- Export another list of ALL subjects on CGSpace, including AGROVOC and non-AGROVOC for Enrico:
```console
localhost/dspace63= > \COPY (SELECT DISTINCT LOWER(text_value) AS subject, count(*) FROM metadatavalue WHERE dspace_object_id in (SELECT dspace_object_id FROM item) AND metadata_field_id IN (119, 120, 127, 122, 128, 125, 135, 203, 208, 210, 215, 123, 236, 242, 187) GROUP BY subject ORDER BY count DESC) to /tmp/2021-07-01-all-subjects.csv WITH CSV HEADER;
COPY 20994
```
<!--more-->
## 2021-07-04
- Update all Docker containers on the AReS server (linode20) and rebuild OpenRXV:
```console
$ cd OpenRXV
$ docker-compose -f docker/docker-compose.yml down
- [Hide the "DSpace add missing items"](https://github.com/ilri/OpenRXV/issues/106)
- Rebuild DSpace Test (linode26) from a fresh Ubuntu 20.04 image on Linode
- The start plugins on AReS had seventy-five errors from the `dspace_add_missing_items` plugin for some reason so I had to start a fresh indexing
- I noticed that the WorldFish data has dozens of incorrect countries so I should talk to Salem about that because they manage it
- Also I noticed that we weren't using the Country formatter in OpenRXV for the WorldFish country field, so some values don't get mapped properly
- I added some value mappings to fix some issues with WorldFish data and added a few more fields to the repository harvesting config and started a fresh re-indexing
## 2021-07-05
- The AReS harvesting last night succeeded and I started the plugins
- Margarita from CCAFS asked if we can create a new field for AICCRA publications
- I asked her to clarify what they want
- AICCRA is an initiative so it might be better to create new field for that, for example `cg.contributor.initiative`
## 2021-07-06
- Atmire merged my spider user agent changes from last month so I will update the `example` list we use in DSpace and remove the new ones from my `ilri` override file
- Also, I concatenated all our user agents into one file and purged all hits:
```console
$ ./ilri/check-spider-hits.sh -f /tmp/spiders -p
Purging 95 hits from Drupal in statistics
Purging 38 hits from DTS Agent in statistics
Purging 601 hits from Microsoft Office Existence Discovery in statistics
Purging 51 hits from Site24x7 in statistics
Purging 62 hits from Trello in statistics
Purging 13574 hits from WhatsApp in statistics
Purging 144 hits from FlipboardProxy in statistics
Purging 37 hits from LinkWalker in statistics
Purging 1 hits from [Ll]ink.?[Cc]heck.? in statistics
Purging 427 hits from WordPress in statistics
Total number of bot hits purged: 15030
```
- Meet with the CGIAR–AGROVOC task group to discuss how we want to do the workflow for submitting new terms to AGROVOC
- I extracted another list of all subjects to check against AGROVOC:
```console
\COPY (SELECT DISTINCT(LOWER(text_value)) AS subject, count(*) FROM metadatavalue WHERE dspace_object_id in (SELECT dspace_object_id FROM item) AND metadata_field_id IN (119, 120, 127, 122, 128, 125, 135, 203, 208, 210, 215, 123, 236, 242, 187) GROUP BY subject ORDER BY count DESC) to /tmp/2021-07-06-all-subjects.csv WITH CSV HEADER;
$ csvcut -c 1 /tmp/2021-07-06-all-subjects.csv | sed 1d > /tmp/2021-07-06-all-subjects.txt
- Test [Hrafn Malmquist's proposed DBCP2 changes](https://github.com/DSpace/DSpace/pull/3162) for DSpace 6.4 (DS-4574)
- His changes reminded me that we can perhaps switch back to using this pooling instead of Tomcat 7's JDBC pooling via JNDI
- Tomcat 8 has DBCP2 built in, but we are stuck on Tomcat 7 for now
- Looking into the database issues we had last month on 2021-06-23
- I think it might have been some kind of attack because the number of XMLUI sessions was through the roof at one point (10,000!) and the number of unique IPs accessing the server that day is much higher than any other day:
```console
