Security Concerns

I have had sequence server set up on a number of digital ocean droplets, and also on a local virtual server within my university network. In all cases, after a period of time, they have been detected as to source of various attacks on external servers.

This has not happened with other servers I am running without sequence server installed. What security measures, if any, have you got in place?


Hi Adam,

You should run SequenceServer behind Apache or Nginx and make use of their features to defend against attacks. SequenceServer tries that nobody gets to execute “rm -rf” on the server. Nonetheless, you should be careful not to run it as a privileged user.

Next version introduces thread pool. While many BLAST jobs can be queued, only a limited number will run at a time - depending on the size of thread pool. So you won’t run out of CPU, but you could still run out of memory if you face a DoS attack.

Feel free to review the code and send security fixes. One thing I would be interested in is restricting ENV of sub-processes that are spawned to run BLAST. And a chroot, if possible, to provide pseudo-sandboxing.