2022-03-01 15:48:40 +01:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width, initial-scale=1, shrink-to-fit=no" >
2022-04-24 20:06:28 +02:00
< meta property = "og:title" content = "April, 2022" / >
< meta property = "og:description" content = "2022-04-01 I did G1GC tests on DSpace Test (linode26) to compliment the CMS tests I did yesterday The Discovery indexing took this long: real 334m33.625s user 227m51.331s sys 3m43.037s 2022-04-04 Start a full harvest on AReS Help Marianne with submit/approve access on a new collection on CGSpace Go back in Gaia’s batch reports to find records that she indicated for replacing on CGSpace (ie, those with better new copies, new versions, etc) Looking at the Solr statistics for 2022-03 on CGSpace I see 54." / >
2022-03-01 15:48:40 +01:00
< meta property = "og:type" content = "article" / >
< meta property = "og:url" content = "https://alanorth.github.io/cgspace-notes/2022-03/" / >
2022-04-24 20:06:28 +02:00
< meta property = "article:published_time" content = "2022-03-01T10:53:39+03:00" / >
< meta property = "article:modified_time" content = "2022-04-23T13:05:02+03:00" / >
2022-03-01 15:48:40 +01:00
< meta name = "twitter:card" content = "summary" / >
2022-04-24 20:06:28 +02:00
< meta name = "twitter:title" content = "April, 2022" / >
< meta name = "twitter:description" content = "2022-04-01 I did G1GC tests on DSpace Test (linode26) to compliment the CMS tests I did yesterday The Discovery indexing took this long: real 334m33.625s user 227m51.331s sys 3m43.037s 2022-04-04 Start a full harvest on AReS Help Marianne with submit/approve access on a new collection on CGSpace Go back in Gaia’s batch reports to find records that she indicated for replacing on CGSpace (ie, those with better new copies, new versions, etc) Looking at the Solr statistics for 2022-03 on CGSpace I see 54." / >
2022-03-29 15:01:48 +02:00
< meta name = "generator" content = "Hugo 0.96.0" / >
2022-03-01 15:48:40 +01:00
< script type = "application/ld+json" >
{
"@context": "http://schema.org",
"@type": "BlogPosting",
2022-04-24 20:06:28 +02:00
"headline": "April, 2022",
2022-03-01 15:48:40 +01:00
"url": "https://alanorth.github.io/cgspace-notes/2022-03/",
2022-04-24 20:06:28 +02:00
"wordCount": "1048",
"datePublished": "2022-03-01T10:53:39+03:00",
"dateModified": "2022-04-23T13:05:02+03:00",
2022-03-01 15:48:40 +01:00
"author": {
"@type": "Person",
"name": "Alan Orth"
},
"keywords": "Notes"
}
< / script >
< link rel = "canonical" href = "https://alanorth.github.io/cgspace-notes/2022-03/" >
2022-04-24 20:06:28 +02:00
< title > April, 2022 | CGSpace Notes< / title >
2022-03-01 15:48:40 +01:00
<!-- combined, minified CSS -->
< link href = "https://alanorth.github.io/cgspace-notes/css/style.beb8012edc08ba10be012f079d618dc243812267efe62e11f22fe49618f976a4.css" rel = "stylesheet" integrity = "sha256-vrgBLtwIuhC+AS8HnWGNwkOBImfv5i4R8i/klhj5dqQ=" crossorigin = "anonymous" >
<!-- minified Font Awesome for SVG icons -->
< script defer src = "https://alanorth.github.io/cgspace-notes/js/fontawesome.min.f5072c55a0721857184db93a50561d7dc13975b4de2e19db7f81eb5f3fa57270.js" integrity = "sha256-9QcsVaByGFcYTbk6UFYdfcE5dbTeLhnbf4HrXz+lcnA=" crossorigin = "anonymous" > < / script >
<!-- RSS 2.0 feed -->
< / head >
< body >
< div class = "blog-masthead" >
< div class = "container" >
< nav class = "nav blog-nav" >
< a class = "nav-link " href = "https://alanorth.github.io/cgspace-notes/" > Home< / a >
< / nav >
< / div >
< / div >
< header class = "blog-header" >
< div class = "container" >
< h1 class = "blog-title" dir = "auto" > < a href = "https://alanorth.github.io/cgspace-notes/" rel = "home" > CGSpace Notes< / a > < / h1 >
< p class = "lead blog-description" dir = "auto" > Documenting day-to-day work on the < a href = "https://cgspace.cgiar.org" > CGSpace< / a > repository.< / p >
