<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Thanks for your time, especially for the details. They will be
      useful in the future for sure.</p>
    <p>Regards,</p>
    <p>Sebastian<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 21/02/17 09:46, Samuel Cantero
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAGA8R4n6SdFDcjR6oq3OgGOcxv1EWEDc2RZpg3mLoUaTTYDueQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Done.
        <div><br>
        </div>
        <div>Simple script added in /etc/firewall. Default policy is
          accept and it blocks the ranges <span style="font-size:12.8px"><a
              moz-do-not-send="true" href="http://5.188.211.0/24">5.188.211.0/24</a>
            and <a moz-do-not-send="true" href="http://188.143.232.0/24">188.143.232.0/24</a>. </span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">In case new ips come up,
            just update the range (better than single ips) to
            BLOCK_RANGE (one per line) and apply firewall executing
            /etc/firewall.</span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">Added to rc.local in order
            to apply rules after reboot.</span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">Best regards,</span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">Sam.</span></div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Tue, Feb 21, 2017 at 11:25 AM,
          Sebastian Silva <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:sebastian@fuentelibre.org" target="_blank">sebastian@fuentelibre.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <p>Hi Samuel,</p>
              <p>Agreed that ufw firewall is trying to be smart and
                blocking too much. I appreciate your help in blocking
                the following IPs.<br>
              </p>
              <p> IPs that have been attacking <a
                  moz-do-not-send="true"
                  href="http://network.sugarlabs.org" target="_blank">network.sugarlabs.org</a>:</p>
              <p>5.188.211.10<br>
                5.188.211.11<br>
                5.188.211.13<br>
                5.188.211.14<br>
                5.188.211.15<br>
                5.188.211.16<br>
                5.188.211.19<br>
                5.188.211.21<br>
                5.188.211.22<br>
                5.188.211.24<br>
                5.188.211.26<br>
                5.188.211.35<br>
                5.188.211.37<br>
                5.188.211.39<br>
                5.188.211.40<br>
                5.188.211.41<br>
                5.188.211.43<br>
                5.188.211.62<br>
                5.188.211.70<br>
                5.188.211.72<span class=""><br>
                  188.143.232.10<br>
                  188.143.232.11<br>
                  188.143.232.13<br>
                  188.143.232.14<br>
                  188.143.232.15<br>
                  188.143.232.16<br>
                  188.143.232.19<br>
                  188.143.232.21<br>
                  188.143.232.22<br>
                  188.143.232.24<br>
                  188.143.232.26<br>
                  188.143.232.34<br>
                  188.143.232.35<br>
                  188.143.232.37<br>
                  188.143.232.40<br>
                  188.143.232.41<br>
                  188.143.232.43<br>
                  188.143.232.62<br>
                  188.143.232.70<br>
                  188.143.232.72<br>
                </span></p>
              <div class="m_5853646080211941851moz-forward-container"><br>
                <br>
                -------- Forwarded Message --------
                <table
                  class="m_5853646080211941851moz-email-headers-table"
                  border="0" cellpadding="0" cellspacing="0">
                  <tbody>
                    <tr>
                      <th align="RIGHT" nowrap="nowrap"
                        valign="BASELINE">Subject: </th>
                      <td>Re: Fwd: Please Help SN under spam attack</td>
                    </tr>
                    <tr>
                      <th align="RIGHT" nowrap="nowrap"
                        valign="BASELINE">Date: </th>
                      <td>Wed, 18 Jan 2017 13:29:49 -0500</td>
                    </tr>
                    <tr>
                      <th align="RIGHT" nowrap="nowrap"
                        valign="BASELINE">From: </th>
                      <td>Sebastian Silva <a moz-do-not-send="true"
                          class="m_5853646080211941851moz-txt-link-rfc2396E"
                          href="mailto:sebastian@fuentelibre.org"
                          target="_blank"><sebastian@fuentelibre.org></a></td>
                    </tr>
                    <tr>
                      <th align="RIGHT" nowrap="nowrap"
                        valign="BASELINE">To: </th>
                      <td>Laura Vargas <a moz-do-not-send="true"
                          class="m_5853646080211941851moz-txt-link-rfc2396E"
                          href="mailto:laura@somosazucar.org"
                          target="_blank"><laura@somosazucar.org></a>,
                        Sebastian Silva <a moz-do-not-send="true"
                          class="m_5853646080211941851moz-txt-link-rfc2396E"
                          href="mailto:sebastian@somosazucar.org"
                          target="_blank"><sebastian@somosazucar.org></a></td>
                    </tr>
                    <tr>
                      <th align="RIGHT" nowrap="nowrap"
                        valign="BASELINE">CC: </th>
                      <td>Aleksey Lim <a moz-do-not-send="true"
                          class="m_5853646080211941851moz-txt-link-rfc2396E"
                          href="mailto:me@alsroot.su" target="_blank"><me@alsroot.su></a>,
                        systems <a moz-do-not-send="true"
                          class="m_5853646080211941851moz-txt-link-rfc2396E"
                          href="mailto:systems@lists.sugarlabs.org"
                          target="_blank"><systems@lists.sugarlabs.org></a></td>
                    </tr>
                  </tbody>
                </table>
                <div>
                  <div class="h5"> <br>
                    <br>
