, there’s no reason to believe they’re related, so I’ve only included XM/Malware.

I’ll contact DOAJ (as I did with the Indonesia list and will do with Brazil, probably next week), in the hopes that their contacts can get these squared away. It’s not reasonable for an OA journal to threaten the computers used to access it.

The spreadsheet link again: https://docs.google.com/spreadsheets/d/13g0s9erwq-slwiTFmFnty5so2vyQWrCsgHkyl1kN0y0/edit?usp=sharing

Malware in Gold Open Access Journals 2018: Part 2, Malaysia

Sunday, January 20th, 2019

This one’s all good news. That’s why I’m reporting it separately, instead of grouping it with Romania (which I haven’t processed yet).

To wit: in last year’s study, Malaysia had nine instances of malware along with 32 journals reported fully.

This year, with quite a few more journals–63 in all–I encountered no (zero) cases of malware. That isn’t because last year’s infected journals disappeared: they were all there, but none had malware.

So these things can be fixed. Malaysia’s gold OA publishers show that.

Malware in Gold Open Access Journals 2018: Part 1, Indonesia

Friday, January 18th, 2019

When I prepared GOAJ3: Gold Open Access Journals 2012-2017, I found an unfortunately large number of OA journals that Malwarebytes Pro flagged as being or calling to malware–and most of the problems were in Indonesia, with significant numbers as well in Brazil, Malaysia and Romania. I reported on those issues and alerted DOAJ; some of them were fixed before I did the final check of problematic journals.

I was hoping that this year’s scan (which began January 3) would find most of these problems fixed–but within the first 1,500 journals, there were still a significant number of malware hits from Indonesia and a few others.

So, in the interest of seeing if these problems can be fixed, I detoured from my normal testing order (alphabetic by publisher) to finish the four problematic countries first.

I’ve now finished the scan of Indonesia’s gold OA journals–1,373 of them. Unfortunately, what was a widespread problem last year (in the end, 136 infected journal sites) is now even worse, with 198 journals flagged as malware (and another 88 that were unreachable, many of which may also be malware).

The good news is that 55 of the problematic journals in 2017 are now OK. The bad news is that 145 previously-OK journals are now infected (usually at the domain level–that is, before the slash) or otherwise unreachable, as are 556 newly-added journals.

Almost all of these–all but six–are published by universities, Five universities account for 106 of them.

I will retest all malware-infested and unreachable journals after the overall scan is complete, but no earlier than April 15. I’m hoping that many (all?) of these will be fixed.

I’ve made a Google Sheets spreadsheet of the problematic journals available at https://docs.google.com/spreadsheets/d/1iAfXDQPI9Cxwz6J7wEoGRUhX9Sed2gvmkxcIbuLRNic/edit?usp=sharing.

The spreadsheet is arranged by publisher, and interleaves XX (other problems) and XM (malware). For XX, most journals have a note describing the problem–e.g., “dns” for server resolution problems, “refused” for refusal to connect, “db” for database failures.

I’ll post either one or two separate notes and spreadsheets after scanning Malaysia and Romania (which should be done within the week) and Brazil (a HUGE set of journals with very few problems), which should be done in early February. NOTE: Make that three more notes, but at most two more spreadsheets. I’ve finished scanning Malaysia’s OA journals, and as discussed here, it’s all good news: there were no malware infections.

Note: a few of the XM journals have second-level malware: outbound calls that Malwarebytes Pro prevents from occurring while leaving the joiurnal’s home page available. That’s still dangerous if you’re not using really good malware prevention, but I’ll code these differently in the second pass.

Also note: a few (dozen?) journals have a different issue that Malwarebytes Pro did NOT flag, and I didn’t penalize them: the first time you click on any menu item, an ad pops up, but then it’s OK. Except for one case, the ad’s always the same: an English-language free dating service. These popovers (the ad takes up the whole window) should be eradicated and represent sloppy software security, but they fall into a different category.

If you know of folks in Indonesia who might be able to fix these security issues, please pass this on. The spreadsheet, once again, is at https://docs.google.com/spreadsheets/d/1iAfXDQPI9Cxwz6J7wEoGRUhX9Sed2gvmkxcIbuLRNic/edit?usp=sharing

GOAJ4: Starting the Deep Dive

Friday, January 4th, 2019

Just a quick note that I’ve completed downloading, crosschecking, and normalization for GOAJ4: Gold Open Access Journals 2013-2018 and have begun the months-long process of gathering data.

The Good News

The starting count is 12,415 journals. That will certainly not be the final count of fully-analyzed journals, given duplicates and other issues. (Will there be more than 12,000 fully analyzable? Based on last year’s records, it may be close…)

The data is in better shape than ever before at this point in the process.

I’ve done the first 350 journals (sorted by publisher, as that allows the most efficiency).

The Bad News

Malware is still a problem, especially (so far) in Indonesia. Efforts to reach out to the mostly-academic publishers to convince them to clean up their software don’t seem to be wholly effective. (Of 11 Indonesian titles scanned so far, five had malware sufficient to block analysis.)

I will probably post a spreadsheet of some sort listing journals with malware, once I’m at least a quarter or half way through. As usual, malware-infected sites will get two more chances, one no earlier than late April 2017.

[A special one-finger salute to WordPress’s new “friendly” editor–if there are no tags on this post, it’s because I can find no way to select them, or to allow comments, once I’ve started adding comments. Bring back the “unfriendly” WYSIWYG editor–oh, and along with it, the ability to edit HTML directly. This is a TERRIBLE “upgrade.”]