[galaxy-dev] DOS attack launched from our Galaxy instance

We are in the process of installing a Galaxy instance to Amazon EC2 and this morning I received an email from ec2-abuse(a)amazon.com saying that our EC2 instance has been flooding 45.64.64.40 with data in what looks like a DOS attack. A whois shows that the IP belongs to Incapsula, which appears to be a load balancing proxy server. Does anyone here recognize the IP or use Incapsula? My first thought is that something in Galaxy might be trying to "phone home". The Galaxy instance we are using is based on the galaxy-stable:16.04 Docker image from Björn with a few of our tools installed for testing. I've locked down access to the instance until I figure out what happened and I wanted to check in here first to see if I’ve been DOS’ing the Galaxy infrastructure or if anyone recognizes the IP address. Keith ------------------------------ Research Associate Department of Computer Science Vassar College Poughkeepsie, NY