alanorth/cgspace-notes
1
0
Fork 0
mirror of https://github.com/alanorth/cgspace-notes.git synced 2025-01-27 05:49:12 +01:00
Code Issues Projects Releases Wiki Activity

Update notes for 2022-04-18

Browse Source
This commit is contained in:
Alan Orth
2022-04-18 21:43:48 +03:00
parent 9d880998ad
commit 4f023e2bcc
31 changed files with 52 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
content/posts/2022-04.md
View File

@ -169,5 +169,27 @@ $ aggregate6 /tmp/ipv6-networks.txt | wc -l
- I deployed these lists on CGSpace, ran all updates, and rebooted the server
- This list is SURELY too broad because we will block legitimate users in China... but right now how can I discern?
- Also, I need to purge the hits from these 14,000 IPs in Solr when I get time
- Looking back at the Munin graphs a few hours later I see this was indeed some kind of spike that was out of the ordinary:
![PostgreSQL connections day](/cgspace-notes/2022/04/postgres_connections_ALL-day.png)
![DSpace sessions day](/cgspace-notes/2022/04/jmx_dspace_sessions-day.png)
- I used `grepcidr` with the aggregated network lists to extract IPs matching those networks from the nginx logs for the past day:
```console
# cat /var/log/nginx/access.log /var/log/nginx/access.log.1 | awk '{print $1}' | sort -u > /tmp/ips.log
# while read -r network; do grepcidr $network /tmp/ips.log >> /tmp/ipv4-ips.txt; done < /tmp/ipv4-networks-aggregated.txt
# while read -r network; do grepcidr $network /tmp/ips.log >> /tmp/ipv6-ips.txt; done < /tmp/ipv6-networks-aggregated.txt
# wc -l /tmp/ipv4-ips.txt
15313 /tmp/ipv4-ips.txt
# wc -l /tmp/ipv6-ips.txt
19 /tmp/ipv6-ips.txt
```
- Then I purged them from Solr using the `check-spider-ip-hits.sh`:
```console
$ ./ilri/check-spider-ip-hits.sh -f /tmp/ipv4-ips.txt -p
```
<!-- vim: set sw=2 ts=2: -->