2024-11-19 08:40:23 +01:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width, initial-scale=1, shrink-to-fit=no" >
< meta property = "og:title" content = "November, 2024" / >
< meta property = "og:description" content = "2024-11-11
Some IP in India is making tons of requests this morning with a normal user agent:
# awk ' {print $1}' /var/log/nginx/api-access.log | sort | uniq -c | sort -h | tail -n 40
...
513743 49.207.196.249
" />
< meta property = "og:type" content = "article" / >
< meta property = "og:url" content = "https://alanorth.github.io/cgspace-notes/2024-11/" / >
< meta property = "article:published_time" content = "2024-11-11T09:47:00+03:00" / >
2024-12-04 14:27:49 +01:00
< meta property = "article:modified_time" content = "2024-11-19T10:40:23+03:00" / >
2024-11-19 08:40:23 +01:00
< meta name = "twitter:card" content = "summary" / >
< meta name = "twitter:title" content = "November, 2024" / >
< meta name = "twitter:description" content = "2024-11-11
Some IP in India is making tons of requests this morning with a normal user agent:
# awk ' {print $1}' /var/log/nginx/api-access.log | sort | uniq -c | sort -h | tail -n 40
...
513743 49.207.196.249
"/>
< meta name = "generator" content = "Hugo 0.133.1" >
< script type = "application/ld+json" >
{
"@context": "http://schema.org",
"@type": "BlogPosting",
"headline": "November, 2024",
"url": "https://alanorth.github.io/cgspace-notes/2024-11/",
"wordCount": "229",
"datePublished": "2024-11-11T09:47:00+03:00",
2024-12-04 14:27:49 +01:00
"dateModified": "2024-11-19T10:40:23+03:00",
2024-11-19 08:40:23 +01:00
"author": {
"@type": "Person",
"name": "Alan Orth"
},
"keywords": "Notes"
}
< / script >
< link rel = "canonical" href = "https://alanorth.github.io/cgspace-notes/2024-11/" >
< title > November, 2024 | CGSpace Notes< / title >
<!-- combined, minified CSS -->
< link href = "https://alanorth.github.io/cgspace-notes/css/style.c6ba80bc50669557645abe05f86b73cc5af84408ed20f1551a267bc19ece8228.css" rel = "stylesheet" integrity = "sha256-xrqAvFBmlVdkWr4F+GtzzFr4RAjtIPFVGiZ7wZ7Ogig=" crossorigin = "anonymous" >
<!-- minified Font Awesome for SVG icons -->
< script defer src = "https://alanorth.github.io/cgspace-notes/js/fontawesome.min.f5072c55a0721857184db93a50561d7dc13975b4de2e19db7f81eb5f3fa57270.js" integrity = "sha256-9QcsVaByGFcYTbk6UFYdfcE5dbTeLhnbf4HrXz+lcnA=" crossorigin = "anonymous" > < / script >
<!-- RSS 2.0 feed -->
< / head >
< body >
< div class = "blog-masthead" >
< div class = "container" >
< nav class = "nav blog-nav" >
< a class = "nav-link " href = "https://alanorth.github.io/cgspace-notes/" > Home< / a >
< / nav >
< / div >
< / div >
< header class = "blog-header" >
< div class = "container" >
< h1 class = "blog-title" dir = "auto" > < a href = "https://alanorth.github.io/cgspace-notes/" rel = "home" > CGSpace Notes< / a > < / h1 >
< p class = "lead blog-description" dir = "auto" > Documenting day-to-day work on the < a href = "https://cgspace.cgiar.org" > CGSpace< / a > repository.< / p >
< / div >
< / header >
< div class = "container" >
< div class = "row" >
< div class = "col-sm-8 blog-main" >
< article class = "blog-post" >
< header >
< h2 class = "blog-post-title" dir = "auto" > < a href = "https://alanorth.github.io/cgspace-notes/2024-11/" > November, 2024< / a > < / h2 >
< p class = "blog-post-meta" >
< time datetime = "2024-11-11T09:47:00+03:00" > Mon Nov 11, 2024< / time >
in
< span class = "fas fa-folder" aria-hidden = "true" > < / span > < a href = "/categories/notes/" rel = "category tag" > Notes< / a >
< / p >
< / header >
< h2 id = "2024-11-11" > 2024-11-11< / h2 >
< ul >
< li > Some IP in India is making tons of requests this morning with a normal user agent:< / li >
< / ul >
< div class = "highlight" > < pre tabindex = "0" style = "color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;" > < code class = "language-console" data-lang = "console" > < span style = "display:flex;" > < span > # awk < span style = "color:#e6db74" > ' {print $1}' < / span > /var/log/nginx/api-access.log | sort | uniq -c | sort -h | tail -n < span style = "color:#ae81ff" > 40< / span >
< / span > < / span > < span style = "display:flex;" > < span > ...
