[Systems] Fwd: Re: Fwd: Please Help SN under spam attack

Sebastian Silva sebastian at fuentelibre.org
Tue Feb 21 09:25:25 EST 2017


Hi Samuel,

Agreed that ufw firewall is trying to be smart and blocking too much. I
appreciate your help in blocking the following IPs.

IPs that have been attacking network.sugarlabs.org:

5.188.211.10
5.188.211.11
5.188.211.13
5.188.211.14
5.188.211.15
5.188.211.16
5.188.211.19
5.188.211.21
5.188.211.22
5.188.211.24
5.188.211.26
5.188.211.35
5.188.211.37
5.188.211.39
5.188.211.40
5.188.211.41
5.188.211.43
5.188.211.62
5.188.211.70
5.188.211.72
188.143.232.10
188.143.232.11
188.143.232.13
188.143.232.14
188.143.232.15
188.143.232.16
188.143.232.19
188.143.232.21
188.143.232.22
188.143.232.24
188.143.232.26
188.143.232.34
188.143.232.35
188.143.232.37
188.143.232.40
188.143.232.41
188.143.232.43
188.143.232.62
188.143.232.70
188.143.232.72



-------- Forwarded Message --------
Subject: 	Re: Fwd: Please Help SN under spam attack
Date: 	Wed, 18 Jan 2017 13:29:49 -0500
From: 	Sebastian Silva <sebastian at fuentelibre.org>
To: 	Laura Vargas <laura at somosazucar.org>, Sebastian Silva
<sebastian at somosazucar.org>
CC: 	Aleksey Lim <me at alsroot.su>, systems <systems at lists.sugarlabs.org>



Hi Aleksey,

I'm cc systems@ just to keep them informed of this ongoing attack and
countermeasures.

One context in the Sugar Network was being updated with POST requests
from 20 different hosts, every second or so.

Aleksey, your suggestion to use apache Require directive to block them
did not work before Apache 2.4, and we have 2.2.

So I enabled the ufw firewall and blocked the following 20 addresses
coming from Russia :-)

I isolated the IPs from apache access logs.

188.143.232.10
188.143.232.11
188.143.232.13
188.143.232.14
188.143.232.15
188.143.232.16
188.143.232.19
188.143.232.21
188.143.232.22
188.143.232.24
188.143.232.26
188.143.232.34
188.143.232.35
188.143.232.37
188.143.232.40
188.143.232.41
188.143.232.43
188.143.232.62
188.143.232.70
188.143.232.72

I was wondering, I enabled http, https and ssh.

Aleksey, just doublechecking, do Sugar Network XO clients connect over
port 80, correct?

Are there other services on jita.sugarlabs.org that require other ports
open?

Regards,

Sebastian


On 18/01/17 12:13, Laura Vargas wrote:
> FYI
>
> Thanks and blessings for both.
>
> ---------- Forwarded message ----------
> From: *Aleksey Lim* <me at alsroot.su <mailto:me at alsroot.su>>
> Date: 2017-01-18 11:27 GMT-05:00
> Subject: Re: Please Help SN under spam attack
> To: Laura Vargas <laura at somosazucar.org <mailto:laura at somosazucar.org>>
>
>
> January 18, 2017 7:10 PM, "Laura Vargas" <laura at somosazucar.org
> <mailto:laura at somosazucar.org>> wrote:
> >> or blocking IPs on Apache level.
> >
> > Any risk attached to this option? is this something you could do?
>
> Never did such stuff myself, but fast googling suggested
> https://httpd.apache.org/docs/2.4/howto/access.html
> <https://httpd.apache.org/docs/2.4/howto/access.html>
> So, ask icarito to tune webui Apache configuration.
>
> --
> Aleksey
>
>
>
> -- 
> Laura V.
> *I&D SomosAZUCAR.Org*
>
> “No paradox, no progress.” 
> ~ Niels Bohr
>
> Happy Learning!
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20170221/6de4c7ed/attachment.html>


More information about the Systems mailing list