[Gluster-infra] [Gluster-users] lists.gluster.org issues this weekend

Ravishankar N ravishankar at redhat.com
Thu Nov 9 06:46:33 UTC 2017 

[Removing users and devel from the recipient list]
Hello,
I sent a response today to the users ML but it hasn't been delivered. 
Wondering if there is some server problem again or something wrong with 
my email account?
Thanks,
Ravi

On 09/22/2017 07:10 AM, Ravishankar N wrote:
> Hello,
> Are our servers still facing the overload issue? My replies to 
> gluster-users ML are not getting delivered to the list.
> Regards,
> Ravi
>
> On 09/19/2017 10:03 PM, Michael Scherer wrote:
>> Le samedi 16 septembre 2017 à 20:48 +0530, Nigel Babu a écrit :
>>> Hello folks,
>>>
>>> We have discovered that for the last few weeks our mailman server was
>>> used
>>> for a spam attack. The attacker would make use of the + feature
>>> offered by
>>> gmail and hotmail. If you send an email toexample at hotmail.com,
>>> example+foo at hotmail.com,example+bar at hotmail.com, it goes to the same
>>> inbox. We were constantly hit with requests to subscribe to a few
>>> inboxes.
>>> These requests overloaded our mail server so much that it gave up. We
>>> detected this failure because a postmortem email to
>>> gluster-infra at gluster.org  bounced. Any emails sent to our mailman
>>> server
>>> may have been on hold for the last 24 hours or so. They should be
>>> processed
>>> now as your email provider re-attempts.
>>>
>>> For the moment, we've banned subscribing with an email address with a
>>> + in
>>> the name. If you are already subscribed to the lists with a + in your
>>> email
>>> address, you will continue to be able to use the lists.
>>>
>>> We're looking at banning the spam IP addresses from being able to hit
>>> the
>>> web interface at all. When we have a working alternative, we will
>>> look at
>>> removing the current ban of using + in address.
>> So we have a alternative in place, I pushed a blacklist using
>> mod_security and a few DNS blacklist:
>> https://github.com/gluster/gluster.org_ansible_configuration/commit/2f4
>> c1b8feeae16e1d0b7d6073822a6786ed21dde
>>
>>
>>
>>
>>> Apologies for the outage and a big shout out to Michael for taking
>>> time out
>>> of his weekend to debug and fix the issue.
>> Well, you can thanks the airport in Prague for being less interesting
>> than a spammer attacking us.
>>
>>
>>
>> _______________________________________________
>> Gluster-users mailing list
>> Gluster-users at gluster.org
>> http://lists.gluster.org/mailman/listinfo/gluster-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20171109/897a5fd9/attachment.html>

More information about the Gluster-infra mailing list