< / span > < / span > < span style = "display:flex;" > < span > 513743 49.207.196.249
< / span > < / span > < / code > < / pre > < / div > < ul >
< li > They are using this user agent:< / li >
< / ul >
< pre tabindex = "0" > < code > Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.3
< / code > < / pre > < h2 id = "2024-11-16" > 2024-11-16< / h2 >
< ul >
< li > I switched CGSpace to Node.js v20 since I’ ve been using it in dev and test for months< / li >
< / ul >
< h2 id = "2024-11-18" > 2024-11-18< / h2 >
< ul >
< li > I see a bot (188.34.177.10) on Hetzner has made 35,000 requests this morning and is pretending to be Googlebot, GoogleOther, etc
< ul >
< li > Google publishes their range of IPs also: < a href = "https://developers.google.com/search/docs/crawling-indexing/verifying-googlebot" > https://developers.google.com/search/docs/crawling-indexing/verifying-googlebot< / a > < / li >
< li > Our nginx config doesn’ t rate limit the API but perhaps that needs to change… < / li >
< li > In DSpace 4/5/6 the API was separate from the user interface so we didn’ t need to enforce rate limits there because we encouraged using that over scraping the UI< / li >
< li > In DSpace 7 the API is used by the frontend and perhaps should have the same IP- and UA-based rate limiting< / li >
< / ul >
< / li >
< / ul >
< h2 id = "2024-11-19" > 2024-11-19< / h2 >
< ul >
< li > I notice 10,000 requests by a new bot yesterday:< / li >
< / ul >
< pre tabindex = "0" > < code > 20.38.174.208 - - [18/Nov/2024:07:02:50 +0100] " GET /server/oai/request?verb=ListRecords& resumptionToken=oai_dc%2F2024-10-18T13%3A00%3A49Z%2F%2F%2F400 HTTP/1.1" 503 190 " -" " Laminas_Http_Client"
< / code > < / pre > < ul >
< li > Seems to be some kind of PHP framework library< / li >
< li > Yesterday one IP in Argentina made nearly 1,000,000 requests using a normal user agent: 181.4.143.40< / li >
< li > 188.34.177.10 ended up making 700,000 requests using various Googlebot, GoogleOther, and even normal Chrome user agents< / li >
< / ul >
<!-- raw HTML omitted -->
< / article >
< / div > <!-- /.blog - main -->
< aside class = "col-sm-3 ml-auto blog-sidebar" >
< section class = "sidebar-module" >
< h4 > Recent Posts< / h4 >
< ol class = "list-unstyled" >
2024-12-04 14:27:49 +01:00
< li > < a href = "/cgspace-notes/2024-12/" > December, 2024< / a > < / li >
2024-11-19 08:40:23 +01:00
< li > < a href = "/cgspace-notes/2024-11/" > November, 2024< / a > < / li >
< li > < a href = "/cgspace-notes/2024-10/" > October, 2024< / a > < / li >
< li > < a href = "/cgspace-notes/2024-09/" > September, 2024< / a > < / li >
< li > < a href = "/cgspace-notes/2024-08/" > August, 2024< / a > < / li >
< / ol >
< / section >
< section class = "sidebar-module" >
< h4 > Links< / h4 >
< ol class = "list-unstyled" >
< li > < a href = "https://cgspace.cgiar.org" > CGSpace< / a > < / li >
< li > < a href = "https://dspacetest.cgiar.org" > DSpace Test< / a > < / li >
< li > < a href = "https://github.com/ilri/DSpace" > CGSpace @ GitHub< / a > < / li >
< / ol >
< / section >
< / aside >
< / div > <!-- /.row -->
< / div > <!-- /.container -->
< footer class = "blog-footer" >
< p dir = "auto" >
Blog template created by < a href = "https://twitter.com/mdo" > @mdo< / a > , ported to Hugo by < a href = 'https://twitter.com/mralanorth' > @mralanorth< / a > .
< / p >
< p >
< a href = "#" > Back to top< / a >
< / p >
< / footer >
< / body >
< / html >
