<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Thanks for your time, especially for the details. They will be
useful in the future for sure.</p>
<p>Regards,</p>
<p>Sebastian<br>
</p>
<br>
<div class="moz-cite-prefix">On 21/02/17 09:46, Samuel Cantero
wrote:<br>
</div>
<blockquote
cite="mid:CAGA8R4n6SdFDcjR6oq3OgGOcxv1EWEDc2RZpg3mLoUaTTYDueQ@mail.gmail.com"
type="cite">
<div dir="ltr">Done.
<div><br>
</div>
<div>Simple script added in /etc/firewall. Default policy is
accept and it blocks the ranges <span style="font-size:12.8px"><a
moz-do-not-send="true" href="http://5.188.211.0/24">5.188.211.0/24</a>
and <a moz-do-not-send="true" href="http://188.143.232.0/24">188.143.232.0/24</a>. </span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">In case new ips come up,
just update the range (better than single ips) to
BLOCK_RANGE (one per line) and apply firewall executing
/etc/firewall.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Added to rc.local in order
to apply rules after reboot.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Best regards,</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Sam.</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 21, 2017 at 11:25 AM,
Sebastian Silva <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sebastian@fuentelibre.org" target="_blank">sebastian@fuentelibre.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hi Samuel,</p>
<p>Agreed that ufw firewall is trying to be smart and
blocking too much. I appreciate your help in blocking
the following IPs.<br>
</p>
<p> IPs that have been attacking <a
moz-do-not-send="true"
href="http://network.sugarlabs.org" target="_blank">network.sugarlabs.org</a>:</p>
<p>5.188.211.10<br>
5.188.211.11<br>
5.188.211.13<br>
5.188.211.14<br>
5.188.211.15<br>
5.188.211.16<br>
5.188.211.19<br>
5.188.211.21<br>
5.188.211.22<br>
5.188.211.24<br>
5.188.211.26<br>
5.188.211.35<br>
5.188.211.37<br>
5.188.211.39<br>
5.188.211.40<br>
5.188.211.41<br>
5.188.211.43<br>
5.188.211.62<br>
5.188.211.70<br>
5.188.211.72<span class=""><br>
188.143.232.10<br>
188.143.232.11<br>
188.143.232.13<br>
188.143.232.14<br>
188.143.232.15<br>
188.143.232.16<br>
188.143.232.19<br>
188.143.232.21<br>
188.143.232.22<br>
188.143.232.24<br>
188.143.232.26<br>
188.143.232.34<br>
188.143.232.35<br>
188.143.232.37<br>
188.143.232.40<br>
188.143.232.41<br>
188.143.232.43<br>
188.143.232.62<br>
188.143.232.70<br>
188.143.232.72<br>
</span></p>
<div class="m_5853646080211941851moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table
class="m_5853646080211941851moz-email-headers-table"
border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap"
valign="BASELINE">Subject: </th>
<td>Re: Fwd: Please Help SN under spam attack</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap"
valign="BASELINE">Date: </th>
<td>Wed, 18 Jan 2017 13:29:49 -0500</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap"
valign="BASELINE">From: </th>
<td>Sebastian Silva <a moz-do-not-send="true"
class="m_5853646080211941851moz-txt-link-rfc2396E"
href="mailto:sebastian@fuentelibre.org"
target="_blank"><sebastian@fuentelibre.org></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap"
valign="BASELINE">To: </th>
<td>Laura Vargas <a moz-do-not-send="true"
class="m_5853646080211941851moz-txt-link-rfc2396E"
href="mailto:laura@somosazucar.org"
target="_blank"><laura@somosazucar.org></a>,
Sebastian Silva <a moz-do-not-send="true"
class="m_5853646080211941851moz-txt-link-rfc2396E"
href="mailto:sebastian@somosazucar.org"
target="_blank"><sebastian@somosazucar.org></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap"
