[Systems] Fwd: Please Help SN under spam attack
Sebastian Silva
sebastian at fuentelibre.org
Wed Jan 18 13:29:49 EST 2017
Hi Aleksey,
I'm cc systems@ just to keep them informed of this ongoing attack and
countermeasures.
One context in the Sugar Network was being updated with POST requests
from 20 different hosts, every second or so.
Aleksey, your suggestion to use apache Require directive to block them
did not work before Apache 2.4, and we have 2.2.
So I enabled the ufw firewall and blocked the following 20 addresses
coming from Russia :-)
I isolated the IPs from apache access logs.
188.143.232.10
188.143.232.11
188.143.232.13
188.143.232.14
188.143.232.15
188.143.232.16
188.143.232.19
188.143.232.21
188.143.232.22
188.143.232.24
188.143.232.26
188.143.232.34
188.143.232.35
188.143.232.37
188.143.232.40
188.143.232.41
188.143.232.43
188.143.232.62
188.143.232.70
188.143.232.72
I was wondering, I enabled http, https and ssh.
Aleksey, just doublechecking, do Sugar Network XO clients connect over
port 80, correct?
Are there other services on jita.sugarlabs.org that require other ports
open?
Regards,
Sebastian
On 18/01/17 12:13, Laura Vargas wrote:
> FYI
>
> Thanks and blessings for both.
>
> ---------- Forwarded message ----------
> From: *Aleksey Lim* <me at alsroot.su <mailto:me at alsroot.su>>
> Date: 2017-01-18 11:27 GMT-05:00
> Subject: Re: Please Help SN under spam attack
> To: Laura Vargas <laura at somosazucar.org <mailto:laura at somosazucar.org>>
>
>
> January 18, 2017 7:10 PM, "Laura Vargas" <laura at somosazucar.org
> <mailto:laura at somosazucar.org>> wrote:
> >> or blocking IPs on Apache level.
> >
> > Any risk attached to this option? is this something you could do?
>
> Never did such stuff myself, but fast googling suggested
> https://httpd.apache.org/docs/2.4/howto/access.html
> <https://httpd.apache.org/docs/2.4/howto/access.html>
> So, ask icarito to tune webui Apache configuration.
>
> --
> Aleksey
>
>
>
> --
> Laura V.
> *I&D SomosAZUCAR.Org*
>
> “No paradox, no progress.”
> ~ Niels Bohr
>
> Happy Learning!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20170118/a16e4afb/attachment.html>
More information about the Systems
mailing list