<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Hi Aleksey,</p> <p>I'm cc systems@ just to keep them informed of this ongoing attack and countermeasures.</p> <p>One context in the Sugar Network was being updated with POST requests from 20 different hosts, every second or so.<br> </p> <p>Aleksey, your suggestion to use apache Require directive to block them did not work before Apache 2.4, and we have 2.2.<br> </p> <p>So I enabled the ufw firewall and blocked the following 20 addresses coming from Russia :-) <br> </p> <p>I isolated the IPs from apache access logs.<br> </p> <p>188.143.232.10<br> 188.143.232.11<br> 188.143.232.13<br> 188.143.232.14<br> 188.143.232.15<br> 188.143.232.16<br> 188.143.232.19<br> 188.143.232.21<br> 188.143.232.22<br> 188.143.232.24<br> 188.143.232.26<br> 188.143.232.34<br> 188.143.232.35<br> 188.143.232.37<br> 188.143.232.40<br> 188.143.232.41<br> 188.143.232.43<br> 188.143.232.62<br> 188.143.232.70<br> 188.143.232.72<br> </p> <p>I was wondering, I enabled http, https and ssh.</p> <p>Aleksey, just doublechecking, do Sugar Network XO clients connect over port 80, correct?<br> </p> <p>Are there other services on jita.sugarlabs.org that require other ports open?</p> <p>Regards,</p> <p>Sebastian<br> </p> <br> <div class="moz-cite-prefix">On 18/01/17 12:13, Laura Vargas wrote:<br> </div> <blockquote cite="mid:CAHbZrxo3eo-0g2mJ2=qgFemROnxMSnr0TAL_2dWoQMss4XiKqw@mail.gmail.com" type="cite"> <div dir="ltr">FYI <div><br> </div> <div>Thanks and blessings for both.</div> <div><br> <div class="gmail_quote">---------- Forwarded message ----------<br> From: <b class="gmail_sendername">Aleksey Lim</b> <span dir="ltr"><<a moz-do-not-send="true" href="mailto:me@alsroot.su">me@alsroot.su</a>></span><br> Date: 2017-01-18 11:27 GMT-05:00<br> Subject: Re: Please Help SN under spam attack<br> To: Laura Vargas <<a moz-do-not-send="true" href="mailto:laura@somosazucar.org">laura@somosazucar.org</a>><br> <br> <br> <span class="">January 18, 2017 7:10 PM, "Laura Vargas" <<a moz-do-not-send="true" href="mailto:laura@somosazucar.org">laura@somosazucar.org</a>> wrote:<br> >> or blocking IPs on Apache level.<br> ><br> > Any risk attached to this option? is this something you could do?<br> <br> </span>Never did such stuff myself, but fast googling suggested<br> <a moz-do-not-send="true" href="https://httpd.apache.org/docs/2.4/howto/access.html" rel="noreferrer" target="_blank">https://httpd.apache.org/docs/<wbr>2.4/howto/access.html</a><br> So, ask icarito to tune webui Apache configuration.<br> <span class="HOEnZb"><font color="#888888"><br> --<br> Aleksey<br> </font></span></div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div>Laura V.<br> <font color="#ff00ff"><b> I&D SomosAZUCAR.Org</b></font></div> <div><br> </div> <div><font size="2"><span style="color:rgb(102,102,102);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif">“No paradox, no progress.” </span></font></div> <div><font size="2"><span style="color:rgb(102,102,102);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif">~ Niels Bohr</span></font><br> <br> </div> <div>Happy Learning!<br> <br> </div> </div> </div> </div> </div> </blockquote> <br> </body> </html>