[Systems] Fwd: Please Help SN under spam attack

Aleksey Lim me at alsroot.su
Wed Jan 18 16:42:58 EST 2017


On Wed, Jan 18, 2017 at 01:29:49PM -0500, Sebastian Silva wrote:
> Hi Aleksey,
> 
> I'm cc systems@ just to keep them informed of this ongoing attack and
> countermeasures.
> 
> One context in the Sugar Network was being updated with POST requests
> from 20 different hosts, every second or so.
> 
> Aleksey, your suggestion to use apache Require directive to block them
> did not work before Apache 2.4, and we have 2.2.

There is 2x settings as well
http://httpd.apache.org/docs/2.2/howto/access.html

> I isolated the IPs from apache access logs.
> 
> 188.143.232.10

I don't see any POSTs from these IPs in node.sl.o apache log
(posting to node.sl.o requires keys auth implemented in sugar client
library) but all POSTs came from network.sl.o (wich works w/o any auth).

SN was a research project and I didn't think it is still in use in the
field. Having open network.sl.o (and current auth implementation
for node.sl.o) was fine for development stage, but not for now.

So, you can either disable network.sl.o at all or switch it to RO mode.

-- 
Aleksey


More information about the Systems mailing list