Blacklist: Difference between revisions

HA! We do not have a blacklist for ZINC, a list of compound vendors who have been difficult or unresponsive in the past. Instead, we simply remove these vendors from ZINC completely.

If you have trouble with a vendor, whether it is failure to deliver, failure to communicate in a timely fashion, or some other reason that makes you not want to do business with them, please write to us so that we incorporate your feedback to make ZINC more useful to everyone.

Thank you John Irwin

Blacklist IP Address

Once in a while, we would have bot submitting huge amount of requests to ZINC and overload our database 1. Figure the problematic IP Address by going to this address below and figuring out the ones with the most requests

http://epyc/server-status

2. Add IP address to blackhole list

ssh epyc
sudo ip route add blackhole <ip_address>

3. Remove the ip address from blacklist (if neccessary)

sudo ip route show // to list the black listed ips
sudo ip route del <ip_address> 

Generally, we remove from the blacklist after 24 hours. If the problem persists, we leave them on the blacklist.

Banning Script

Be root on epyc and run the script in "/root/ban_ip_on_reboot.sh" that will ban all the IPs in the text file "/root/banned_ips.txt". If you want to add move IPs, append them in "/root/banned_ips.txt".

Handy Tips

1. Check the top 10 IPs that have made requests on HTTPD

   grep -h "\[$(date +'%d/%b/%Y:%H:')" /var/log/httpd/*/access_log | cut -d' ' -f1 | sort | uniq -c | sort -nr | head -n10

2. Go to server-status of HTTPD proxy hosts to see if any IPs are doing a suspicious amount of requests.
   • Epyc = https://irwinlab2.ucsf.edu/server-status/
   • Files2 = https://irwinlab1.ucsf.edu/server-status/
   • Vav = https://vav.compbio.ucsf.edu/server-status/
3. Go to this website to check if an IP is malicious.
   • https://www.abuseipdb.com/