< / div >
< / header >
< div class = "container" >
< div class = "row" >
< div class = "col-sm-8 blog-main" >
< article class = "blog-post" >
< header >
2022-04-24 20:06:28 +02:00
< h2 class = "blog-post-title" dir = "auto" > < a href = "https://alanorth.github.io/cgspace-notes/2022-03/" > April, 2022< / a > < / h2 >
2022-03-01 15:48:40 +01:00
< p class = "blog-post-meta" >
2022-04-24 20:06:28 +02:00
< time datetime = "2022-03-01T10:53:39+03:00" > Tue Mar 01, 2022< / time >
2022-03-01 15:48:40 +01:00
in
< span class = "fas fa-folder" aria-hidden = "true" > < / span > < a href = "/cgspace-notes/categories/notes/" rel = "category tag" > Notes< / a >
< / p >
< / header >
2022-04-24 20:06:28 +02:00
< h2 id = "2022-04-01" > 2022-04-01< / h2 >
2022-03-04 13:30:06 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I did G1GC tests on DSpace Test (linode26) to compliment the CMS tests I did yesterday
2022-03-04 13:30:06 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > The Discovery indexing took this long:< / li >
2022-03-04 13:30:06 +01:00
< / ul >
< / li >
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > real 334m33.625s
< / span > < / span > < span style = "display:flex;" > < span > user 227m51.331s
< / span > < / span > < span style = "display:flex;" > < span > sys 3m43.037s
< / span > < / span > < / code > < / pre > < / div > < h2 id = "2022-04-04" > 2022-04-04< / h2 >
2022-03-05 21:14:13 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > Start a full harvest on AReS< / li >
< li > Help Marianne with submit/approve access on a new collection on CGSpace< / li >
< li > Go back in Gaia’ s batch reports to find records that she indicated for replacing on CGSpace (ie, those with better new copies, new versions, etc)< / li >
< li > Looking at the Solr statistics for 2022-03 on CGSpace
2022-03-10 12:35:14 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I see 54.229.218.204 on Amazon AWS made 49,000 requests, some of which with this user agent: < code > Apache-HttpClient/4.5.9 (Java/1.8.0_322)< / code > , and many others with a normal browser agent, so that’ s fishy!< / li >
< li > The DSpace agent pattern < code > http.?agent< / code > seems to have caught the first ones, but I’ ll purge the IP ones< / li >
< li > I see 40.77.167.80 is Bing or MSN Bot, but using a normal browser user agent, and if I search Solr for < code > dns:*msnbot* AND dns:*.msn.com.< / code > I see over 100,000, which is a problem I noticed a few months ago too… < / li >
< li > I extracted the MSN Bot IPs from Solr using an IP facet, then used the < code > check-spider-ip-hits.sh< / code > script to purge them< / li >
2022-03-10 12:35:14 +01:00
< / ul >
< / li >
< / ul >
2022-04-24 20:06:28 +02:00
< h2 id = "2022-04-10" > 2022-04-10< / h2 >
2022-03-13 20:08:57 +01:00
< ul >
< li > Start a full harvest on AReS< / li >
< / ul >
2022-04-24 20:06:28 +02:00
< h2 id = "2022-04-13" > 2022-04-13< / h2 >
2022-03-16 16:32:01 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > UptimeRobot mailed to say that CGSpace was down
2022-03-16 16:32:01 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I looked and found the load at 44… < / li >
2022-03-16 16:32:01 +01:00
< / ul >
< / li >
2022-04-24 20:06:28 +02:00
< li > There seem to be a lot of locks from the XMLUI:< / li >
2022-03-16 16:32:01 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ psql -c < span style = "color:#e6db74" > ' SELECT * FROM pg_locks pl LEFT JOIN pg_stat_activity psa ON pl.pid = psa.pid;' < / span > | grep -o -E < span style = "color:#e6db74" > ' (dspaceWeb|dspaceApi)' < / span > | sort | uniq -c | sort -n
< / span > < / span > < span style = "display:flex;" > < span > 3173 dspaceWeb
< / span > < / span > < / code > < / pre > < / div > < ul >
