Hi all,
I found no evidence that the system was compromised, so I've re-enabled the email. I'll keep an eye on it.
Thanks for all your good advice and thoughts.
Best Regards, Martin Owens
On Sun, 2017-04-30 at 22:55 -0600, brynn wrote:
So without reg confirmation e mails, doesn't that mean that people can't register? It also breaks the Comment and Message notifications, right?
Should we put a message on the website, so people aren't banging their head trying to reg? Or will you switch to manual activation? That would probably take more time than you have, wouldn't it?
Can't OSUOSL help? Do I remember correctly that we don't even have root access to the server. I could be mis-remembering, or maybe the situation changed? But if we don't even have root access, there's nothing would could do about it, even if we knew how. To me, that makes it OSUOSL's problem.
Even if it's not their problem, they probably need to be notified. It seems to me like security is their responsibility. And they should have security measures that should have prevented this. Not unless this was an extremely high-level attack -- out of the wild, or whatever they call it.
Other than that, all I can say is make sure you have backups on a different machine.
(inching ever closer to new host?)
brynn
-----Original Message----- From: Martin Owens Sent: Saturday, April 29, 2017 3:54 PM To: inkscape-devel Subject: [Inkscape-devel] Email spam from inkscape.org
Hi all,
I've disabled the email server on osuosl's machine which is hosting inkscape.org, it sent out some spam (50~140) with a rather inviting political headline subject, and a mortgage advert body. whereupon 22 people emailed me (the webmaster) with abuse.
I'm going to continue to monitor it, but without some sort of expert that can tell if the machine is compromised, I may just have to keep email offline for now.
Sorry for the inconvenience. Effected will be: registration confirmation emails, password resets and any website notifications.
Best Regards, Martin Owens
Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel