[Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org
Barry Warsaw
barry at python.org
Mon May 14 15:10:59 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 14, 2007, at 4:54 AM, Brad Knowles wrote:
> Looks like we're having some problems within the bug tracking system,
> and I'm not quite sure where to report this one.
I think the meta-tracker is the right place to report this:
http://psf.upfronthosting.co.za/roundup/meta/
as is the tracker-discuss at python.org mailing list.
> We should probably also re-check all of our other systems to ensure
> that they are secure.
The Roundup tracker is still beta so I know that those guys have been
working hard to address issues like this. As far as other systems
go, I think the wiki has been plagued by spam in the past, though
ISTR reading that certain recent measures have helped here too.
> Barry -- I imagine we'll want to check all known blacklists to ensure
> that our IP address(es) either has/have not been added as a result of
> this activity, or that we get it/them removed as quickly as possible.
>
> I'll do an initial run on that process right after I send this
> message (checking all the IP addresses, hostnames, URLs, etc... that
> I know about using all the blacklist checking resources I know
> about), but you'll probably want to followup as soon as you can.
Brad, I really appreciate you looking into this. I don't know when
I'll have time to look into this, but if there's anything specific
you want me to look at, let me know. I'll try to hang out on
#pydotorg today.
[quoting the rest of the message for the benefit of tracker-discuss -
BAW]
- -Barry
> Lets see how quickly we can get this issue resolved. I'd followup
> with immediate telephone calls right now, but I don't have any
> numbers for anyone, and since it's 3:50AM CDT, I figure most of the
> US people are probably asleep. I might be able to catch a few people
> in Europe, but that would include the likes of Vincent and this
> message demonstrates that they're probably already doing everything
> they can.
>
> We'll want to address that telephone escalation issue in the "lessons
> learned" session after we've dealt with the initial fallout.
>
>
> Here we go....
>
> --- begin forwarded text
>
> Delivered-To: postmaster at bag.python.org
> Date: Mon, 14 May 2007 09:21:02 +0200
> From: Vincent
> Organization: XS4ALL Internet BV
> Cc: postmaster at python.org
> Subject: spamvertised content on bugs.python.org
>
> Hello,
>
> It appears that spammers have uploaded some files to bugs.python.org
> (and perhaps other places) with the intention to abuse the system as
> a spamvertised-website hosting system.
>
> Here are some URLs that have been reported to us (as actual spam-
> reports):
>
> http://bugs.python.org/file7737/strippers456.html
> http://bugs.python.org/file7733/squirt.html
> http://bugs.python.org/file7735/stocking.html
> http://bugs.python.org/file7738/strippers.html
> http://bugs.python.org/file7741/swingers5236.html
> http://bugs.python.org/file7739/stripping.html
> http://bugs.python.org/file7740/sucking.html
> http://bugs.python.org/file7742/swingers.html
>
> I'd recommend you examine the logs for the bug tracking system to
> find any accounts related to this one and close them. This type of
> abuse has recently taken off; it might be useful to re-examine the
> measures in place to prevent this and other abuse of the bug-tracking
> system.
> --
> XS4ALL Abuse http://www.xs4all.nl/veiligheid/
> XS4ALL Internet B.V. Diemen KvK 33287534
>
> --- end forwarded text
>
>
> --
> Brad Knowles <brad at python.org>
> Member of the Python.org Postmaster Team
> Co-moderator of mailman-users and mailman-developers mailing lists
>
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
> _______________________________________________
> Pydotorg mailing list
> Pydotorg at python.org
> http://mail.python.org/mailman/listinfo/pydotorg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQCVAwUBRkhf43EjvBPtnXfVAQJEyAP+LgnY1azPmHPfw4VM+Vr91Gv/EqBqBhM1
3N65zEE3C600as03zQzWMd37d1+e459n0di9KFfbAXCh8CEQqPAaRCBxej3srzTy
vKTeenWduUbqXFdVlWZ65t/89iKDAHVseWJAFjWSd9TtJheyNmjZs1FQS9Of5qaa
nZLM7BraeFs=
=x5s6
-----END PGP SIGNATURE-----
More information about the Tracker-discuss
mailing list