Hacking attempts?
Hi,
We are seeing thousands of these emails every day, looks like someone is trying to hack our Mailman3 but would appreciate someone with more knowledge of MM3 to confirm.
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error? also how do we stop/block this?
TIA and here is a typical email:
Subject: [Django] ERROR (EXTERNAL IP): Internal Server Error: /mailman3/accounts/fedora/login/
Internal Server Error: /mailman3/accounts/fedora/login/
TypeError at /accounts/fedora/login/ _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint'
Request Method: GET Request URL: https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/ <https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/> Django Version: 2.2.26 Python Executable: /usr/bin/uwsgi-core Python Version: 3.9.2 Python Path: ['.', '', '/usr/lib/python39.zip', '/usr/lib/python3.9', '/usr/lib/python3.9/lib-dynload', '/usr/local/lib/python3.9/dist-packages', '/usr/lib/python3/dist-packages', '/usr/lib/python3.9/dist-packages'] Server time: Thu, 14 Jul 2022 02:34:04 -0400 Installed Applications: ('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')
Traceback:
File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py" in inner 34. response = get_response(request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response 115. response = self.process_exception_by_middleware(e, request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response 113. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in view 71. return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in dispatch 97. return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in get 56. return self.post(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in post 67. client = _openid_consumer(request)
Exception Type: TypeError at /accounts/fedora/login/ Exception Value: _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint' Request information: USER: AnonymousUser
GET: process = 'login' next = '/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/'
POST: No POST data
FILES: No FILES data
COOKIES: No cookie data
META: CONTEXT_DOCUMENT_ROOT = '/var/www/html' CONTEXT_PREFIX = '' DOCUMENT_ROOT = '/var/www/html' GATEWAY_INTERFACE = 'CGI/1.1' HTTPS = 'on' HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' HTTP_ACCEPT_ENCODING = 'gzip,deflate' HTTP_CONNECTION = 'Keep-Alive' HTTP_HOST = 'mailman.ardc.net <http://mailman.ardc.net/>' HTTP_USER_AGENT = 'Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/ <http://webmeup-crawler.com/>)' PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' PATH_INFO = '/accounts/fedora/login/' QUERY_STRING = 'process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/' REMOTE_ADDR = '157.90.177.212' REMOTE_PORT = '63384' REQUEST_METHOD = 'GET' REQUEST_SCHEME = 'https' REQUEST_URI = '/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/' SCRIPT_FILENAME = 'proxy:uwsgi://localhost//accounts/fedora/login/' <uwsgi://localhost//accounts/fedora/login/'> SCRIPT_NAME = '/mailman3' SERVER_ADDR = '44.1.1.29' SERVER_ADMIN = 'postmaster@ardc.net <mailto:postmaster@ardc.net>' SERVER_NAME = 'mailman.ardc.net <http://mailman.ardc.net/>' SERVER_PORT = '443' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SIGNATURE = '<address>Apache/2.4.53 (Debian) Server at mailman.ardc.net <http://mailman.ardc.net/> Port 443</address>\n' SERVER_SOFTWARE = 'Apache/2.4.53 (Debian)' SSL_TLS_SNI = 'mailman.ardc.net <http://mailman.ardc.net/>' uwsgi.core = 1 uwsgi.node = b'mailman' uwsgi.version = b'2.0.19.1-debian' wsgi.errors = <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'> wsgi.file_wrapper = '' wsgi.input = <uwsgi._Input object at 0x7f8e0b4a0410> wsgi.multiprocess = False wsgi.multithread = True wsgi.run_once = False wsgi.url_scheme = 'https' wsgi.version = '(1, 0)'
Settings: Using settings module settings ABSOLUTE_URL_OVERRIDES = {} ACCOUNT_AUTHENTICATION_METHOD = 'username_email' ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = 'mandatory' ACCOUNT_UNIQUE_EMAIL = True ADMINS = "(('Mailman Suite Admin', 'postmaster@ardc.net <mailto:postmaster@ardc.net>'),)" ALLOWED_HOSTS = ['*'] APPEND_SLASH = True AUTHENTICATION_BACKENDS = "('django.contrib.auth.backends.ModelBackend', 'allauth.account.auth_backends.AuthenticationBackend')" AUTH_PASSWORD_VALIDATORS = '********************' AUTH_USER_MODEL = 'auth.User' BASE_DIR = '/usr/share/mailman3-web' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} CACHE_MIDDLEWARE_ALIAS = 'default' CACHE_MIDDLEWARE_KEY_PREFIX = '********************' CACHE_MIDDLEWARE_SECONDS = 600 COMPRESSORS = {'css': 'compressor.css.CssCompressor', 'js': 'compressor.js.JsCompressor'} COMPRESS_CACHEABLE_PRECOMPILERS = '()' COMPRESS_CACHE_BACKEND = 'default' COMPRESS_CACHE_KEY_FUNCTION = '********************' COMPRESS_CLEAN_CSS_ARGUMENTS = '' COMPRESS_CLEAN_CSS_BINARY = 'cleancss' COMPRESS_CLOSURE_COMPILER_ARGUMENTS = '' COMPRESS_CLOSURE_COMPILER_BINARY = 'java -jar compiler.jar' COMPRESS_CSS_HASHING_METHOD = 'mtime' COMPRESS_DATA_URI_MAX_SIZE = 1024 COMPRESS_DEBUG_TOGGLE = None COMPRESS_ENABLED = True COMPRESS_FILTERS = {'css': ['compressor.filters.css_default.CssAbsoluteFilter'], 'js': ['compressor.filters.jsmin.JSMinFilter']} COMPRESS_JINJA2_GET_ENVIRONMENT = <function CompressorConf.JINJA2_GET_ENVIRONMENT at 0x7f8e17d7a670> COMPRESS_MINT_DELAY = 30 COMPRESS_MTIME_DELAY = 10 COMPRESS_OFFLINE = True COMPRESS_OFFLINE_CONTEXT = {'STATIC_URL': '/mailman3/static/'} COMPRESS_OFFLINE_MANIFEST = 'manifest.json' COMPRESS_OFFLINE_TIMEOUT = 31536000 COMPRESS_OUTPUT_DIR = 'CACHE' COMPRESS_PARSER = 'compressor.parser.AutoSelectParser' COMPRESS_PRECOMPILERS = '()' COMPRESS_REBUILD_TIMEOUT = 2592000 COMPRESS_ROOT = '/var/lib/mailman3/web/static' COMPRESS_STORAGE = 'compressor.storage.CompressorFileStorage' COMPRESS_TEMPLATE_FILTER_CONTEXT = {'STATIC_URL': '/mailman3/static/'} COMPRESS_URL = '/mailman3/static/' COMPRESS_URL_PLACEHOLDER = '/__compressor_url_placeholder__/' COMPRESS_VERBOSE = False COMPRESS_YUGLIFY_BINARY = 'yuglify' COMPRESS_YUGLIFY_CSS_ARGUMENTS = '--terminal' COMPRESS_YUGLIFY_JS_ARGUMENTS = '--terminal' COMPRESS_YUI_BINARY = 'java -jar yuicompressor.jar' COMPRESS_YUI_CSS_ARGUMENTS = '' COMPRESS_YUI_JS_ARGUMENTS = '' CSRF_COOKIE_AGE = 31449600 CSRF_COOKIE_DOMAIN = None CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_PATH = '/' CSRF_COOKIE_SAMESITE = 'Lax' CSRF_COOKIE_SECURE = False CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN' CSRF_TRUSTED_ORIGINS = [] CSRF_USE_SESSIONS = False DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql', 'NAME': 'mailman', 'USER': 'mailman', 'PASSWORD': '********************', 'HOST': ‘X.X.X.X', 'PORT': '', 'OPTIONS': {'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", 'charset': 'utf8mb4'}, 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'TIME_ZONE': None, 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}} DATABASE_ROUTERS = [] DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440 DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000 DATETIME_FORMAT = 'N j, Y, P' DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y'] DATE_FORMAT = 'N j, Y' DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y'] DEBUG = False DEBUG_PROPAGATE_EXCEPTIONS = False DECIMAL_SEPARATOR = '.' DEFAULT_CHARSET = 'utf-8' DEFAULT_CONTENT_TYPE = 'text/html' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' DEFAULT_FROM_EMAIL = 'postorius@mailman.ardc.net <mailto:postorius@mailman.ardc.net>' DEFAULT_INDEX_TABLESPACE = '' DEFAULT_TABLESPACE = '' DISALLOWED_USER_AGENTS = [] EMAILNAME = 'mailman.ardc.net <http://mailman.ardc.net/>' EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_HOST_PASSWORD = '********************' EMAIL_HOST_USER = '' EMAIL_PORT = 25 EMAIL_SSL_CERTFILE = None EMAIL_SSL_KEYFILE = '********************' EMAIL_SUBJECT_PREFIX = '[Django] ' EMAIL_TIMEOUT = None EMAIL_USE_LOCALTIME = False EMAIL_USE_SSL = False EMAIL_USE_TLS = False FILE_CHARSET = 'utf-8' FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler'] FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_TEMP_DIR = None FILTER_VHOST = False FIRST_DAY_OF_WEEK = 0 FIXTURE_DIRS = [] FORCE_SCRIPT_NAME = None FORMAT_MODULE_PATH = None FORM_RENDERER = 'django.forms.renderers.DjangoTemplates' HAYSTACK_CONNECTIONS = {'default': {'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', 'PATH': '/var/lib/mailman3/web/fulltext_index'}} HOSTNAME = 'localhost.local' IGNORABLE_404_URLS = [] INSTALLED_APPS = "('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora')" INTERNAL_IPS = [] LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')] LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur'] LANGUAGE_CODE = 'en-us' LANGUAGE_COOKIE_AGE = None LANGUAGE_COOKIE_DOMAIN = None LANGUAGE_COOKIE_NAME = 'django_language' LANGUAGE_COOKIE_PATH = '/' LOCALE_PATHS = [] LOGGING = {'version': 1, 'disable_existing_loggers': False, 'filters': {'require_debug_false': {'()': 'django.utils.log.RequireDebugFalse'}}, 'handlers': {'mail_admins': {'level': 'ERROR', 'filters': ['require_debug_false'], 'class': 'django.utils.log.AdminEmailHandler'}, 'file': {'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': '/var/log/mailman3/web/mailman-web.log', 'formatter': 'verbose'}, 'console': {'class': 'logging.StreamHandler', 'formatter': 'simple'}}, 'loggers': {'django.request': {'handlers': ['mail_admins', 'file'], 'level': 'INFO', 'propagate': True}, 'django': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'hyperkitty': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'postorius': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}}, 'formatters': {'verbose': {'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s'}, 'simple': {'format': '%(levelname)s %(message)s'}}} LOGGING_CONFIG = 'logging.config.dictConfig' LOGIN_REDIRECT_URL = 'list_index' LOGIN_URL = 'account_login' LOGOUT_REDIRECT_URL = None LOGOUT_URL = 'account_logout' MAILMAN_ARCHIVER_FROM = "('127.0.0.1', '::1', '10.4.16.129', '44.1.1.29')" MAILMAN_ARCHIVER_KEY = '********************' MAILMAN_REST_API_PASS = '********************' MAILMAN_REST_API_URL = '********************' MAILMAN_REST_API_USER = '********************' MANAGERS = [] MEDIA_ROOT = '' MEDIA_URL = '' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' MESSAGE_TAGS = {40: 'danger'} MIDDLEWARE = "('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')" MIGRATION_MODULES = {} MONTH_DAY_FORMAT = 'F j' NUMBER_GROUPING = 0 PASSWORD_HASHERS = '********************' PASSWORD_RESET_TIMEOUT_DAYS = '********************' POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/ <http://localhost/mailman3/>' PREPEND_WWW = False Q_CLUSTER = {'timeout': 300, 'save_limit': 100, 'orm': 'default', 'poll': 5} ROOT_URLCONF = 'urls' SECRET_KEY = '********************' SECURE_BROWSER_XSS_FILTER = False SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_HSTS_INCLUDE_SUBDOMAINS = False SECURE_HSTS_PRELOAD = False SECURE_HSTS_SECONDS = 0 SECURE_PROXY_SSL_HEADER = None SECURE_REDIRECT_EXEMPT = [] SECURE_SSL_HOST = None SECURE_SSL_REDIRECT = False SERVER_EMAIL = 'root@mailman.ardc.net <mailto:root@mailman.ardc.net>' SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_AGE = 1209600 SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_PATH = '/' SESSION_COOKIE_SAMESITE = 'Lax' SESSION_COOKIE_SECURE = False SESSION_ENGINE = 'django.contrib.sessions.backends.db' SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_FILE_PATH = None SESSION_SAVE_EVERY_REQUEST = False SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' SETTINGS_MODULE = 'settings' SHORT_DATETIME_FORMAT = 'm/d/Y P' SHORT_DATE_FORMAT = 'm/d/Y' SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SILENCED_SYSTEM_CHECKS = [] SITE_ID = 1 SOCIALACCOUNT_PROVIDERS = {} STATICFILES_DIRS = '()' STATICFILES_FINDERS = "('django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 'compressor.finders.CompressorFinder')" STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' STATIC_ROOT = '/var/lib/mailman3/web/static' STATIC_URL = '/mailman3/static/' TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.i18n', 'django.template.context_processors.media', 'django.template.context_processors.static', 'django.template.context_processors.tz', 'django.template.context_processors.csrf', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'django_mailman3.context_processors.common', 'hyperkitty.context_processors.common', 'postorius.context_processors.postorius']}}] TEST_NON_SERIALIZED_APPS = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' THOUSAND_SEPARATOR = ',' TIME_FORMAT = 'P' TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M'] TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_THOUSAND_SEPARATOR = False USE_TZ = True USE_X_FORWARDED_HOST = True USE_X_FORWARDED_PORT = False WSGI_APPLICATION = 'wsgi.application' X_FRAME_OPTIONS = 'SAMEORIGIN' YEAR_MONTH_FORMAT = 'F Y’
You could use an application like fail2ban to watch your mailman/web logs and automatically firewall off attacking IP addresses which cause a lot of these errors in a defined window of time. This application is independent from mailman, and you can use it to protect against all kinds of brute force attacks. Ssh, web, mail - anything that creates a log file recording errors from remote IP addresses.
Just be careful when configuring it for remote servers so you don’t saw off the branch you’re sitting on…. I run a mail server for my family, and on one occasion a family member repeatedly got her password wrong which caused fail2ban to lock all of us out because it blocked our home NAT address, and I had to use my mobile phone to unblock us. :-)
Tim
On 14 Jul 2022, at 08:29, Lists via Mailman-users <mailman-users@mailman3.org> wrote:
Hi,
We are seeing thousands of these emails every day, looks like someone is trying to hack our Mailman3 but would appreciate someone with more knowledge of MM3 to confirm.
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error? also how do we stop/block this?
TIA and here is a typical email:
Subject: [Django] ERROR (EXTERNAL IP): Internal Server Error: /mailman3/accounts/fedora/login/
Internal Server Error: /mailman3/accounts/fedora/login/
TypeError at /accounts/fedora/login/ _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint'
Request Method: GET Request URL: https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/ <https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/> Django Version: 2.2.26 Python Executable: /usr/bin/uwsgi-core Python Version: 3.9.2 Python Path: ['.', '', '/usr/lib/python39.zip', '/usr/lib/python3.9', '/usr/lib/python3.9/lib-dynload', '/usr/local/lib/python3.9/dist-packages', '/usr/lib/python3/dist-packages', '/usr/lib/python3.9/dist-packages'] Server time: Thu, 14 Jul 2022 02:34:04 -0400 Installed Applications: ('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')
Traceback:
File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py" in inner 34. response = get_response(request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response 115. response = self.process_exception_by_middleware(e, request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response 113. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in view 71. return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in dispatch 97. return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in get 56. return self.post(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in post 67. client = _openid_consumer(request)
Exception Type: TypeError at /accounts/fedora/login/ Exception Value: _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint' Request information: USER: AnonymousUser
GET: process = 'login' next = '/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/'
POST: No POST data
FILES: No FILES data
COOKIES: No cookie data
META: CONTEXT_DOCUMENT_ROOT = '/var/www/html' CONTEXT_PREFIX = '' DOCUMENT_ROOT = '/var/www/html' GATEWAY_INTERFACE = 'CGI/1.1' HTTPS = 'on' HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' HTTP_ACCEPT_ENCODING = 'gzip,deflate' HTTP_CONNECTION = 'Keep-Alive' HTTP_HOST = 'mailman.ardc.net <http://mailman.ardc.net/>' HTTP_USER_AGENT = 'Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/ <http://webmeup-crawler.com/>)' PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' PATH_INFO = '/accounts/fedora/login/' QUERY_STRING = 'process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/' REMOTE_ADDR = '157.90.177.212' REMOTE_PORT = '63384' REQUEST_METHOD = 'GET' REQUEST_SCHEME = 'https' REQUEST_URI = '/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/' SCRIPT_FILENAME = 'proxy:uwsgi://localhost//accounts/fedora/login/' <uwsgi://localhost//accounts/fedora/login/'> SCRIPT_NAME = '/mailman3' SERVER_ADDR = '44.1.1.29' SERVER_ADMIN = 'postmaster@ardc.net <mailto:postmaster@ardc.net>' SERVER_NAME = 'mailman.ardc.net <http://mailman.ardc.net/>' SERVER_PORT = '443' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SIGNATURE = '<address>Apache/2.4.53 (Debian) Server at mailman.ardc.net <http://mailman.ardc.net/> Port 443</address>\n' SERVER_SOFTWARE = 'Apache/2.4.53 (Debian)' SSL_TLS_SNI = 'mailman.ardc.net <http://mailman.ardc.net/>' uwsgi.core = 1 uwsgi.node = b'mailman' uwsgi.version = b'2.0.19.1-debian' wsgi.errors = <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'> wsgi.file_wrapper = '' wsgi.input = <uwsgi._Input object at 0x7f8e0b4a0410> wsgi.multiprocess = False wsgi.multithread = True wsgi.run_once = False wsgi.url_scheme = 'https' wsgi.version = '(1, 0)'
Settings: Using settings module settings ABSOLUTE_URL_OVERRIDES = {} ACCOUNT_AUTHENTICATION_METHOD = 'username_email' ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = 'mandatory' ACCOUNT_UNIQUE_EMAIL = True ADMINS = "(('Mailman Suite Admin', 'postmaster@ardc.net <mailto:postmaster@ardc.net>'),)" ALLOWED_HOSTS = ['*'] APPEND_SLASH = True AUTHENTICATION_BACKENDS = "('django.contrib.auth.backends.ModelBackend', 'allauth.account.auth_backends.AuthenticationBackend')" AUTH_PASSWORD_VALIDATORS = '********************' AUTH_USER_MODEL = 'auth.User' BASE_DIR = '/usr/share/mailman3-web' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} CACHE_MIDDLEWARE_ALIAS = 'default' CACHE_MIDDLEWARE_KEY_PREFIX = '********************' CACHE_MIDDLEWARE_SECONDS = 600 COMPRESSORS = {'css': 'compressor.css.CssCompressor', 'js': 'compressor.js.JsCompressor'} COMPRESS_CACHEABLE_PRECOMPILERS = '()' COMPRESS_CACHE_BACKEND = 'default' COMPRESS_CACHE_KEY_FUNCTION = '********************' COMPRESS_CLEAN_CSS_ARGUMENTS = '' COMPRESS_CLEAN_CSS_BINARY = 'cleancss' COMPRESS_CLOSURE_COMPILER_ARGUMENTS = '' COMPRESS_CLOSURE_COMPILER_BINARY = 'java -jar compiler.jar' COMPRESS_CSS_HASHING_METHOD = 'mtime' COMPRESS_DATA_URI_MAX_SIZE = 1024 COMPRESS_DEBUG_TOGGLE = None COMPRESS_ENABLED = True COMPRESS_FILTERS = {'css': ['compressor.filters.css_default.CssAbsoluteFilter'], 'js': ['compressor.filters.jsmin.JSMinFilter']} COMPRESS_JINJA2_GET_ENVIRONMENT = <function CompressorConf.JINJA2_GET_ENVIRONMENT at 0x7f8e17d7a670> COMPRESS_MINT_DELAY = 30 COMPRESS_MTIME_DELAY = 10 COMPRESS_OFFLINE = True COMPRESS_OFFLINE_CONTEXT = {'STATIC_URL': '/mailman3/static/'} COMPRESS_OFFLINE_MANIFEST = 'manifest.json' COMPRESS_OFFLINE_TIMEOUT = 31536000 COMPRESS_OUTPUT_DIR = 'CACHE' COMPRESS_PARSER = 'compressor.parser.AutoSelectParser' COMPRESS_PRECOMPILERS = '()' COMPRESS_REBUILD_TIMEOUT = 2592000 COMPRESS_ROOT = '/var/lib/mailman3/web/static' COMPRESS_STORAGE = 'compressor.storage.CompressorFileStorage' COMPRESS_TEMPLATE_FILTER_CONTEXT = {'STATIC_URL': '/mailman3/static/'} COMPRESS_URL = '/mailman3/static/' COMPRESS_URL_PLACEHOLDER = '/__compressor_url_placeholder__/' COMPRESS_VERBOSE = False COMPRESS_YUGLIFY_BINARY = 'yuglify' COMPRESS_YUGLIFY_CSS_ARGUMENTS = '--terminal' COMPRESS_YUGLIFY_JS_ARGUMENTS = '--terminal' COMPRESS_YUI_BINARY = 'java -jar yuicompressor.jar' COMPRESS_YUI_CSS_ARGUMENTS = '' COMPRESS_YUI_JS_ARGUMENTS = '' CSRF_COOKIE_AGE = 31449600 CSRF_COOKIE_DOMAIN = None CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_PATH = '/' CSRF_COOKIE_SAMESITE = 'Lax' CSRF_COOKIE_SECURE = False CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN' CSRF_TRUSTED_ORIGINS = [] CSRF_USE_SESSIONS = False DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql', 'NAME': 'mailman', 'USER': 'mailman', 'PASSWORD': '********************', 'HOST': ‘X.X.X.X', 'PORT': '', 'OPTIONS': {'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", 'charset': 'utf8mb4'}, 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'TIME_ZONE': None, 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}} DATABASE_ROUTERS = [] DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440 DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000 DATETIME_FORMAT = 'N j, Y, P' DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y'] DATE_FORMAT = 'N j, Y' DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y'] DEBUG = False DEBUG_PROPAGATE_EXCEPTIONS = False DECIMAL_SEPARATOR = '.' DEFAULT_CHARSET = 'utf-8' DEFAULT_CONTENT_TYPE = 'text/html' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' DEFAULT_FROM_EMAIL = 'postorius@mailman.ardc.net <mailto:postorius@mailman.ardc.net>' DEFAULT_INDEX_TABLESPACE = '' DEFAULT_TABLESPACE = '' DISALLOWED_USER_AGENTS = [] EMAILNAME = 'mailman.ardc.net <http://mailman.ardc.net/>' EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_HOST_PASSWORD = '********************' EMAIL_HOST_USER = '' EMAIL_PORT = 25 EMAIL_SSL_CERTFILE = None EMAIL_SSL_KEYFILE = '********************' EMAIL_SUBJECT_PREFIX = '[Django] ' EMAIL_TIMEOUT = None EMAIL_USE_LOCALTIME = False EMAIL_USE_SSL = False EMAIL_USE_TLS = False FILE_CHARSET = 'utf-8' FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler'] FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_TEMP_DIR = None FILTER_VHOST = False FIRST_DAY_OF_WEEK = 0 FIXTURE_DIRS = [] FORCE_SCRIPT_NAME = None FORMAT_MODULE_PATH = None FORM_RENDERER = 'django.forms.renderers.DjangoTemplates' HAYSTACK_CONNECTIONS = {'default': {'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', 'PATH': '/var/lib/mailman3/web/fulltext_index'}} HOSTNAME = 'localhost.local' IGNORABLE_404_URLS = [] INSTALLED_APPS = "('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora')" INTERNAL_IPS = [] LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')] LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur'] LANGUAGE_CODE = 'en-us' LANGUAGE_COOKIE_AGE = None LANGUAGE_COOKIE_DOMAIN = None LANGUAGE_COOKIE_NAME = 'django_language' LANGUAGE_COOKIE_PATH = '/' LOCALE_PATHS = [] LOGGING = {'version': 1, 'disable_existing_loggers': False, 'filters': {'require_debug_false': {'()': 'django.utils.log.RequireDebugFalse'}}, 'handlers': {'mail_admins': {'level': 'ERROR', 'filters': ['require_debug_false'], 'class': 'django.utils.log.AdminEmailHandler'}, 'file': {'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': '/var/log/mailman3/web/mailman-web.log', 'formatter': 'verbose'}, 'console': {'class': 'logging.StreamHandler', 'formatter': 'simple'}}, 'loggers': {'django.request': {'handlers': ['mail_admins', 'file'], 'level': 'INFO', 'propagate': True}, 'django': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'hyperkitty': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'postorius': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}}, 'formatters': {'verbose': {'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s'}, 'simple': {'format': '%(levelname)s %(message)s'}}} LOGGING_CONFIG = 'logging.config.dictConfig' LOGIN_REDIRECT_URL = 'list_index' LOGIN_URL = 'account_login' LOGOUT_REDIRECT_URL = None LOGOUT_URL = 'account_logout' MAILMAN_ARCHIVER_FROM = "('127.0.0.1', '::1', '10.4.16.129', '44.1.1.29')" MAILMAN_ARCHIVER_KEY = '********************' MAILMAN_REST_API_PASS = '********************' MAILMAN_REST_API_URL = '********************' MAILMAN_REST_API_USER = '********************' MANAGERS = [] MEDIA_ROOT = '' MEDIA_URL = '' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' MESSAGE_TAGS = {40: 'danger'} MIDDLEWARE = "('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')" MIGRATION_MODULES = {} MONTH_DAY_FORMAT = 'F j' NUMBER_GROUPING = 0 PASSWORD_HASHERS = '********************' PASSWORD_RESET_TIMEOUT_DAYS = '********************' POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/ <http://localhost/mailman3/>' PREPEND_WWW = False Q_CLUSTER = {'timeout': 300, 'save_limit': 100, 'orm': 'default', 'poll': 5} ROOT_URLCONF = 'urls' SECRET_KEY = '********************' SECURE_BROWSER_XSS_FILTER = False SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_HSTS_INCLUDE_SUBDOMAINS = False SECURE_HSTS_PRELOAD = False SECURE_HSTS_SECONDS = 0 SECURE_PROXY_SSL_HEADER = None SECURE_REDIRECT_EXEMPT = [] SECURE_SSL_HOST = None SECURE_SSL_REDIRECT = False SERVER_EMAIL = 'root@mailman.ardc.net <mailto:root@mailman.ardc.net>' SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_AGE = 1209600 SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_PATH = '/' SESSION_COOKIE_SAMESITE = 'Lax' SESSION_COOKIE_SECURE = False SESSION_ENGINE = 'django.contrib.sessions.backends.db' SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_FILE_PATH = None SESSION_SAVE_EVERY_REQUEST = False SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' SETTINGS_MODULE = 'settings' SHORT_DATETIME_FORMAT = 'm/d/Y P' SHORT_DATE_FORMAT = 'm/d/Y' SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SILENCED_SYSTEM_CHECKS = [] SITE_ID = 1 SOCIALACCOUNT_PROVIDERS = {} STATICFILES_DIRS = '()' STATICFILES_FINDERS = "('django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 'compressor.finders.CompressorFinder')" STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' STATIC_ROOT = '/var/lib/mailman3/web/static' STATIC_URL = '/mailman3/static/' TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.i18n', 'django.template.context_processors.media', 'django.template.context_processors.static', 'django.template.context_processors.tz', 'django.template.context_processors.csrf', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'django_mailman3.context_processors.common', 'hyperkitty.context_processors.common', 'postorius.context_processors.postorius']}}] TEST_NON_SERIALIZED_APPS = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' THOUSAND_SEPARATOR = ',' TIME_FORMAT = 'P' TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M'] TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_THOUSAND_SEPARATOR = False USE_TZ = True USE_X_FORWARDED_HOST = True USE_X_FORWARDED_PORT = False WSGI_APPLICATION = 'wsgi.application' X_FRAME_OPTIONS = 'SAMEORIGIN' YEAR_MONTH_FORMAT = 'F Y’
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Hi Tim,
Yes, we use fail2ban already. I just wanted to check that this is actually being caused solely by the would be hackers and the “error” isn’t indicative of something we’ve configured wrong within MM3?
