CGSpace Notes

Documenting day-to-day work on the CGSpace repository.

May, 2020

2020-05-02

  • Peter said that CTA is having problems submitting an item to CGSpace
    • Looking at the PostgreSQL stats it seems to be the same issue that Tezira was having last week, as I see the number of connections in ‘idle in transaction’ and ‘waiting for lock’ state are increasing again
    • I see that CGSpace (linode18) is still using PostgreSQL JDBC driver version 42.2.11, and there were some bugs related to transactions fixed in 42.2.12 (which I had updated in the Ansible playbooks, but not deployed yet)

2020-05-03

  • Purge a few remaining bots from CGSpace Solr statistics that I had identified a few months ago
    • lua-resty-http/0.10 (Lua) ngx_lua/10000
    • omgili/0.5 +http://omgili.com
    • IZaBEE/IZaBEE-1.01 (Buzzing Abound The Web; https://izabee.com; info at izabee dot com)
    • Twurly v1.1 (https://twurly.org)
    • Pattern/2.6 +http://www.clips.ua.ac.be/pattern
    • CyotekWebCopy/1.7 CyotekHTTP/2.0
  • This is only about 2,500 hits total from the last ten years, and half of these bots no longer seem to exist, so I won’t bother submitting them to the COUNTER-Robots project
  • I noticed that our custom themes were incorrectly linking to the OpenSearch XML file
    • The bug was fixed for Mirage2 in 2015
    • Note that this did not prevent OpenSearch itself from working
    • I will patch this on our DSpace 5.x and 6.x branches

2020-05-06

  • Atmire responded asking for more information about the Solr statistics processing bug in CUA so I sent them some full logs
    • Also I asked again about the Maven variable interpolation issue for cua.version.number, and if they would be willing to upgrade CUA to use Font Awesome 5 instead of 4.

2020-05-07

  • Linode sent an alert that there was high CPU usage on CGSpace (linode18) early this morning
    • I looked at the nginx logs using goaccess and I found a few IPs making lots of requests around then:
# cat /var/log/nginx/*.log /var/log/nginx/*.log.1 | grep -E "07/May/2020:(01|03|04)" | goaccess --log-format=COMBINED -
  • The two main IPs making requests around then are 188.134.31.88 and 212.34.8.188
    • The first is in Russia and it is hitting mostly XMLUI Discover links using dozens of different user agents, a total of 20,000 requests this week
    • The second IP is CodeObia testing AReS, a total of 171,000 hits this month
    • I will purge both of those IPs from the Solr stats using my check-spider-ip-hits.sh script:
$ ./check-spider-ip-hits.sh -f /tmp/ips -s statistics -p
Purging 171641 hits from 212.34.8.188 in statistics
Purging 20691 hits from 188.134.31.88 in statistics

Total number of bot hits purged: 192332
  • And then I will add 188.134.31.88 to the nginx bad bot list and tell CodeObia to please use a “bot” user agent
  • I also changed the nginx config to block requests with blank user agents