# for num in {10..26}; do echo "2021-06-$num"; zcat /var/log/nginx/access.log.*.gz /var/log/nginx/library-access.log.*.gz | grep "$num/Jun/2021" | awk '{print $1}' | sort | uniq | wc -l; done
2021-06-10
10693
2021-06-11
10587
2021-06-12
7958
2021-06-13
7681
2021-06-14
12639
2021-06-15
15388
2021-06-16
12245
2021-06-17
11187
2021-06-18
9684
2021-06-19
7835
2021-06-20
7198
2021-06-21
10380
2021-06-22
10255
2021-06-23
15878
2021-06-24
9963
2021-06-25
9439
2021-06-26
7930
```
- Similarly, the number of connections to the REST API was around the average for the recent weeks before:
```console
# for num in {10..26}; do echo "2021-06-$num"; zcat /var/log/nginx/rest.*.gz | grep "$num/Jun/2021" | awk '{print $1}' | sort | uniq | wc -l; done
2021-06-10
1183
2021-06-11
1074
2021-06-12
911
2021-06-13
892
2021-06-14
1320
2021-06-15
1257
2021-06-16
1208
2021-06-17
1119
2021-06-18
965
2021-06-19
985
2021-06-20
854
2021-06-21
1098
2021-06-22
1028
2021-06-23
1375
2021-06-24
1135
2021-06-25
969
2021-06-26
904
```
- According to goaccess, the traffic spike started at 2AM (remember that the first "Pool empty" error in dspace.log was at 4:01AM):
- Atmire plans to debug the database connection issues on CGSpace (linode18) today so they asked me to make the REST API inaccessible for today and tomorrow
- I adjusted nginx to give an HTTP 403 as well as a an error message to contact me
- I'm in Cyprus mostly offline, but I noticed that CGSpace was down
- I checked and there was a blank white page with HTTP 200
- There are thousands of locks in PostgreSQL:
```console
postgres@linode18:~$ psql -c 'SELECT * FROM pg_locks pl LEFT JOIN pg_stat_activity psa ON pl.pid = psa.pid;' | wc -l
2302
postgres@linode18:~$ psql -c 'SELECT * FROM pg_locks pl LEFT JOIN pg_stat_activity psa ON pl.pid = psa.pid;' | wc -l
2564
postgres@linode18:~$ psql -c 'SELECT * FROM pg_locks pl LEFT JOIN pg_stat_activity psa ON pl.pid = psa.pid;' | wc -l
2530
```
- The locks are held by XMLUI, not REST API or OAI:
```console
postgres@linode18:~$ psql -c 'SELECT * FROM pg_locks pl LEFT JOIN pg_stat_activity psa ON pl.pid = psa.pid;' | grep -o -E '(dspaceWeb|dspaceApi)' | sort | uniq -c | sort -n
57 dspaceApi
2671 dspaceWeb
```
- I ran all updates on the server (linode18) and restarted it, then DSpace came back up
- I sent a message to Atmire, as I never heard from them last week when we blocked access to the REST API for two days for them to investigate the server issues
- Clone the `openrxv-items-temp` index on AReS and re-run all the plugins, but most of the "dspace_add_missing_items" tasks failed so I will just run a full re-harvest
- The load on CGSpace is 45.00... the nginx access.log is going so fast I can't even read it
- I see lots of IPs from AS206485 that are changing their user agents (Linux, Windows, macOS...)
- This is finegroupservers.com aka "UGB - UGB Hosting OU"
- I will get a list of their IP blocks from [ipinfo.app](https://asn.ipinfo.app/AS206485) and block them in nginx
- There is another group of IPs that are owned by an ISP called "TrafficTransitSolution LLC" that does not have its own ASN unfortunately
- "TrafficTransitSolution LLC" seems to be affiliated with AS206485 (UGB Hosting OU) anyways, but they sometimes use AS49453 Global Layer B.V.G also
- I found a tool that lets you grep a file by CIDR, so I can use that to purge hits from Solr eventually:
- I will download blocklists for all these except Ethiopian Telecom, Quadranet, and Amazon, though I'm concerned about Global Layer because it's a huge ASN that seems to have legit hosts too...?
- After blocking all the ASN network blocks yesterday I still see requests getting through from these abusive networks, so the ASN lists must be out of date
- I decided to get a lit of all the IPs that made requests on the server in the last two days, resolve them, and then filter out those from these ASNs: 206485, 35624, 36352, 46844, 49453, 62282