sudo-sys December 2023

sudo-sys@sudoroom.org

3 participants
4 discussions

Start a nNew thread

Cron <root@sudoroom> cd / && run-parts --report /etc/cron.hourly

by root＠sudoroom.org

run-parts: /etc/cron.hourly/droplet-agent exited with return code 100

1 year

Cron <root@sudoroom> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

by root＠sudoroom.org

/etc/cron.daily/tor-blocklist-update: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 18478 100 18478 0 0 20084 0 --:--:-- --:--:-- --:--:-- 20062

1 year

Re: [sudo-discuss] Re: our mailing list system needs help

by Jake

we're still getting "[sudo-info] Delayed Mail (still being retried)" emails every day...are we retrying to the messages still? Is there a good way to remove those? I can do it if you give me a hint where to look, or what tools to use to dig into this. thank you for your help -jake On Sat, 2 Dec 2023, Jake Watters via sudo-discuss wrote: > Yes please block Tor for now, until we have a better solution > > -jake > > On Sat, Dec 2, 2023, 15:10 Sean Greenslade via sudo-discuss < > sudo-discuss(a)sudoroom.org> wrote: > >> On Fri, Dec 01, 2023 at 09:19:53PM -0800, Jake via sudo-discuss wrote: >>> our mailing list system (postorius) is having problems... we're not sure >> what >>> it is but it looks like some spammer is entering random addresses into >> the >>> "join this mailing list" field and then our system is trying to email a >>> confirmation to those addresses. >>> >>> Anyone want to log in and take a look at it, try to figure out what's >> going >>> on, and figure out a way to fix it? We might need to add a CAPTCHA or at >>> least a checkbox or some sort of puzzle so that people can't just >>> automatically enter email addresses in and have us email them. >> >> I've been doing a bit of investigation on this. It appears that the >> spammer is using Tor to make the subscription requests. I see 68 >> hits to the web interface subscription endpoint within the past day, and >> reverse lookups reveal: >> >>> sortie-tor.a-n-o-n-y-m-e.net. >>> LuxembourgTorNew4.Quetzalcoatl-relays.org. >>> exit-node1.tor-for-privacy.com. >>> tor-exit-anonymizer.appliedprivacy.net. >>> tor-exit-anonymizer.appliedprivacy.net. >>> tor-exit-anonymizer.appliedprivacy.net. >>> tor-exit-anonymizer.appliedprivacy.net. >>> vps-b79172cc.vps.ovh.net. >>> tor-exit-router-xp67.quido.org. >>> fixecalendar.net. >>> tor.d-ku.de. >>> tor-exit.mci.august.is. >>> tor.node15.shadowbrokers.eu. >>> tor-exit-14.zbau.f3netze.de. >>> tor-exit-16.zbau.f3netze.de. >>> tor-exit-5.zbau.f3netze.de. >>> tor-exit-6.zbau.f3netze.de. >>> tor-exit-11.zbau.f3netze.de. >>> tor-exit-12.zbau.f3netze.de. >>> berlin01.tor-exit.artikel10.org. >>> berlin01.tor-exit.artikel10.org. >>> tor-exit-134.relayon.org. >>> tor-exit-136.relayon.org. >>> berlin01.tor-exit.artikel10.org. >>> berlin01.tor-exit.artikel10.org. >>> tor-exit-72.cccs.de. >>> tor-exit-80.cccs.de. >>> tor-exit-81.cccs.de. >>> tor-exit-82.cccs.de. >>> 185-220-102-242.torservers.net. >>> tor-exit-relay-2.anonymizing-proxy.digitalcourage.de. >>> tor-exit-relay-8.anonymizing-proxy.digitalcourage.de. >>> 185-220-102-8.torservers.net. >>> vmi1262847.contaboserver.net. >>> sortie-tor.a-n-o-n-y-m-e.net. >>> tor-exit1-terrahost08.tuxli.org. >>> tor-exit-info.middelstaedt.com. >>> dedicated.sollutium.com. >>> onion.xor.sc. >>> 22.tor-exit.nothingtohide.nl. >>> 26.tor-exit.nothingtohide.nl. >>> 30.tor-exit.nothingtohide.nl. >>> 33.tor-exit.nothingtohide.nl. >>> 34.tor-exit.nothingtohide.nl. >>> 7.tor-exit.nothingtohide.nl. >>> 12.tor-exit.nothingtohide.nl. >>> 15.tor-exit.nothingtohide.nl. >>> 07.rkv.exit.tor.loki.tel. >>> tor.exit.1.newyork.shimadate.com. >>> tor33.quintex.com. >>> tor59.quintex.com. >>> tor76.quintex.com. >>> mail.waytoslowmanagement.de. >>> tor-exit-router.quido.org. >>> exitor.zof.sh. >>> nosoignons.cust.milkywan.net. >>> this-is-a-tor-node---9.artikel5ev.de. >>> tor.node14.shadowbrokers.eu. >> >> My knee-jerk reaction would be to block Tor from our mailing list web >> interface, but I'd want to put that suggestion to the community first. >> Note that users are able to subscribe to mailing lists by direct email >> without using the web interface, so if users wish to maintain anonymity, >> they still have a path. >> >> --Sean >> >> _______________________________________________ >> sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org >> To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org >> More options at >> https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/ >> >

1 year

Cron <www-data@sudoroom> [ -f /usr/bin/django-admin ] && flock -n /var/run/mailman3-web/cron.monthly /usr/share/mailman3-web/manage.py runjobs monthly

by root＠sudoroom.org

ERROR OCCURED IN JOB: update_and_clean_index (APP: hyperkitty) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django_extensions/management/commands/runjobs.py", line 40, in runjobs job().execute() File "/usr/lib/python3/dist-packages/hyperkitty/jobs/update_and_clean_index.py", line 37, in execute run_with_lock(update_index, remove=True) File "/usr/lib/python3/dist-packages/hyperkitty/lib/utils.py", line 181, in run_with_lock log.exception("Failed to update the fulltext index: %s", e) File "/usr/lib/python3/dist-packages/flufl/lock/_lockfile.py", line 447, in __exit__ self.unlock() File "/usr/lib/python3/dist-packages/flufl/lock/_lockfile.py", line 398, in unlock raise NotLockedError('Already unlocked') flufl.lock._lockfile.NotLockedError: Already unlocked

1 year

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

sudo-sys December 2023