                    <p>Hi Aleksey,</p>
                    <p>I'm cc systems@ just to keep them informed of
                      this ongoing attack and countermeasures.</p>
                    <p>One context in the Sugar Network was being
                      updated with POST requests from 20 different
                      hosts, every second or so.<br>
                    </p>
                    <p>Aleksey, your suggestion to use apache Require
                      directive to block them did not work before Apache
                      2.4, and we have 2.2.<br>
                    </p>
                    <p>So I enabled the ufw firewall and blocked the
                      following 20 addresses coming from Russia :-) <br>
                    </p>
                    <p>I isolated the IPs from apache access logs.<br>
                    </p>
                    <p>188.143.232.10<br>
                      188.143.232.11<br>
                      188.143.232.13<br>
                      188.143.232.14<br>
                      188.143.232.15<br>
                      188.143.232.16<br>
                      188.143.232.19<br>
                      188.143.232.21<br>
                      188.143.232.22<br>
                      188.143.232.24<br>
                      188.143.232.26<br>
                      188.143.232.34<br>
                      188.143.232.35<br>
                      188.143.232.37<br>
                      188.143.232.40<br>
                      188.143.232.41<br>
                      188.143.232.43<br>
                      188.143.232.62<br>
                      188.143.232.70<br>
                      188.143.232.72<br>
                    </p>
                    <p>I was wondering, I enabled http, https and ssh.</p>
                    <p>Aleksey, just doublechecking, do Sugar Network XO
                      clients connect over port 80, correct?<br>
                    </p>
                    <p>Are there other services on <a
                        moz-do-not-send="true"
                        href="http://jita.sugarlabs.org" target="_blank">jita.sugarlabs.org</a>
                      that require other ports open?</p>
                    <p>Regards,</p>
                    <p>Sebastian<br>
                    </p>
                    <br>
                    <div class="m_5853646080211941851moz-cite-prefix">On
                      18/01/17 12:13, Laura Vargas wrote:<br>
                    </div>
                    <blockquote type="cite">
                      <div dir="ltr">FYI
                        <div><br>
                        </div>
                        <div>Thanks and blessings for both.</div>
                        <div><br>
                          <div class="gmail_quote">---------- Forwarded
                            message ----------<br>
                            From: <b class="gmail_sendername">Aleksey
                              Lim</b> <span dir="ltr"><<a
                                moz-do-not-send="true"
                                href="mailto:me@alsroot.su"
                                target="_blank">me@alsroot.su</a>></span><br>
                            Date: 2017-01-18 11:27 GMT-05:00<br>
                            Subject: Re: Please Help SN under spam
                            attack<br>
                            To: Laura Vargas <<a
                              moz-do-not-send="true"
                              href="mailto:laura@somosazucar.org"
                              target="_blank">laura@somosazucar.org</a>><br>
                            <br>
                            <br>
                            <span>January 18, 2017 7:10 PM, "Laura
                              Vargas" <<a moz-do-not-send="true"
                                href="mailto:laura@somosazucar.org"
                                target="_blank">laura@somosazucar.org</a>>
                              wrote:<br>
                              >> or blocking IPs on Apache level.<br>
                              ><br>
                              > Any risk attached to this option? is
                              this something you could do?<br>
                              <br>
                            </span>Never did such stuff myself, but fast
                            googling suggested<br>
                            <a moz-do-not-send="true"
                              href="https://httpd.apache.org/docs/2.4/howto/access.html"
                              rel="noreferrer" target="_blank">https://httpd.apache.org/docs/<wbr>2.4/howto/access.html</a><br>
                            So, ask icarito to tune webui Apache
                            configuration.<br>
                            <span class="m_5853646080211941851HOEnZb"><font
                                color="#888888"><br>
                                --<br>
                                Aleksey<br>
                              </font></span></div>
                          <br>
                          <br clear="all">
                          <div><br>
                          </div>
                          -- <br>
                          <div
                            class="m_5853646080211941851gmail_signature"
                            data-smartmail="gmail_signature">
                            <div dir="ltr">
                              <div>Laura V.<br>
                                <font color="#ff00ff"><b> I&D
                                    SomosAZUCAR.Org</b></font></div>
                              <div><br>
                              </div>
                              <div><font size="2"><span>“No paradox, no
                                    progress.” </span></font></div>
                              <div><font size="2"><span>~ Niels Bohr</span></font><br>
                                <br>
                              </div>
                              <div>Happy Learning!<br>
                                <br>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                    <br>
                  </div>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>