sudo-sys

sudo-sys@sudoroom.org

1 participants
740 discussions

*** SECURITY information for sudoroom.org ***

by aep＠sudoroom.org

sudoroom.org : Mar 3 01:24:17 : aep : a password is required ; TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/bash

2 months

Cron <www-data@sudoroom> [ -f /usr/bin/django-admin ] && flock -n /var/run/mailman3-web/cron.monthly /usr/share/mailman3-web/manage.py runjobs monthly

by root＠sudoroom.org

ERROR OCCURED IN JOB: update_and_clean_index (APP: hyperkitty) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django_extensions/management/commands/runjobs.py", line 40, in runjobs job().execute() File "/usr/lib/python3/dist-packages/hyperkitty/jobs/update_and_clean_index.py", line 37, in execute run_with_lock(update_index, remove=True) File "/usr/lib/python3/dist-packages/hyperkitty/lib/utils.py", line 181, in run_with_lock log.exception("Failed to update the fulltext index: %s", e) File "/usr/lib/python3/dist-packages/flufl/lock/_lockfile.py", line 447, in __exit__ self.unlock() File "/usr/lib/python3/dist-packages/flufl/lock/_lockfile.py", line 398, in unlock raise NotLockedError('Already unlocked') flufl.lock._lockfile.NotLockedError: Already unlocked

2 months

*** SECURITY information for sudoroom.org ***

by juul＠sudoroom.org

sudoroom.org : Feb 28 03:08:34 : juul : a password is required ; TTY=pts/0 ; PWD=/home/juul ; USER=root ; COMMAND=/usr/bin/su -

2 months, 1 week

spammers abusing our mailing list again?

by Jake

it looks like it's happening again? Third one in three days like this... -jake This is the mail system at host sudoroom.org. #################################################################### # THIS IS A WARNING ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. # #################################################################### Your message could not be delivered for more than 3 hour(s). It will be retried until it is 2 day(s) old. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <EWBLUE09(a)GMAIL.COM>: host alt1.gmail-smtp-in.l.google.COM[108.177.104.26] said: 450-4.2.1 The user you are trying to contact is receiving mail at a rate that 450-4.2.1 prevents additional messages from being delivered. Please resend your 450-4.2.1 message at a later time. If the user is able to receive mail at that 450-4.2.1 time, your message will be delivered. For more information, go to 450 4.2.1 https://support.google.com/mail/?p=ReceivingRate ez8-20020a0568082a0800b003bbd77157dasi5153333oib.163 - gsmtp (in reply to RCPT TO command) NOTE: emails to the Info list were sent to an individual email address (such as info(a)sudoroom.org) with the PRESUMPTION OF PRIVACY. They may include personal information which the sender would not have sent to a public list (such as sudo-discuss). If you must forward messages to a public list, please take great care to REMOVE SENSITIVE INFORMATION! _______________________________________________ Info mailing list -- info(a)sudoroom.org To unsubscribe send an email to info-leave(a)sudoroom.org

3 months

Cron <www-data@sudoroom> [ -f /usr/bin/django-admin ] && flock -n /var/run/mailman3-web/cron.monthly /usr/share/mailman3-web/manage.py runjobs monthly

by root＠sudoroom.org

3 months

Cron <root@sudoroom> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

by root＠sudoroom.org

/etc/cron.daily/tor-blocklist-update: curl: (7) Failed to connect to check.torproject.org port 443: Connection refused

3 months

Cron <www-data@sudoroom> [ -f /usr/bin/django-admin ] && flock -n /var/run/mailman3-web/cron.monthly /usr/share/mailman3-web/manage.py runjobs monthly

by root＠sudoroom.org

4 months

Cron <root@sudoroom> cd / && run-parts --report /etc/cron.hourly

by root＠sudoroom.org

run-parts: /etc/cron.hourly/droplet-agent exited with return code 100

4 months, 3 weeks

Cron <root@sudoroom> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

by root＠sudoroom.org

/etc/cron.daily/tor-blocklist-update: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 18478 100 18478 0 0 20084 0 --:--:-- --:--:-- --:--:-- 20062

