We are in the process of installing a Galaxy instance to Amazon EC2 and this morning I received an email from ec2-abuse@amazon.com saying that our EC2 instance has been flooding 45.64.64.40 with data in what looks like a DOS attack. A whois shows that the IP belongs to Incapsula, which appears to be a load balancing proxy server. Does anyone here recognize the IP or use Incapsula? My first thought is that something in Galaxy might be trying to "phone home".
The Galaxy instance we are using is based on the galaxy-stable:16.04 Docker image from Björn with a few of our tools installed for testing. I've locked down access to the instance until I figure out what happened and I wanted to check in here first to see if I’ve been DOS’ing the Galaxy infrastructure or if anyone recognizes the IP address.
Keith
------------------------------ Research Associate Department of Computer Science Vassar College Poughkeepsie, NY
Keith,
Did you figure this out? I'm very curious as to what this was. Outside mass admin tool updates, or maybe wheel installation, I can't think of anything that would have triggered anything like this on the Galaxy side.
-Dannon
On Wed, Jul 13, 2016 at 5:31 PM Suderman Keith suderman@cs.vassar.edu wrote:
We are in the process of installing a Galaxy instance to Amazon EC2 and this morning I received an email from ec2-abuse@amazon.com saying that our EC2 instance has been flooding 45.64.64.40 with data in what looks like a DOS attack. A whois shows that the IP belongs to Incapsula, which appears to be a load balancing proxy server. Does anyone here recognize the IP or use Incapsula? My first thought is that something in Galaxy might be trying to "phone home".
The Galaxy instance we are using is based on the galaxy-stable:16.04 Docker image from Björn with a few of our tools installed for testing. I've locked down access to the instance until I figure out what happened and I wanted to check in here first to see if I’ve been DOS’ing the Galaxy infrastructure or if anyone recognizes the IP address.
Keith
Research Associate Department of Computer Science Vassar College Poughkeepsie, NY
Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Hi Dannon,
No, I never did figure out what happened. I couldn't find anything in our log files and Incapsula wasn't very helpful. Since it was just a testing/development instance I simply took it down and spun up a new instance with better security/passwords as I did have two Tomcat instances also running with relatively weak passwords. There hasn't been any problem since.
Keith
On Jul 25, 2016, at 9:51 AM, Dannon Baker dannon.baker@gmail.com wrote:
Keith,
Did you figure this out? I'm very curious as to what this was. Outside mass admin tool updates, or maybe wheel installation, I can't think of anything that would have triggered anything like this on the Galaxy side.
-Dannon
On Wed, Jul 13, 2016 at 5:31 PM Suderman Keith <suderman@cs.vassar.edu mailto:suderman@cs.vassar.edu> wrote: We are in the process of installing a Galaxy instance to Amazon EC2 and this morning I received an email from ec2-abuse@amazon.com mailto:ec2-abuse@amazon.com saying that our EC2 instance has been flooding 45.64.64.40 with data in what looks like a DOS attack. A whois shows that the IP belongs to Incapsula, which appears to be a load balancing proxy server. Does anyone here recognize the IP or use Incapsula? My first thought is that something in Galaxy might be trying to "phone home".
The Galaxy instance we are using is based on the galaxy-stable:16.04 Docker image from Björn with a few of our tools installed for testing. I've locked down access to the instance until I figure out what happened and I wanted to check in here first to see if I’ve been DOS’ing the Galaxy infrastructure or if anyone recognizes the IP address.
Keith
Research Associate Department of Computer Science Vassar College Poughkeepsie, NY
Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ http://galaxyproject.org/search/mailinglists/
------------------------------ Research Associate Department of Computer Science Vassar College Poughkeepsie, NY
galaxy-dev@lists.galaxyproject.org