<html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Hi Samuel,</p> <p>Agreed that ufw firewall is trying to be smart and blocking too much. I appreciate your help in blocking the following IPs.<br> </p> <p> IPs that have been attacking network.sugarlabs.org:</p> <p>5.188.211.10<br> 5.188.211.11<br> 5.188.211.13<br> 5.188.211.14<br> 5.188.211.15<br> 5.188.211.16<br> 5.188.211.19<br> 5.188.211.21<br> 5.188.211.22<br> 5.188.211.24<br> 5.188.211.26<br> 5.188.211.35<br> 5.188.211.37<br> 5.188.211.39<br> 5.188.211.40<br> 5.188.211.41<br> 5.188.211.43<br> 5.188.211.62<br> 5.188.211.70<br> 5.188.211.72<br> 188.143.232.10<br> 188.143.232.11<br> 188.143.232.13<br> 188.143.232.14<br> 188.143.232.15<br> 188.143.232.16<br> 188.143.232.19<br> 188.143.232.21<br> 188.143.232.22<br> 188.143.232.24<br> 188.143.232.26<br> 188.143.232.34<br> 188.143.232.35<br> 188.143.232.37<br> 188.143.232.40<br> 188.143.232.41<br> 188.143.232.43<br> 188.143.232.62<br> 188.143.232.70<br> 188.143.232.72<br> </p> <div class="moz-forward-container"><br> <br> -------- Forwarded Message -------- <table class="moz-email-headers-table" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject: </th> <td>Re: Fwd: Please Help SN under spam attack</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th> <td>Wed, 18 Jan 2017 13:29:49 -0500</td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th> <td>Sebastian Silva <a class="moz-txt-link-rfc2396E" href="mailto:sebastian@fuentelibre.org"><sebastian@fuentelibre.org></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th> <td>Laura Vargas <a class="moz-txt-link-rfc2396E" href="mailto:laura@somosazucar.org"><laura@somosazucar.org></a>, Sebastian Silva <a class="moz-txt-link-rfc2396E" href="mailto:sebastian@somosazucar.org"><sebastian@somosazucar.org></a></td> </tr> <tr> <th align="RIGHT" nowrap="nowrap" valign="BASELINE">CC: </th> <td>Aleksey Lim <a class="moz-txt-link-rfc2396E" href="mailto:me@alsroot.su"><me@alsroot.su></a>, systems <a class="moz-txt-link-rfc2396E" href="mailto:systems@lists.sugarlabs.org"><systems@lists.sugarlabs.org></a></td> </tr> </tbody> </table> <br> <br> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <p>Hi Aleksey,</p> <p>I'm cc systems@ just to keep them informed of this ongoing attack and countermeasures.</p> <p>One context in the Sugar Network was being updated with POST requests from 20 different hosts, every second or so.<br> </p> <p>Aleksey, your suggestion to use apache Require directive to block them did not work before Apache 2.4, and we have 2.2.<br> </p> <p>So I enabled the ufw firewall and blocked the following 20 addresses coming from Russia :-) <br> </p> <p>I isolated the IPs from apache access logs.<br> </p> <p>188.143.232.10<br> 188.143.232.11<br> 188.143.232.13<br> 188.143.232.14<br> 188.143.232.15<br> 188.143.232.16<br> 188.143.232.19<br> 188.143.232.21<br> 188.143.232.22<br> 188.143.232.24<br> 188.143.232.26<br> 188.143.232.34<br> 188.143.232.35<br> 188.143.232.37<br> 188.143.232.40<br> 188.143.232.41<br> 188.143.232.43<br> 188.143.232.62<br> 188.143.232.70<br> 188.143.232.72<br> </p> <p>I was wondering, I enabled http, https and ssh.</p> <p>Aleksey, just doublechecking, do Sugar Network XO clients connect over port 80, correct?<br> </p> <p>Are there other services on jita.sugarlabs.org that require other ports open?</p> <p>Regards,</p> <p>Sebastian<br> </p> <br> <div class="moz-cite-prefix">On 18/01/17 12:13, Laura Vargas wrote:<br> </div> <blockquote cite="mid:CAHbZrxo3eo-0g2mJ2=qgFemROnxMSnr0TAL_2dWoQMss4XiKqw@mail.gmail.com" type="cite"> <div dir="ltr">FYI <div><br> </div> <div>Thanks and blessings for both.</div> <div><br> <div class="gmail_quote">---------- Forwarded message ----------<br> From: <b class="gmail_sendername">Aleksey Lim</b> <span dir="ltr"><<a moz-do-not-send="true" href="mailto:me@alsroot.su">me@alsroot.su</a>></span><br> Date: 2017-01-18 11:27 GMT-05:00<br> Subject: Re: Please Help SN under spam attack<br> To: Laura Vargas <<a moz-do-not-send="true" href="mailto:laura@somosazucar.org">laura@somosazucar.org</a>><br> <br> <br> <span class="">January 18, 2017 7:10 PM, "Laura Vargas" <<a moz-do-not-send="true" href="mailto:laura@somosazucar.org">laura@somosazucar.org</a>> wrote:<br> >> or blocking IPs on Apache level.<br> ><br> > Any risk attached to this option? is this something you could do?<br> <br> </span>Never did such stuff myself, but fast googling suggested<br> <a moz-do-not-send="true" href="https://httpd.apache.org/docs/2.4/howto/access.html" rel="noreferrer" target="_blank">https://httpd.apache.org/docs/<wbr>2.4/howto/access.html</a><br> So, ask icarito to tune webui Apache configuration.<br> <span class="HOEnZb"><font color="#888888"><br> --<br> Aleksey<br> </font></span></div> <br> <br clear="all"> <div><br> </div> -- <br> <div class="gmail_signature" data-smartmail="gmail_signature"> <div dir="ltr"> <div>Laura V.<br> <font color="#ff00ff"><b> I&D SomosAZUCAR.Org</b></font></div> <div><br> </div> <div><font size="2"><span style="color:rgb(102,102,102);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif">“No paradox, no progress.” </span></font></div> <div><font size="2"><span style="color:rgb(102,102,102);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif">~ Niels Bohr</span></font><br> <br> </div> <div>Happy Learning!<br> <br> </div> </div> </div> </div> </div> </blockquote> <br> </div> </body> </html>