5 months

Re: [sudo-discuss] Re: our mailing list system needs help

by Jake

we're still getting "[sudo-info] Delayed Mail (still being retried)" emails every day...are we retrying to the messages still? Is there a good way to remove those? I can do it if you give me a hint where to look, or what tools to use to dig into this. thank you for your help -jake On Sat, 2 Dec 2023, Jake Watters via sudo-discuss wrote: > Yes please block Tor for now, until we have a better solution > > -jake > > On Sat, Dec 2, 2023, 15:10 Sean Greenslade via sudo-discuss < > sudo-discuss(a)sudoroom.org> wrote: > >> On Fri, Dec 01, 2023 at 09:19:53PM -0800, Jake via sudo-discuss wrote: >>> our mailing list system (postorius) is having problems... we're not sure >> what >>> it is but it looks like some spammer is entering random addresses into >> the >>> "join this mailing list" field and then our system is trying to email a >>> confirmation to those addresses. >>> >>> Anyone want to log in and take a look at it, try to figure out what's >> going >>> on, and figure out a way to fix it? We might need to add a CAPTCHA or at >>> least a checkbox or some sort of puzzle so that people can't just >>> automatically enter email addresses in and have us email them. >> >> I've been doing a bit of investigation on this. It appears that the >> spammer is using Tor to make the subscription requests. I see 68 >> hits to the web interface subscription endpoint within the past day, and >> reverse lookups reveal: >> >>> sortie-tor.a-n-o-n-y-m-e.net. >>> LuxembourgTorNew4.Quetzalcoatl-relays.org. >>> exit-node1.tor-for-privacy.com. >>> tor-exit-anonymizer.appliedprivacy.net. >>> tor-exit-anonymizer.appliedprivacy.net. >>> tor-exit-anonymizer.appliedprivacy.net. >>> tor-exit-anonymizer.appliedprivacy.net. >>> vps-b79172cc.vps.ovh.net. >>> tor-exit-router-xp67.quido.org. >>> fixecalendar.net. >>> tor.d-ku.de. >>> tor-exit.mci.august.is. >>> tor.node15.shadowbrokers.eu. >>> tor-exit-14.zbau.f3netze.de. >>> tor-exit-16.zbau.f3netze.de. >>> tor-exit-5.zbau.f3netze.de. >>> tor-exit-6.zbau.f3netze.de. >>> tor-exit-11.zbau.f3netze.de. >>> tor-exit-12.zbau.f3netze.de. >>> berlin01.tor-exit.artikel10.org. >>> berlin01.tor-exit.artikel10.org. >>> tor-exit-134.relayon.org. >>> tor-exit-136.relayon.org. >>> berlin01.tor-exit.artikel10.org. >>> berlin01.tor-exit.artikel10.org. >>> tor-exit-72.cccs.de. >>> tor-exit-80.cccs.de. >>> tor-exit-81.cccs.de. >>> tor-exit-82.cccs.de. >>> 185-220-102-242.torservers.net. >>> tor-exit-relay-2.anonymizing-proxy.digitalcourage.de. >>> tor-exit-relay-8.anonymizing-proxy.digitalcourage.de. >>> 185-220-102-8.torservers.net. >>> vmi1262847.contaboserver.net. >>> sortie-tor.a-n-o-n-y-m-e.net. >>> tor-exit1-terrahost08.tuxli.org. >>> tor-exit-info.middelstaedt.com. >>> dedicated.sollutium.com. >>> onion.xor.sc. >>> 22.tor-exit.nothingtohide.nl. >>> 26.tor-exit.nothingtohide.nl. >>> 30.tor-exit.nothingtohide.nl. >>> 33.tor-exit.nothingtohide.nl. >>> 34.tor-exit.nothingtohide.nl. >>> 7.tor-exit.nothingtohide.nl. >>> 12.tor-exit.nothingtohide.nl. >>> 15.tor-exit.nothingtohide.nl. >>> 07.rkv.exit.tor.loki.tel. >>> tor.exit.1.newyork.shimadate.com. >>> tor33.quintex.com. >>> tor59.quintex.com. >>> tor76.quintex.com. >>> mail.waytoslowmanagement.de. >>> tor-exit-router.quido.org. >>> exitor.zof.sh. >>> nosoignons.cust.milkywan.net. >>> this-is-a-tor-node---9.artikel5ev.de. >>> tor.node14.shadowbrokers.eu. >> >> My knee-jerk reaction would be to block Tor from our mailing list web >> interface, but I'd want to put that suggestion to the community first. >> Note that users are able to subscribe to mailing lists by direct email >> without using the web interface, so if users wish to maintain anonymity, >> they still have a path. >> >> --Sean >> >> _______________________________________________ >> sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org >> To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org >> More options at >> https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/ >> >

5 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

sudo-sys