valign="BASELINE">CC: </th>
<td>Aleksey Lim <a moz-do-not-send="true"
class="m_5853646080211941851moz-txt-link-rfc2396E"
href="mailto:me@alsroot.su" target="_blank"><me@alsroot.su></a>,
systems <a moz-do-not-send="true"
class="m_5853646080211941851moz-txt-link-rfc2396E"
href="mailto:systems@lists.sugarlabs.org"
target="_blank"><systems@lists.sugarlabs.org></a></td>
</tr>
</tbody>
</table>
<div>
<div class="h5"> <br>
<br>
<p>Hi Aleksey,</p>
<p>I'm cc systems@ just to keep them informed of
this ongoing attack and countermeasures.</p>
<p>One context in the Sugar Network was being
updated with POST requests from 20 different
hosts, every second or so.<br>
</p>
<p>Aleksey, your suggestion to use apache Require
directive to block them did not work before Apache
2.4, and we have 2.2.<br>
</p>
<p>So I enabled the ufw firewall and blocked the
following 20 addresses coming from Russia :-) <br>
</p>
<p>I isolated the IPs from apache access logs.<br>
</p>
<p>188.143.232.10<br>
188.143.232.11<br>
188.143.232.13<br>
188.143.232.14<br>
188.143.232.15<br>
188.143.232.16<br>
188.143.232.19<br>
188.143.232.21<br>
188.143.232.22<br>
188.143.232.24<br>
188.143.232.26<br>
188.143.232.34<br>
188.143.232.35<br>
188.143.232.37<br>
188.143.232.40<br>
188.143.232.41<br>
188.143.232.43<br>
188.143.232.62<br>
188.143.232.70<br>
188.143.232.72<br>
</p>
<p>I was wondering, I enabled http, https and ssh.</p>
<p>Aleksey, just doublechecking, do Sugar Network XO
clients connect over port 80, correct?<br>
</p>
<p>Are there other services on <a
moz-do-not-send="true"
href="http://jita.sugarlabs.org" target="_blank">jita.sugarlabs.org</a>
that require other ports open?</p>
<p>Regards,</p>
<p>Sebastian<br>
</p>
<br>
<div class="m_5853646080211941851moz-cite-prefix">On
18/01/17 12:13, Laura Vargas wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">FYI
<div><br>
</div>
<div>Thanks and blessings for both.</div>
<div><br>
<div class="gmail_quote">---------- Forwarded
message ----------<br>
From: <b class="gmail_sendername">Aleksey
Lim</b> <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:me@alsroot.su"
target="_blank">me@alsroot.su</a>></span><br>
Date: 2017-01-18 11:27 GMT-05:00<br>
Subject: Re: Please Help SN under spam
attack<br>
To: Laura Vargas <<a
moz-do-not-send="true"
href="mailto:laura@somosazucar.org"
target="_blank">laura@somosazucar.org</a>><br>
<br>
<br>
<span>January 18, 2017 7:10 PM, "Laura
Vargas" <<a moz-do-not-send="true"
href="mailto:laura@somosazucar.org"
target="_blank">laura@somosazucar.org</a>>
wrote:<br>
>> or blocking IPs on Apache level.<br>
><br>
> Any risk attached to this option? is
this something you could do?<br>
<br>
</span>Never did such stuff myself, but fast
googling suggested<br>
<a moz-do-not-send="true"
href="https://httpd.apache.org/docs/2.4/howto/access.html"
rel="noreferrer" target="_blank">https://httpd.apache.org/docs/<wbr>2.4/howto/access.html</a><br>
So, ask icarito to tune webui Apache
configuration.<br>
<span class="m_5853646080211941851HOEnZb"><font
color="#888888"><br>
--<br>
Aleksey<br>
</font></span></div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div
class="m_5853646080211941851gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>Laura V.<br>
<font color="#ff00ff"><b> I&D
SomosAZUCAR.Org</b></font></div>
<div><br>
</div>
<div><font size="2"><span>“No paradox, no
progress.” </span></font></div>
<div><font size="2"><span>~ Niels Bohr</span></font><br>
<br>
</div>
<div>Happy Learning!<br>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>