< li > Looking at the top IPs in nginx’ s access log one IP in particular stands out:< / li >
< / ul >
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > 941 66.249.66.222
< / span > < / span > < span style = "display:flex;" > < span > 1224 95.108.213.28
< / span > < / span > < span style = "display:flex;" > < span > 2074 157.90.209.76
< / span > < / span > < span style = "display:flex;" > < span > 3064 66.249.66.221
< / span > < / span > < span style = "display:flex;" > < span > 95743 185.192.69.15
< / span > < / span > < / code > < / pre > < / div > < ul >
< li > 185.192.69.15 is in the UK< / li >
< li > I added a block for that IP in nginx and the load went down… < / li >
2022-03-22 14:02:11 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< h2 id = "2022-04-16" > 2022-04-16< / h2 >
2022-03-22 14:02:11 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > Start harvest on AReS< / li >
2022-03-22 14:02:11 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< h2 id = "2022-04-18" > 2022-04-18< / h2 >
2022-03-22 14:02:11 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I woke up to several notices from UptimeRobot that CGSpace had gone down and up in the night (of course I’ m on holiday out of the country for Easter)
2022-03-22 14:02:11 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I see there are many locks in use from the XMLUI:< / li >
2022-03-22 14:02:11 +01:00
< / ul >
< / li >
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ psql -c < span style = "color:#e6db74" > ' SELECT * FROM pg_locks pl LEFT JOIN pg_stat_activity psa ON pl.pid = psa.pid;' < / span > | grep -o -E < span style = "color:#e6db74" > ' (dspaceWeb|dspaceApi)' < / span > | sort | uniq -c
< / span > < / span > < span style = "display:flex;" > < span > 8932 dspaceWeb
2022-03-22 14:02:11 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > Looking at the top IPs making requests it seems they are Yandex, bingbot, and Googlebot:< / li >
< / ul >
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > # cat /var/log/nginx/access.log /var/log/nginx/access.log.1 | awk < span style = "color:#e6db74" > ' {print $1}' < / span > | sort | uniq -c | sort -h
< / span > < / span > < span style = "display:flex;" > < span > 752 69.162.124.231
< / span > < / span > < span style = "display:flex;" > < span > 759 66.249.64.213
< / span > < / span > < span style = "display:flex;" > < span > 864 66.249.66.222
< / span > < / span > < span style = "display:flex;" > < span > 905 2a01:4f8:221:f::2
< / span > < / span > < span style = "display:flex;" > < span > 1013 84.33.2.97
< / span > < / span > < span style = "display:flex;" > < span > 1201 157.55.39.159
< / span > < / span > < span style = "display:flex;" > < span > 1204 157.55.39.144
< / span > < / span > < span style = "display:flex;" > < span > 1209 157.55.39.102
< / span > < / span > < span style = "display:flex;" > < span > 1217 157.55.39.161
< / span > < / span > < span style = "display:flex;" > < span > 1252 207.46.13.177
< / span > < / span > < span style = "display:flex;" > < span > 1274 157.55.39.162
< / span > < / span > < span style = "display:flex;" > < span > 2553 66.249.66.221
< / span > < / span > < span style = "display:flex;" > < span > 2941 95.108.213.28
2022-03-22 14:02:11 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > One IP is using a stange user agent though:< / li >
2022-03-22 20:04:11 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > 84.33.2.97 - - [18/Apr/2022:00:20:38 +0200] " GET /bitstream/handle/10568/109581/Banana_Blomme%20_2020.pdf.jpg HTTP/1.1" 404 10890 " -" " SomeRandomText"
2022-03-22 20:04:11 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > Overall, it seems we had 17,000 unique IPs connecting in the last nine hours (currently 9:14AM and log file rolled over at 00:00):< / li >
