[IAEP] [Systems] Stopwatch activity maintainer needed.
Samuel Cantero
scanterog at gmail.com
Tue Feb 21 08:38:52 EST 2017
On Tue, Feb 21, 2017 at 2:05 AM, Sebastian Silva <sebastian at fuentelibre.org>
wrote:
>
>
> On 18/02/17 14:03, Samuel Cantero wrote:
>
> it was me.
>
> Ignacio, problem solved. It was a firewall issue. Go ahead.
>
>
> Hi Samuel,
>
> I had set the firewall in response to an attack on network.sugarlabs.org
> (check Jan 18th "Please Help" email thread on systems@). Having turned
> off the firewall, this attack has just resumed.
>
> The attack consists of ~20 IP addresses issuing a POST request every few
> seconds and updating a Sugar Network project with SPAM contents.
>
Who is in charge of maintaining the site? An authentication must be done
before allowing any POST data. Site must add authentication mechanism. We
can block now 20 IPs but it'll be unstoppable over time. We can't block the
whole internet.
>
> I have a script /root/block.sh with firewall rules that blocked the IP
> addresses we isolated from the logs.
>
> Previously this script missed to allow https, but I've added this now, so
> I've re-enabled the firewall. It looks to me like gitorious works.
>
> I hope it doesn't cause other issues.
>
> Regards,
> Sebastian
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/iaep/attachments/20170221/0a9abe37/attachment.html>
More information about the IAEP
mailing list