Attack on Mailman Server?
I had some attacks on my wordpress homepage today, I added some IPs to the blacklist of my firewall. At the same time, I got several reports like this:
Internal Server Error: /accounts/signup/
TemplateDoesNotExist at /accounts/signup/ 429.html
Request Method: OPTIONS Request URL: https://lists.eehmke.de/accounts/signup/ Django Version: 3.2.16 Python Executable: /opt/mailman/venv/bin/uwsgi Python Version: 3.9.2 Python Path: ['.', '', '/etc/mailman3', '/usr/lib/python39.zip', '/usr/lib/ python3.9', '/usr/lib/python3.9/lib-dynload', '/opt/mailman/venv/lib/ python3.9/site-packages'] Server time: Thu, 09 Mar 2023 13:09:34 +0100
So it seems there were attempts to register new users but this caused this internal error. Where can I send the complete error message?
On 2023-03-09 20:34:51 +0100 (+0100), Eggert Ehmke via Mailman-users wrote:
I had some attacks on my wordpress homepage today [...] So it seems there were attempts to register new users [...]
If it helps, we see this constantly on our Mailman 2.1 servers. The old confirmation token mechanism it uses is sufficiently weak that attackers just keep trying until they manage to brute-force it and add some victim's address to every list they can. There's also a slightly different pattern we've observed which seems to just be focused on sending as many confirmation messages to a victim as possible. Both are, as far as I can tell, an attempt to overwhelm someone's inbox (usually abuse or support aliases for service providers). It's probably the biggest incentive we've had to finally start migrating our various list sites to Mailman 3.
Jeremy Stanley
On 3/9/23 11:34, Eggert Ehmke via Mailman-users wrote:
I had some attacks on my wordpress homepage today, I added some IPs to the blacklist of my firewall. At the same time, I got several reports like this:
Internal Server Error: /accounts/signup/
TemplateDoesNotExist at /accounts/signup/ 429.html
I suspect that's a coincidence.
Request Method: OPTIONS Request URL: https://lists.eehmke.de/accounts/signup/ Django Version: 3.2.16 Python Executable: /opt/mailman/venv/bin/uwsgi Python Version: 3.9.2 Python Path: ['.', '', '/etc/mailman3', '/usr/lib/python39.zip', '/usr/lib/ python3.9', '/usr/lib/python3.9/lib-dynload', '/opt/mailman/venv/lib/ python3.9/site-packages'] Server time: Thu, 09 Mar 2023 13:09:34 +0100
So it seems there were attempts to register new users but this caused this internal error. Where can I send the complete error message?
I would look in the web server logs to see what the actual accesses were. I'm guessing you'll find that some bot or script kiddies did a GET of /accounts/signup/429.html.
You could also look for more detail in whatever log Django writes. This is defined in Django's settings as LOGGING['handlers']['file']['filename'] and is often Mailman's var/logs/mailmansuite.log. If you followed https://docs.mailman3.org/en/latest/install/virtualenv.html#initial-configur... it is /opt/mailman/web/logs/mailmanweb.log.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
In the log file there are several entries like this:
ERROR 2023-03-09 13:09:34,066 53357 django.request Internal Server Error: /accounts/ signup/ Traceback (most recent call last): File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 47, in inner response = get_response(request) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/base.py", line 181, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/generic/base.py", line 70, in view return self.dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/utils/decorators.py", line 43, in _wrapper return bound_method(*args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/decorators.py", line 18, in wrap resp = ratelimit.consume_or_429(request, action=action, **rl_kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/ratelimit.py", line 77, in consume_or_429 return render(request, "429." + app_settings.TEMPLATE_EXTENSION, status=429) File "/opt/mailman/venv/lib/python3.9/site-packages/django/shortcuts.py", line 19, in render content = loader.render_to_string(template_name, context, request, using=using) File "/opt/mailman/venv/lib/python3.9/site-packages/django/template/loader.py", line 61, in render_to_string template = get_template(template_name, using=using) File "/opt/mailman/venv/lib/python3.9/site-packages/django/template/loader.py", line 19, in get_template raise TemplateDoesNotExist(template_name, chain=chain) django.template.exceptions.TemplateDoesNotExist: 429.html
So what is special about this 429.html?
Am Donnerstag, 9. März 2023, 21:26:03 CET schrieb Mark Sapiro:
On 3/9/23 11:34, Eggert Ehmke via Mailman-users wrote:
I had some attacks on my wordpress homepage today, I added some IPs to the blacklist of my firewall. At the same time, I got several reports like this:
Internal Server Error: /accounts/signup/
TemplateDoesNotExist at /accounts/signup/ 429.html
I suspect that's a coincidence.
Request Method: OPTIONS Request URL: https://lists.eehmke.de/accounts/signup/ Django Version: 3.2.16 Python Executable: /opt/mailman/venv/bin/uwsgi Python Version: 3.9.2 Python Path: ['.', '', '/etc/mailman3', '/usr/lib/python39.zip', '/usr/lib/ python3.9', '/usr/lib/python3.9/lib-dynload', '/opt/mailman/venv/lib/ python3.9/site-packages'] Server time: Thu, 09 Mar 2023 13:09:34 +0100
So it seems there were attempts to register new users but this caused this internal error. Where can I send the complete error message?
I would look in the web server logs to see what the actual accesses were. I'm guessing you'll find that some bot or script kiddies did a GET of /accounts/signup/429.html.
You could also look for more detail in whatever log Django writes. This is defined in Django's settings as LOGGING['handlers']['file']['filename'] and is often Mailman's var/logs/mailmansuite.log. If you followed https://docs.mailman3.org/en/latest/install/virtualenv.html#initial-configur ation it is /opt/mailman/web/logs/mailmanweb.log.
On 3/9/23 12:34, Eggert Ehmke via Mailman-users wrote:
In the log file there are several entries like this:
ERROR 2023-03-09 13:09:34,066 53357 django.request Internal Server Error: /accounts/ signup/ Traceback (most recent call last): File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 47, in inner response = get_response(request) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/base.py", line 181, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/generic/base.py", line 70, in view return self.dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/utils/decorators.py", line 43, in _wrapper return bound_method(*args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/decorators.py", line 18, in wrap resp = ratelimit.consume_or_429(request, action=action, **rl_kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/ratelimit.py", line 77, in consume_or_429 return render(request, "429." + app_settings.TEMPLATE_EXTENSION, status=429) File "/opt/mailman/venv/lib/python3.9/site-packages/django/shortcuts.py", line 19, in render content = loader.render_to_string(template_name, context, request, using=using) File "/opt/mailman/venv/lib/python3.9/site-packages/django/template/loader.py", line 61, in render_to_string template = get_template(template_name, using=using) File "/opt/mailman/venv/lib/python3.9/site-packages/django/template/loader.py", line 19, in get_template raise TemplateDoesNotExist(template_name, chain=chain) django.template.exceptions.TemplateDoesNotExist: 429.html
So what is special about this 429.html?
Django allauth is returning a 429 status because it is rate limiting due to too many requests in a short time (a bot accessing the signup page multiple times per second.)
Allauth is telling Django to render a status=429 response using a 429.html template and Django can't find one.
This would appear to be a django-allauth issue.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Eggert Ehmke -
Jeremy Stanley -
Mark Sapiro