We are receiving reports from students and staff about a new spam email arriving in University Inboxes.

This spam email is quite sophisticated in that it is uses the title of a genuine email that you have replied to previously in order to trick you into believing it is authentic.

If you open the email you will see a mostly blank email with an information notification at the top of the email saying, “If there are problems with how this message is displayed, click here to view in a web browser” or something similar. If you click this link it will take you to a BBC website but in the process collects your private user credentials. It then uses these credentials to send out more harmful emails from your account. On mobile devices the email sometimes appears with a green button saying ‘Display Message’.

Do not open this email as it could damage your work and computer and may make your private details vulnerable.

If you are concerned about this email or other similar emails then please call ex.6262 or go to reading.ac.uk/it

For tips on keeping yourself and your information safe online, visit the IT web page on PC Security.

IT have been receiving reports of a new scam/phishing email coming into University staff inboxes.

The scam email is designed to make the person who receives it believe that a senior member of staff is contacting them.  If you reply to the email it will send a new email with harmful links that could damage your work and computer and may make your private details vulnerable. Do not open or reply to this email.

This email has affected other institutions including Universities in America and has been reported on the mainstream news.

If you are concerned about this email or other similar emails then please call ex.6262 or go to reading.ac.uk/it

For tips on keeping yourself and your information safe online, visit the IT web page on PC Security.

From: ‘xxxxxx’ <‘xxxxxxxx’@gmail.com>
Sent: Thursday, November 29, 2018 10:31 am
To: ‘xxxxxxxxxxxx’
Subject: Are you on campus


Sent from my Iphone

On the 24th and 25th of October we had two critical incidents in IT.

24th – Network Issue

The incident on Wednesday 24th October affected both the wired and Wi-Fi networks and meant that many services were not available.  The incident started at about 13:30.The severe impact of the incident was picked up quickly and a critical incident was called within IT.

The first meeting of the Critical Incident Team was held at 13:45.  Some staff were able to continue working but many key services were unavailable (web pages, RISIS, Trent, Agresso etc.)  Email remained available.

The nature of the incident meant that we could not use many of our standard communications channels (mail lists, status page, IT blog) to update University staff and students.  Information was emailed out individually to key contacts and Tweeted at 13:53.


Our Networks and Infrastructure Services teams, along with our network supplier, investigated the issue as a priority and identified what looked to be a faulty network device on our Earley Gate data centre.  The network device was disabled at about 16:30 as soon as the cause was identified.

The diagnosis was especially difficult which is why it took about 2.5 hours.  Whilst some services were available again quite quickly after this, our staff worked into the evening to restore others including: eduroam, Skype for Business, MyID, Apps Anywhere, Managed Print.

Further work took place over the following week to determine the exact fault before the device could be re-connected to the network.

25th – Data Storage Issue

On Thurs 25th October we had another critical incident that affected our Research Data Storage service.

All storage on the Gold tier was affected and about half of storage on the Basic tier were unavailable.  This outage was logged with our supplier at approximately 10:00.

It was flagged as a Critical Incident at 11:12. We held four Critical Incident Team meetings during that day and worked closely with our supplier on a resolution.  Following investigation by our supplier, the incident was found to have been caused by the file system manager (ZFS) locking up on one of the two nodes and the system not automatically switching over to the other node.


The failover was forced by our suppler and all services were restored before 16:00.  We continue to work with our supplier on determining the root cause to reduce the likelihood of this re-occurring.

Next Time

Following these two critical incidents, we are reviewing our Critical Incident Plan and our Communications Plan to further improve our incident response.

We are receiving reports of a Phishing email coming into University inboxes. This is not an official University email and clinking on the links could harm your computer/data.

The email claims to come from ‘IT Service Desk’ and that there has been a blocked sign in attempt on your university email account. It looks like this:

The IT department blocks thousands of scam emails a week but some still get through. Please always check the sender address and hover your mouse over links to check them before clicking.

To learn more on keeping safe online at the University, read the PC Security page on the IT website.

If you are unsure of an email or want to talk to IT about phishing emails then please call ex.6262 or go to reading.ac.uk/it



Over the first two days of November 2018, a substantial number of staff at the University of Reading became locked out of their user accounts meaning that they had no access to centrally provided University resources such as their desktop, Eduroam (Wi-Fi) and email. Over the course of the two days, IT saw approximately 500 individual incidents of this. 


