diff --git a/content/posts/2019-02.md b/content/posts/2019-02.md
index 45add7306..623f44f69 100644
--- a/content/posts/2019-02.md
+++ b/content/posts/2019-02.md
@@ -400,4 +400,43 @@ Error sending email:
- I tried to log into Outlook 365 with the credentials but I think the ones I have must be wrong, so I will ask ICT to reset the password
+## 2019-02-09
+
+- Linode sent alerts about CPU load yesterday morning, yesterday night, and this morning! All over 300% CPU load!
+- This is just for this morning:
+
+```
+# zcat --force /var/log/nginx/{access,error,library-access}.log /var/log/nginx/{access,error,library-access}.log.1 | grep -E "09/Feb/2019:(07|08|09|10|11)" | awk '{print $1}' | sort | uniq -c | sort -n | tail -n 10
+ 289 35.237.175.180
+ 290 66.249.66.221
+ 296 18.195.78.144
+ 312 207.46.13.201
+ 393 207.46.13.64
+ 526 2a01:4f8:140:3192::2
+ 580 151.80.203.180
+ 742 5.143.231.38
+ 1046 5.9.6.51
+ 1331 66.249.66.219
+# zcat --force /var/log/nginx/{oai,rest,statistics}.log /var/log/nginx/{oai,rest,statistics}.log.1 | grep -E "09/Feb/2019:(07|08|09|10|11)" | awk '{print $1}' | sort | uniq -c | sort -n | tail -n 10
+ 4 66.249.83.30
+ 5 49.149.10.16
+ 8 207.46.13.64
+ 9 207.46.13.201
+ 11 105.63.86.154
+ 11 66.249.66.221
+ 31 66.249.66.219
+ 297 2001:41d0:d:1990::
+ 908 34.218.226.147
+ 1947 50.116.102.77
+```
+
+- I know 66.249.66.219 is Google, 5.9.6.51 is MegaIndex, and 5.143.231.38 is SputnikBot
+- Ooh, but 151.80.203.180 is some malicious bot making requests for `/etc/passwd` like this:
+
+```
+/bitstream/handle/10568/68981/Identifying%20benefit%20flows%20studies%20on%20the%20potential%20monetary%20and%20non%20monetary%20benefits%20arising%20from%20the%20International%20Treaty%20on%20Plant%20Genetic_1671.pdf?sequence=1&isAllowed=../etc/passwd
+```
+
+- 151.80.203.180 is on OVH so I sent a message to their abuse email...
+
diff --git a/docs/2019-02/index.html b/docs/2019-02/index.html
index 1bdb908d0..6be7857de 100644
--- a/docs/2019-02/index.html
+++ b/docs/2019-02/index.html
@@ -42,7 +42,7 @@ sys 0m1.979s
-
+
@@ -89,9 +89,9 @@ sys 0m1.979s
"@type": "BlogPosting",
"headline": "February, 2019",
"url": "https://alanorth.github.io/cgspace-notes/2019-02/",
- "wordCount": "1993",
+ "wordCount": "2147",
"datePublished": "2019-02-01T21:37:30+02:00",
- "dateModified": "2019-02-07T16:41:08+02:00",
+ "dateModified": "2019-02-08T16:38:56+02:00",
"author": {
"@type": "Person",
"name": "Alan Orth"
@@ -600,6 +600,49 @@ Please see the DSpace documentation for assistance.
I tried to log into Outlook 365 with the credentials but I think the ones I have must be wrong, so I will ask ICT to reset the password
+2019-02-09
+
+
+- Linode sent alerts about CPU load yesterday morning, yesterday night, and this morning! All over 300% CPU load!
+- This is just for this morning:
+
+
+# zcat --force /var/log/nginx/{access,error,library-access}.log /var/log/nginx/{access,error,library-access}.log.1 | grep -E "09/Feb/2019:(07|08|09|10|11)" | awk '{print $1}' | sort | uniq -c | sort -n | tail -n 10
+ 289 35.237.175.180
+ 290 66.249.66.221
+ 296 18.195.78.144
+ 312 207.46.13.201
+ 393 207.46.13.64
+ 526 2a01:4f8:140:3192::2
+ 580 151.80.203.180
+ 742 5.143.231.38
+ 1046 5.9.6.51
+ 1331 66.249.66.219
+# zcat --force /var/log/nginx/{oai,rest,statistics}.log /var/log/nginx/{oai,rest,statistics}.log.1 | grep -E "09/Feb/2019:(07|08|09|10|11)" | awk '{print $1}' | sort | uniq -c | sort -n | tail -n 10
+ 4 66.249.83.30
+ 5 49.149.10.16
+ 8 207.46.13.64
+ 9 207.46.13.201
+ 11 105.63.86.154
+ 11 66.249.66.221
+ 31 66.249.66.219
+ 297 2001:41d0:d:1990::
+ 908 34.218.226.147
+ 1947 50.116.102.77
+
+
+
+- I know 66.249.66.219 is Google, 5.9.6.51 is MegaIndex, and 5.143.231.38 is SputnikBot
+- Ooh, but 151.80.203.180 is some malicious bot making requests for
/etc/passwd like this:
+
+
+/bitstream/handle/10568/68981/Identifying%20benefit%20flows%20studies%20on%20the%20potential%20monetary%20and%20non%20monetary%20benefits%20arising%20from%20the%20International%20Treaty%20on%20Plant%20Genetic_1671.pdf?sequence=1&isAllowed=../etc/passwd
+
+
+
+- 151.80.203.180 is on OVH so I sent a message to their abuse email…
+
+
diff --git a/docs/sitemap.xml b/docs/sitemap.xml
index 188fe89ea..a44cbabdd 100644
--- a/docs/sitemap.xml
+++ b/docs/sitemap.xml
@@ -4,7 +4,7 @@
https://alanorth.github.io/cgspace-notes/2019-02/
- 2019-02-07T16:41:08+02:00
+ 2019-02-08T16:38:56+02:00
@@ -209,7 +209,7 @@
https://alanorth.github.io/cgspace-notes/
- 2019-02-07T16:41:08+02:00
+ 2019-02-08T16:38:56+02:00
0
@@ -220,7 +220,7 @@
https://alanorth.github.io/cgspace-notes/tags/notes/
- 2019-02-07T16:41:08+02:00
+ 2019-02-08T16:38:56+02:00
0
@@ -232,13 +232,13 @@
https://alanorth.github.io/cgspace-notes/posts/
- 2019-02-07T16:41:08+02:00
+ 2019-02-08T16:38:56+02:00
0
https://alanorth.github.io/cgspace-notes/tags/
- 2019-02-07T16:41:08+02:00
+ 2019-02-08T16:38:56+02:00
0