We are in the process of installing a Galaxy instance to Amazon EC2 and this morning I
received an email from ec2-abuse(a)amazon.com saying that our EC2 instance has been flooding
22.214.171.124 with data in what looks like a DOS attack. A whois shows that the IP belongs
to Incapsula, which appears to be a load balancing proxy server. Does anyone here
recognize the IP or use Incapsula? My first thought is that something in Galaxy might be
trying to "phone home".
The Galaxy instance we are using is based on the galaxy-stable:16.04 Docker image from
Björn with a few of our tools installed for testing. I've locked down access to the
instance until I figure out what happened and I wanted to check in here first to see if
I’ve been DOS’ing the Galaxy infrastructure or if anyone recognizes the IP address.
Department of Computer Science