2022-03-22 20:04:11 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > # cat /var/log/nginx/access.log | awk < span style = "color:#e6db74" > ' {print $1}' < / span > | sort | uniq | wc -l
< / span > < / span > < span style = "display:flex;" > < span > 17314
2022-03-22 20:04:11 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > That’ s a lot of unique IPs, and I see some patterns of IPs in China making ten to twenty requests each
2022-03-22 20:04:11 +01:00
< ul >
2022-04-24 20:06:28 +02:00
< li > The ISPs I’ ve seen so far are ChinaNet and China Unicom< / li >
2022-03-22 20:04:11 +01:00
< / ul >
< / li >
2022-04-24 20:06:28 +02:00
< li > I extracted all the IPs from today and resolved them:< / li >
2022-03-22 20:04:11 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > # cat /var/log/nginx/access.log | awk < span style = "color:#e6db74" > ' {print $1}' < / span > | sort | uniq > /tmp/2022-04-18-ips.txt
< / span > < / span > < span style = "display:flex;" > < span > $ ./ilri/resolve-addresses-geoip2.py -i /tmp/2022-04-18-ips.txt -o /tmp/2022-04-18-ips.csv
2022-03-22 20:04:11 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > The top ASNs by IP are:< / li >
< / ul >
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ csvcut -c < span style = "color:#ae81ff" > 2< / span > /tmp/2022-04-18-ips.csv | sed 1d | sort | uniq -c | sort -n | tail -n < span style = "color:#ae81ff" > 10< / span >
< / span > < / span > < span style = "display:flex;" > < span > 102 GOOGLE
< / span > < / span > < span style = "display:flex;" > < span > 139 Maxihost LTDA
< / span > < / span > < span style = "display:flex;" > < span > 165 AMAZON-02
< / span > < / span > < span style = "display:flex;" > < span > 393 " China Mobile Communications Group Co., Ltd."
< / span > < / span > < span style = "display:flex;" > < span > 473 AMAZON-AES
< / span > < / span > < span style = "display:flex;" > < span > 616 China Mobile communications corporation
< / span > < / span > < span style = "display:flex;" > < span > 642 M247 Ltd
< / span > < / span > < span style = "display:flex;" > < span > 2336 HostRoyale Technologies Pvt Ltd
< / span > < / span > < span style = "display:flex;" > < span > 4556 Chinanet
< / span > < / span > < span style = "display:flex;" > < span > 5527 CHINA UNICOM China169 Backbone
< / span > < / span > < span style = "display:flex;" > < span > $ csvcut -c < span style = "color:#ae81ff" > 4< / span > /tmp/2022-04-18-ips.csv | sed 1d | sort | uniq -c | sort -n | tail -n < span style = "color:#ae81ff" > 10< / span >
< / span > < / span > < span style = "display:flex;" > < span > 139 262287
< / span > < / span > < span style = "display:flex;" > < span > 165 16509
< / span > < / span > < span style = "display:flex;" > < span > 180 204287
< / span > < / span > < span style = "display:flex;" > < span > 393 9808
< / span > < / span > < span style = "display:flex;" > < span > 473 14618
< / span > < / span > < span style = "display:flex;" > < span > 615 56041
< / span > < / span > < span style = "display:flex;" > < span > 642 9009
< / span > < / span > < span style = "display:flex;" > < span > 2156 203020
< / span > < / span > < span style = "display:flex;" > < span > 4556 4134
< / span > < / span > < span style = "display:flex;" > < span > 5527 4837
2022-03-22 20:04:11 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > I spot checked a few IPs from each of these and they are definitely just making bullshit requests to Discovery and HTML sitemap etc< / li >
< li > I will download the IP blocks for each ASN except Google and Amazon and ban them< / li >
2022-03-25 10:17:36 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ wget https://asn.ipinfo.app/api/text/nginx/AS4837 https://asn.ipinfo.app/api/text/nginx/AS4134 https://asn.ipinfo.app/api/text/nginx/AS203020 https://asn.ipinfo.app/api/text/nginx/AS9009 https://asn.ipinfo.app/api/text/nginx/AS56041 https://asn.ipinfo.app/api/text/nginx/AS9808