The cause of this was an attack on University accounts through a legacy service providing email access to a small number of accounts. This service, known as IMAP (Internet Message Access Protocol), is used by some older email clients to gain access to email stored on central email servers. Most clients at the University do not use this method but it was once very common, and some systems still use it to get access. 

 A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. 


A “botnet” was attempting to connect to this system using a real username (e.g. ab123456) and then randomly guessing a password. As a defence against this, central authentication services will lock the account to slow down the attacks. This is a standard approach to reduce these attacks and forms best practice. The account is locked for a period of time and will then unlock to allow the end-user to regain access. During the time that the account is locked, the user cannot access services. 

Once identified, IT blocked access to the computer being used to launch the attack at the University Network Perimeter (known as a Firewall). Unfortunately, because a large and random number of computers can make up a botnet, these switched to a different source machine and started up again. Infrastructure Services were effectively playing whack-a-mole to stop the problem. In total we blocked 25599 different addresses during the course of the attack 


Due to the small number of end-users using the legacy IMAP service, and the larger number of users affected by the lockouts problem, IT took the action to remove external access to the IMAP service. This will remove the ability of the attackers to access the service and lock the accounts. University users of the external legacy IMAP service should use the email web portal to access their emails, calendar etc and contact the IT Service Desk for further advice. 

We will continue to monitor the situation as always for additional problems. 

This morning we identified an issue with the Card Finance system that is preventing users from logging on and is also affecting users trying to print.

This is being investigated by the supplier and we shall update with any further information as soon as possible.

Microsoft have reported an issue with Microsoft Teams that is preventing some users from accessing the service.  Please see the following service status notice from Microsoft.


Service degradation

User impact:

Users may be unable to access Microsoft Teams.

Latest message:

Title: Microsoft Teams access issue User Impact: Users may be unable to access Microsoft Teams. More info: Users may see the error message ‘D’oh! Something went wrong… Try again’. This is affecting both the Microsoft Teams web and desktop clients. Current status: We’re reviewing service logs to isolate the source of the issue and determine the next troubleshooting steps. Scope of impact: Impact is specific to a subset of users who are served through the affected infrastructure. Next update by: Monday, October 29, 2018, at 11:00 AM UTC



The research data storage service is now accessible. We are now running on one node and the service is considered to be at risk while we and the suppliers work to determine the root cause.

We will be getting back in touch with people who have already  raised tickets. Please contact us if you are still experiencing problems with the research storage service.

Once again I would like to apologise for the inconvenience this service interruption has caused.

Please note that following on from the issues we experienced yesterday afternoon, the NFS and SMB shares on stor-nex-pool1 are not working. This is affecting the Gold and Basic Research storage.

Our Academic Computing team are currently investigating this as a priority and we will update you with any information as this becomes available.

Last night we upgraded our storage to fix a known bug with moving NFS services between storage nodes.

The NFS service was not running on the storage which manages the exports for mail and web server configuration.

We recovered service by restarting the NFS service and are currently working with vendors on root cause.

On 5th October 2018 we experienced a loss of network connectivity to the RUSU building, which also affected the connection providing Wi-FI Connectivity to the Open Day dome. Working on the Friday night and on Saturday morning, IT and the Estates team were able to restore connections and restore a full service 

At approximately 6:30pm on 5th October, there was an issue that caused an interruption to service between network cabinets in Black Horse House – we know this is a fault with the cabling within the building (“structured cabling”), but the root cause is still being identified.  

This caused an outage at RUSU that affected all network services, including Wi-Fi and the tills. Taking place on the evening of the Fresher’s Ball this casued a substantial impact, and RUSU was unable to accept card payments. The IT networks team responded but were unable to implement a fix. They left at 11:30pm. 

On Saturday (University Open Day) it was identified that this would also have an impact on the Open Day Dome. Some connectivity via leakage from buildings was possible and IT were able to improve this. Working closely with Estates, a new connection direct from the IT datacentre to RUSU was brought into service. This new connection had only been completed on the Friday and was due to be made live shortly. This restored service to RUSU at about 1.30 pm and boosted the signal to the dome. 

Thanks to members of IT and Estates for giving up their Friday nights and Saturdays to fix this.


« Older entries § Newer entries »