Did you figure this out?  I'm very curious as to what this was.  Outside mass admin tool updates, or maybe wheel installation, I can't think of anything that would have triggered anything like this on the Galaxy side.


On Wed, Jul 13, 2016 at 5:31 PM Suderman Keith <> wrote:
We are in the process of installing a Galaxy instance to Amazon EC2 and this morning I received an email from saying that our EC2 instance has been flooding with data in what looks like a DOS attack. A whois shows that the IP belongs to Incapsula, which appears to be a load balancing proxy server.  Does anyone here recognize the IP or use Incapsula?  My first thought is that something in Galaxy might be trying to "phone home".

The Galaxy instance we are using is based on the galaxy-stable:16.04 Docker image from Björn with a few of our tools installed for testing. I've locked down access to the instance until I figure out what happened and I wanted to check in here first to see if I’ve been DOS’ing the Galaxy infrastructure or if anyone recognizes the IP address.


Research Associate
Department of Computer Science
Vassar College
Poughkeepsie, NY

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

To search Galaxy mailing lists use the unified search at: