Email spam from inkscape.org
Hi all,
I've disabled the email server on osuosl's machine which is hosting inkscape.org, it sent out some spam (50~140) with a rather inviting political headline subject, and a mortgage advert body. whereupon 22 people emailed me (the webmaster) with abuse.
I'm going to continue to monitor it, but without some sort of expert that can tell if the machine is compromised, I may just have to keep email offline for now.
Sorry for the inconvenience. Effected will be: registration confirmation emails, password resets and any website notifications.
Best Regards, Martin Owens
Oh :-( Does anyone know someone who could help?
(I guess you've already checked that the server actually sent those, and that it wasn't just in the emails' 'From' field? - Sorry, that's the only thing I know about this..., there are people doing that with our private server, too. I think there is an option in the mail server settings that allows other email programs to request confirmation that the mail was actually sent from that server).
Regards, Maren
Am 29.04.2017 um 23:54 schrieb Martin Owens:
Hi all,
I've disabled the email server on osuosl's machine which is hosting inkscape.org, it sent out some spam (50~140) with a rather inviting political headline subject, and a mortgage advert body. whereupon 22 people emailed me (the webmaster) with abuse.
I'm going to continue to monitor it, but without some sort of expert that can tell if the machine is compromised, I may just have to keep email offline for now.
Sorry for the inconvenience. Effected will be: registration confirmation emails, password resets and any website notifications.
Best Regards, Martin Owens
Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
On Sun, 2017-04-30 at 00:22 +0200, Maren Hachmann wrote:
Oh :-( Does anyone know someone who could help?
(I guess you've already checked that the server actually sent those, and that it wasn't just in the emails' 'From' field? - Sorry, that's the only thing I know about this..., there are people doing that with our private server, too. I think there is an option in the mail server settings that allows other email programs to request confirmation that the mail was actually sent from that server).
Hi Maren,
I suspect the emails weren't sent from our system, as the email addresses that replied don't appear in our mail logs.
But I'm being cautious because the system isn't as secure as it could be with an expert in the helm.
Martin Owens
Couldn't you ask for the email header from one of the people who complained?
Maren
Am 30.04.2017 um 00:32 schrieb Martin Owens:
On Sun, 2017-04-30 at 00:22 +0200, Maren Hachmann wrote:
Oh :-( Does anyone know someone who could help?
(I guess you've already checked that the server actually sent those, and that it wasn't just in the emails' 'From' field? - Sorry, that's the only thing I know about this..., there are people doing that with our private server, too. I think there is an option in the mail server settings that allows other email programs to request confirmation that the mail was actually sent from that server).
Hi Maren,
I suspect the emails weren't sent from our system, as the email addresses that replied don't appear in our mail logs.
But I'm being cautious because the system isn't as secure as it could be with an expert in the helm.
Martin Owens
On Sun, Apr 30, 2017 at 12:43:54AM +0200, Maren Hachmann wrote:
Couldn't you ask for the email header from one of the people who complained?
Maren
Am 30.04.2017 um 00:32 schrieb Martin Owens:
On Sun, 2017-04-30 at 00:22 +0200, Maren Hachmann wrote:
Oh :-( Does anyone know someone who could help?
(I guess you've already checked that the server actually sent those, and that it wasn't just in the emails' 'From' field? - Sorry, that's the only thing I know about this..., there are people doing that with our private server, too. I think there is an option in the mail server settings that allows other email programs to request confirmation that the mail was actually sent from that server).
Hi Maren,
I suspect the emails weren't sent from our system, as the email addresses that replied don't appear in our mail logs.
Yeah, I've had a few emails recently which caused me to think about bouncing them to abuse addresses for where they claimed to come from. But after a few minutes looking at the headers it seemed unlikely that any of them came from where they claimed. So I managed to not send spurious complaints.
In this case, Martin has done the right thing, but it results in a DOS for anybody who actually needs a mail. Technology isn't always wonderful. If possible, getting headers from some of the complainers would be useful (I suspect most people who complain will also bin the offending mail, might need to ask a lot of them to get any response).
ĸen
So without reg confirmation e mails, doesn't that mean that people can't register? It also breaks the Comment and Message notifications, right?
Should we put a message on the website, so people aren't banging their head trying to reg? Or will you switch to manual activation? That would probably take more time than you have, wouldn't it?
Can't OSUOSL help? Do I remember correctly that we don't even have root access to the server. I could be mis-remembering, or maybe the situation changed? But if we don't even have root access, there's nothing would could do about it, even if we knew how. To me, that makes it OSUOSL's problem.
Even if it's not their problem, they probably need to be notified. It seems to me like security is their responsibility. And they should have security measures that should have prevented this. Not unless this was an extremely high-level attack -- out of the wild, or whatever they call it.
Other than that, all I can say is make sure you have backups on a different machine.
(inching ever closer to new host?)
brynn
-----Original Message----- From: Martin Owens Sent: Saturday, April 29, 2017 3:54 PM To: inkscape-devel Subject: [Inkscape-devel] Email spam from inkscape.org
Hi all,
I've disabled the email server on osuosl's machine which is hosting inkscape.org, it sent out some spam (50~140) with a rather inviting political headline subject, and a mortgage advert body. whereupon 22 people emailed me (the webmaster) with abuse.
I'm going to continue to monitor it, but without some sort of expert that can tell if the machine is compromised, I may just have to keep email offline for now.
Sorry for the inconvenience. Effected will be: registration confirmation emails, password resets and any website notifications.
Best Regards, Martin Owens
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
Hi all,
I found no evidence that the system was compromised, so I've re-enabled the email. I'll keep an eye on it.
Thanks for all your good advice and thoughts.
Best Regards, Martin Owens
On Sun, 2017-04-30 at 22:55 -0600, brynn wrote:
So without reg confirmation e mails, doesn't that mean that people can't register? It also breaks the Comment and Message notifications, right?
Should we put a message on the website, so people aren't banging their head trying to reg? Or will you switch to manual activation? That would probably take more time than you have, wouldn't it?
Can't OSUOSL help? Do I remember correctly that we don't even have root access to the server. I could be mis-remembering, or maybe the situation changed? But if we don't even have root access, there's nothing would could do about it, even if we knew how. To me, that makes it OSUOSL's problem.
Even if it's not their problem, they probably need to be notified. It seems to me like security is their responsibility. And they should have security measures that should have prevented this. Not unless this was an extremely high-level attack -- out of the wild, or whatever they call it.
Other than that, all I can say is make sure you have backups on a different machine.
(inching ever closer to new host?)
brynn
-----Original Message----- From: Martin Owens Sent: Saturday, April 29, 2017 3:54 PM To: inkscape-devel Subject: [Inkscape-devel] Email spam from inkscape.org
Hi all,
I've disabled the email server on osuosl's machine which is hosting inkscape.org, it sent out some spam (50~140) with a rather inviting political headline subject, and a mortgage advert body. whereupon 22 people emailed me (the webmaster) with abuse.
I'm going to continue to monitor it, but without some sort of expert that can tell if the machine is compromised, I may just have to keep email offline for now.
Sorry for the inconvenience. Effected will be: registration confirmation emails, password resets and any website notifications.
Best Regards, Martin Owens
Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Inkscape-devel mailing list Inkscape-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-devel
participants (4)
-
brynn -
Ken Moffat -
Maren Hachmann -
Martin Owens