< / span > < / span > < span style = "display:flex;" > < span > $ cat AS* | sed -e < span style = "color:#e6db74" > ' /^$/d' < / span > -e < span style = "color:#e6db74" > ' /^#/d' < / span > -e < span style = "color:#e6db74" > ' /^{/d' < / span > -e < span style = "color:#e6db74" > ' s/deny //' < / span > -e < span style = "color:#e6db74" > ' s/;//' < / span > | sort | uniq | wc -l
< / span > < / span > < span style = "display:flex;" > < span > 20296
2022-03-25 10:17:36 +01:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > I extracted the IPv4 and IPv6 networks:< / li >
2022-03-25 10:17:36 +01:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ cat AS* | sed -e < span style = "color:#e6db74" > ' /^$/d' < / span > -e < span style = "color:#e6db74" > ' /^#/d' < / span > -e < span style = "color:#e6db74" > ' /^{/d' < / span > -e < span style = "color:#e6db74" > ' s/deny //' < / span > -e < span style = "color:#e6db74" > ' s/;//' < / span > | grep < span style = "color:#e6db74" > " :" < / span > | sort > /tmp/ipv6-networks.txt
< / span > < / span > < span style = "display:flex;" > < span > $ cat AS* | sed -e < span style = "color:#e6db74" > ' /^$/d' < / span > -e < span style = "color:#e6db74" > ' /^#/d' < / span > -e < span style = "color:#e6db74" > ' /^{/d' < / span > -e < span style = "color:#e6db74" > ' s/deny //' < / span > -e < span style = "color:#e6db74" > ' s/;//' < / span > | grep -v < span style = "color:#e6db74" > " :" < / span > | sort > /tmp/ipv4-networks.txt
2022-03-28 15:09:34 +02:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > I suspect we need to aggregate these networks since they are so many and nftables doesn’ t like it when they overlap:< / li >
< / ul >
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ wc -l /tmp/ipv4-networks.txt
< / span > < / span > < span style = "display:flex;" > < span > 15464 /tmp/ipv4-networks.txt
< / span > < / span > < span style = "display:flex;" > < span > $ aggregate6 /tmp/ipv4-networks.txt | wc -l
< / span > < / span > < span style = "display:flex;" > < span > 2781
< / span > < / span > < span style = "display:flex;" > < span > $ wc -l /tmp/ipv6-networks.txt
< / span > < / span > < span style = "display:flex;" > < span > 4833 /tmp/ipv6-networks.txt
< / span > < / span > < span style = "display:flex;" > < span > $ aggregate6 /tmp/ipv6-networks.txt | wc -l
< / span > < / span > < span style = "display:flex;" > < span > 338
< / span > < / span > < / code > < / pre > < / div > < ul >
< li > I deployed these lists on CGSpace, ran all updates, and rebooted the server
2022-03-29 15:01:48 +02:00
< ul >
2022-04-24 20:06:28 +02:00
< li > This list is SURELY too broad because we will block legitimate users in China… but right now how can I discern?< / li >
< li > Also, I need to purge the hits from these 14,000 IPs in Solr when I get time< / li >
2022-03-29 15:01:48 +02:00
< / ul >
< / li >
2022-04-24 20:06:28 +02:00
< li > Looking back at the Munin graphs a few hours later I see this was indeed some kind of spike that was out of the ordinary:< / li >
2022-03-29 15:01:48 +02:00
< / ul >
2022-04-24 20:06:28 +02:00
< p > < img src = "/cgspace-notes/2022/04/postgres_connections_ALL-day.png" alt = "PostgreSQL connections day" >
< img src = "/cgspace-notes/2022/04/jmx_dspace_sessions-day.png" alt = "DSpace sessions day" > < / p >
2022-03-31 15:09:14 +02:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I used < code > grepcidr< / code > with the aggregated network lists to extract IPs matching those networks from the nginx logs for the past day:< / li >
2022-03-31 15:09:14 +02:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > # cat /var/log/nginx/access.log /var/log/nginx/access.log.1 | awk < span style = "color:#e6db74" > ' {print $1}' < / span > | sort -u > /tmp/ips.log
< / span > < / span > < span style = "display:flex;" > < span > # < span style = "color:#66d9ef" > while< / span > read -r network; < span style = "color:#66d9ef" > do< / span > grepcidr $network /tmp/ips.log > > /tmp/ipv4-ips.txt; < span style = "color:#66d9ef" > done< / span > < /tmp/ipv4-networks-aggregated.txt
< / span > < / span > < span style = "display:flex;" > < span > # < span style = "color:#66d9ef" > while< / span > read -r network; < span style = "color:#66d9ef" > do< / span > grepcidr $network /tmp/ips.log > > /tmp/ipv6-ips.txt; < span style = "color:#66d9ef" > done< / span > < /tmp/ipv6-networks-aggregated.txt
< / span > < / span > < span style = "display:flex;" > < span > # wc -l /tmp/ipv4-ips.txt
< / span > < / span > < span style = "display:flex;" > < span > 15313 /tmp/ipv4-ips.txt
< / span > < / span > < span style = "display:flex;" > < span > # wc -l /tmp/ipv6-ips.txt
< / span > < / span > < span style = "display:flex;" > < span > 19 /tmp/ipv6-ips.txt
2022-03-31 15:09:14 +02:00
< / span > < / span > < / code > < / pre > < / div > < ul >
2022-04-24 20:06:28 +02:00
< li > Then I purged them from Solr using the < code > check-spider-ip-hits.sh< / code > :< / li >
2022-03-31 15:09:14 +02:00
< / ul >
2022-04-24 20:06:28 +02:00
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > $ ./ilri/check-spider-ip-hits.sh -f /tmp/ipv4-ips.txt -p
< / span > < / span > < / code > < / pre > < / div > < h2 id = "2022-04-23" > 2022-04-23< / h2 >
2022-03-31 15:09:14 +02:00
< ul >
2022-04-24 20:06:28 +02:00
< li > A handful of spider user agents that I identified were merged into COUNTER-Robots so I updated the ILRI override in our DSpace and regenerated the < code > example< / code > file that contains most patterns
2022-04-04 18:15:58 +02:00
< ul >
2022-04-24 20:06:28 +02:00
< li > I updated CGSpace, then ran all system updates and rebooted the host< / li >
< li > I also ran < code > dspace cleanup -v< / code > to prune the database< / li >
2022-04-04 18:15:58 +02:00
< / ul >
< / li >
< / ul >
2022-04-24 20:06:28 +02:00
< h2 id = "2022-04-24" > 2022-04-24< / h2 >
2022-03-31 15:09:14 +02:00
< ul >
2022-04-24 20:06:28 +02:00
< li > Start a harvest on AReS< / li >
2022-03-31 15:09:14 +02:00
< / ul >
2022-03-13 20:08:57 +01:00
<!-- raw HTML omitted -->
2022-03-01 15:48:40 +01:00
2022-04-24 20:06:28 +02:00
2022-03-01 15:48:40 +01:00
< / article >
< / div > <!-- /.blog - main -->
< aside class = "col-sm-3 ml-auto blog-sidebar" >
< section class = "sidebar-module" >
< h4 > Recent Posts< / h4 >
< ol class = "list-unstyled" >
< li > < a href = "/cgspace-notes/2022-03/" > March, 2022< / a > < / li >
2022-04-04 18:15:58 +02:00
< li > < a href = "/cgspace-notes/2022-03/" > April, 2022< / a > < / li >
2022-03-01 15:48:40 +01:00
< li > < a href = "/cgspace-notes/2022-02/" > February, 2022< / a > < / li >
< li > < a href = "/cgspace-notes/2022-01/" > January, 2022< / a > < / li >
< li > < a href = "/cgspace-notes/2021-12/" > December, 2021< / a > < / li >
< / ol >
< / section >
< section class = "sidebar-module" >
< h4 > Links< / h4 >
< ol class = "list-unstyled" >
< li > < a href = "https://cgspace.cgiar.org" > CGSpace< / a > < / li >
< li > < a href = "https://dspacetest.cgiar.org" > DSpace Test< / a > < / li >
< li > < a href = "https://github.com/ilri/DSpace" > CGSpace @ GitHub< / a > < / li >
< / ol >
< / section >
< / aside >
< / div > <!-- /.row -->
< / div > <!-- /.container -->
< footer class = "blog-footer" >
< p dir = "auto" >
Blog template created by < a href = "https://twitter.com/mdo" > @mdo< / a > , ported to Hugo by < a href = 'https://twitter.com/mralanorth' > @mralanorth< / a > .
< / p >
< p >
< a href = "#" > Back to top< / a >
< / p >
< / footer >
< / body >
< / html >