Also, this error doesn’t appear in the MM or Apache logs, it just gets emailed, so I am going to have to figure out how to turn on the appropriate logging in order to get fail2ban to monitor it. Any pointers in this regard would be gratefully received.
Thanks, Chris
On 14 Jul 2022, at 13:09, Tim Cutts <tim@thecutts.org> wrote:
You could use an application like fail2ban to watch your mailman/web logs and automatically firewall off attacking IP addresses which cause a lot of these errors in a defined window of time. This application is independent from mailman, and you can use it to protect against all kinds of brute force attacks. Ssh, web, mail - anything that creates a log file recording errors from remote IP addresses.
Just be careful when configuring it for remote servers so you don’t saw off the branch you’re sitting on…. I run a mail server for my family, and on one occasion a family member repeatedly got her password wrong which caused fail2ban to lock all of us out because it blocked our home NAT address, and I had to use my mobile phone to unblock us. :-)
Tim
On 14 Jul 2022, at 08:29, Lists via Mailman-users <mailman-users@mailman3.org <mailto:mailman-users@mailman3.org>> wrote:
Hi,
We are seeing thousands of these emails every day, looks like someone is trying to hack our Mailman3 but would appreciate someone with more knowledge of MM3 to confirm.
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error? also how do we stop/block this?
TIA and here is a typical email:
Subject: [Django] ERROR (EXTERNAL IP): Internal Server Error: /mailman3/accounts/fedora/login/
Internal Server Error: /mailman3/accounts/fedora/login/
TypeError at /accounts/fedora/login/ _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint'
Request Method: GET Request URL: https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/ <https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/><https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/ <https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/>> Django Version: 2.2.26 Python Executable: /usr/bin/uwsgi-core Python Version: 3.9.2 Python Path: ['.', '', '/usr/lib/python39.zip', '/usr/lib/python3.9', '/usr/lib/python3.9/lib-dynload', '/usr/local/lib/python3.9/dist-packages', '/usr/lib/python3/dist-packages', '/usr/lib/python3.9/dist-packages'] Server time: Thu, 14 Jul 2022 02:34:04 -0400 Installed Applications: ('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')
Traceback:
File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py" in inner 34. response = get_response(request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response 115. response = self.process_exception_by_middleware(e, request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response 113. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in view 71. return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in dispatch 97. return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in get 56. return self.post(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in post 67. client = _openid_consumer(request)
Exception Type: TypeError at /accounts/fedora/login/ Exception Value: _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint' Request information: USER: AnonymousUser
GET: process = 'login' next = '/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/hyperkitty/list/44net@mailman.ampr.org><mailto:mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/hyperkitty/list/44net@mailman.ampr.org>>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/'
POST: No POST data
FILES: No FILES data
COOKIES: No cookie data
META: CONTEXT_DOCUMENT_ROOT = '/var/www/html' CONTEXT_PREFIX = '' DOCUMENT_ROOT = '/var/www/html' GATEWAY_INTERFACE = 'CGI/1.1' HTTPS = 'on' HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' HTTP_ACCEPT_ENCODING = 'gzip,deflate' HTTP_CONNECTION = 'Keep-Alive' HTTP_HOST = 'mailman.ardc.net <http://mailman.ardc.net/> <http://mailman.ardc.net/ <http://mailman.ardc.net/>>' HTTP_USER_AGENT = 'Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/ <http://webmeup-crawler.com/> <http://webmeup-crawler.com/ <http://webmeup-crawler.com/>>)' PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' PATH_INFO = '/accounts/fedora/login/' QUERY_STRING = 'process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org><mailto:process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/' REMOTE_ADDR = '157.90.177.212' REMOTE_PORT = '63384' REQUEST_METHOD = 'GET' REQUEST_SCHEME = 'https' REQUEST_URI = '/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org><mailto:mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org <mailto:mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/' SCRIPT_FILENAME = 'proxy:uwsgi://localhost//accounts/fedora/login/' <uwsgi://localhost//accounts/fedora/login/'><uwsgi://localhost//accounts/fedora/login/' <uwsgi://localhost//accounts/fedora/login/'>> SCRIPT_NAME = '/mailman3' SERVER_ADDR = '44.1.1.29' SERVER_ADMIN = 'postmaster@ardc.net <mailto:postmaster@ardc.net> <mailto:postmaster@ardc.net <mailto:postmaster@ardc.net>>' SERVER_NAME = 'mailman.ardc.net <http://mailman.ardc.net/> <http://mailman.ardc.net/ <http://mailman.ardc.net/>>' SERVER_PORT = '443' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SIGNATURE = '<address>Apache/2.4.53 (Debian) Server at mailman.ardc.net <http://mailman.ardc.net/><http://mailman.ardc.net/ <http://mailman.ardc.net/>> Port 443</address>\n' SERVER_SOFTWARE = 'Apache/2.4.53 (Debian)' SSL_TLS_SNI = 'mailman.ardc.net <http://mailman.ardc.net/> <http://mailman.ardc.net/ <http://mailman.ardc.net/>>' uwsgi.core = 1 uwsgi.node = b'mailman' uwsgi.version = b'2.0.19.1-debian' wsgi.errors = <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'> wsgi.file_wrapper = '' wsgi.input = <uwsgi._Input object at 0x7f8e0b4a0410> wsgi.multiprocess = False wsgi.multithread = True wsgi.run_once = False wsgi.url_scheme = 'https' wsgi.version = '(1, 0)'
Settings: Using settings module settings ABSOLUTE_URL_OVERRIDES = {} ACCOUNT_AUTHENTICATION_METHOD = 'username_email' ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = 'mandatory' ACCOUNT_UNIQUE_EMAIL = True ADMINS = "(('Mailman Suite Admin', 'postmaster@ardc.net <mailto:postmaster@ardc.net><mailto:postmaster@ardc.net <mailto:postmaster@ardc.net>>'),)" ALLOWED_HOSTS = ['*'] APPEND_SLASH = True AUTHENTICATION_BACKENDS = "('django.contrib.auth.backends.ModelBackend', 'allauth.account.auth_backends.AuthenticationBackend')" AUTH_PASSWORD_VALIDATORS = '********************' AUTH_USER_MODEL = 'auth.User' BASE_DIR = '/usr/share/mailman3-web' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} CACHE_MIDDLEWARE_ALIAS = 'default' CACHE_MIDDLEWARE_KEY_PREFIX = '********************' CACHE_MIDDLEWARE_SECONDS = 600 COMPRESSORS = {'css': 'compressor.css.CssCompressor', 'js': 'compressor.js.JsCompressor'} COMPRESS_CACHEABLE_PRECOMPILERS = '()' COMPRESS_CACHE_BACKEND = 'default' COMPRESS_CACHE_KEY_FUNCTION = '********************' COMPRESS_CLEAN_CSS_ARGUMENTS = '' COMPRESS_CLEAN_CSS_BINARY = 'cleancss' COMPRESS_CLOSURE_COMPILER_ARGUMENTS = '' COMPRESS_CLOSURE_COMPILER_BINARY = 'java -jar compiler.jar' COMPRESS_CSS_HASHING_METHOD = 'mtime' COMPRESS_DATA_URI_MAX_SIZE = 1024 COMPRESS_DEBUG_TOGGLE = None COMPRESS_ENABLED = True COMPRESS_FILTERS = {'css': ['compressor.filters.css_default.CssAbsoluteFilter'], 'js': ['compressor.filters.jsmin.JSMinFilter']} COMPRESS_JINJA2_GET_ENVIRONMENT = <function CompressorConf.JINJA2_GET_ENVIRONMENT at 0x7f8e17d7a670> COMPRESS_MINT_DELAY = 30 COMPRESS_MTIME_DELAY = 10 COMPRESS_OFFLINE = True COMPRESS_OFFLINE_CONTEXT = {'STATIC_URL': '/mailman3/static/'} COMPRESS_OFFLINE_MANIFEST = 'manifest.json' COMPRESS_OFFLINE_TIMEOUT = 31536000 COMPRESS_OUTPUT_DIR = 'CACHE' COMPRESS_PARSER = 'compressor.parser.AutoSelectParser' COMPRESS_PRECOMPILERS = '()' COMPRESS_REBUILD_TIMEOUT = 2592000 COMPRESS_ROOT = '/var/lib/mailman3/web/static' COMPRESS_STORAGE = 'compressor.storage.CompressorFileStorage' COMPRESS_TEMPLATE_FILTER_CONTEXT = {'STATIC_URL': '/mailman3/static/'} COMPRESS_URL = '/mailman3/static/' COMPRESS_URL_PLACEHOLDER = '/__compressor_url_placeholder__/' COMPRESS_VERBOSE = False COMPRESS_YUGLIFY_BINARY = 'yuglify' COMPRESS_YUGLIFY_CSS_ARGUMENTS = '--terminal' COMPRESS_YUGLIFY_JS_ARGUMENTS = '--terminal' COMPRESS_YUI_BINARY = 'java -jar yuicompressor.jar' COMPRESS_YUI_CSS_ARGUMENTS = '' COMPRESS_YUI_JS_ARGUMENTS = '' CSRF_COOKIE_AGE = 31449600 CSRF_COOKIE_DOMAIN = None CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_PATH = '/' CSRF_COOKIE_SAMESITE = 'Lax' CSRF_COOKIE_SECURE = False CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN' CSRF_TRUSTED_ORIGINS = [] CSRF_USE_SESSIONS = False DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql', 'NAME': 'mailman', 'USER': 'mailman', 'PASSWORD': '********************', 'HOST': ‘X.X.X.X', 'PORT': '', 'OPTIONS': {'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", 'charset': 'utf8mb4'}, 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'TIME_ZONE': None, 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}} DATABASE_ROUTERS = [] DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440 DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000 DATETIME_FORMAT = 'N j, Y, P' DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y'] DATE_FORMAT = 'N j, Y' DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y'] DEBUG = False DEBUG_PROPAGATE_EXCEPTIONS = False DECIMAL_SEPARATOR = '.' DEFAULT_CHARSET = 'utf-8' DEFAULT_CONTENT_TYPE = 'text/html' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' DEFAULT_FROM_EMAIL = 'postorius@mailman.ardc.net <mailto:postorius@mailman.ardc.net><mailto:postorius@mailman.ardc.net <mailto:postorius@mailman.ardc.net>>' DEFAULT_INDEX_TABLESPACE = '' DEFAULT_TABLESPACE = '' DISALLOWED_USER_AGENTS = [] EMAILNAME = 'mailman.ardc.net <http://mailman.ardc.net/> <http://mailman.ardc.net/ <http://mailman.ardc.net/>>' EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_HOST_PASSWORD = '********************' EMAIL_HOST_USER = '' EMAIL_PORT = 25 EMAIL_SSL_CERTFILE = None EMAIL_SSL_KEYFILE = '********************' EMAIL_SUBJECT_PREFIX = '[Django] ' EMAIL_TIMEOUT = None EMAIL_USE_LOCALTIME = False EMAIL_USE_SSL = False EMAIL_USE_TLS = False FILE_CHARSET = 'utf-8' FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler'] FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_TEMP_DIR = None FILTER_VHOST = False FIRST_DAY_OF_WEEK = 0 FIXTURE_DIRS = [] FORCE_SCRIPT_NAME = None FORMAT_MODULE_PATH = None FORM_RENDERER = 'django.forms.renderers.DjangoTemplates' HAYSTACK_CONNECTIONS = {'default': {'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', 'PATH': '/var/lib/mailman3/web/fulltext_index'}} HOSTNAME = 'localhost.local' IGNORABLE_404_URLS = [] INSTALLED_APPS = "('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora')" INTERNAL_IPS = [] LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')] LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur'] LANGUAGE_CODE = 'en-us' LANGUAGE_COOKIE_AGE = None LANGUAGE_COOKIE_DOMAIN = None LANGUAGE_COOKIE_NAME = 'django_language' LANGUAGE_COOKIE_PATH = '/' LOCALE_PATHS = [] LOGGING = {'version': 1, 'disable_existing_loggers': False, 'filters': {'require_debug_false': {'()': 'django.utils.log.RequireDebugFalse'}}, 'handlers': {'mail_admins': {'level': 'ERROR', 'filters': ['require_debug_false'], 'class': 'django.utils.log.AdminEmailHandler'}, 'file': {'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': '/var/log/mailman3/web/mailman-web.log', 'formatter': 'verbose'}, 'console': {'class': 'logging.StreamHandler', 'formatter': 'simple'}}, 'loggers': {'django.request': {'handlers': ['mail_admins', 'file'], 'level': 'INFO', 'propagate': True}, 'django': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'hyperkitty': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'postorius': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}}, 'formatters': {'verbose': {'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s'}, 'simple': {'format': '%(levelname)s %(message)s'}}} LOGGING_CONFIG = 'logging.config.dictConfig' LOGIN_REDIRECT_URL = 'list_index' LOGIN_URL = 'account_login' LOGOUT_REDIRECT_URL = None LOGOUT_URL = 'account_logout' MAILMAN_ARCHIVER_FROM = "('127.0.0.1', '::1', '10.4.16.129', '44.1.1.29')" MAILMAN_ARCHIVER_KEY = '********************' MAILMAN_REST_API_PASS = '********************' MAILMAN_REST_API_URL = '********************' MAILMAN_REST_API_USER = '********************' MANAGERS = [] MEDIA_ROOT = '' MEDIA_URL = '' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' MESSAGE_TAGS = {40: 'danger'} MIDDLEWARE = "('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')" MIGRATION_MODULES = {} MONTH_DAY_FORMAT = 'F j' NUMBER_GROUPING = 0 PASSWORD_HASHERS = '********************' PASSWORD_RESET_TIMEOUT_DAYS = '********************' POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/ <http://localhost/mailman3/><http://localhost/mailman3/ <http://localhost/mailman3/>>' PREPEND_WWW = False Q_CLUSTER = {'timeout': 300, 'save_limit': 100, 'orm': 'default', 'poll': 5} ROOT_URLCONF = 'urls' SECRET_KEY = '********************' SECURE_BROWSER_XSS_FILTER = False SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_HSTS_INCLUDE_SUBDOMAINS = False SECURE_HSTS_PRELOAD = False SECURE_HSTS_SECONDS = 0 SECURE_PROXY_SSL_HEADER = None SECURE_REDIRECT_EXEMPT = [] SECURE_SSL_HOST = None SECURE_SSL_REDIRECT = False SERVER_EMAIL = 'root@mailman.ardc.net <mailto:root@mailman.ardc.net> <mailto:root@mailman.ardc.net <mailto:root@mailman.ardc.net>>' SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_AGE = 1209600 SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_PATH = '/' SESSION_COOKIE_SAMESITE = 'Lax' SESSION_COOKIE_SECURE = False SESSION_ENGINE = 'django.contrib.sessions.backends.db' SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_FILE_PATH = None SESSION_SAVE_EVERY_REQUEST = False SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' SETTINGS_MODULE = 'settings' SHORT_DATETIME_FORMAT = 'm/d/Y P' SHORT_DATE_FORMAT = 'm/d/Y' SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SILENCED_SYSTEM_CHECKS = [] SITE_ID = 1 SOCIALACCOUNT_PROVIDERS = {} STATICFILES_DIRS = '()' STATICFILES_FINDERS = "('django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 'compressor.finders.CompressorFinder')" STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' STATIC_ROOT = '/var/lib/mailman3/web/static' STATIC_URL = '/mailman3/static/' TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.i18n', 'django.template.context_processors.media', 'django.template.context_processors.static', 'django.template.context_processors.tz', 'django.template.context_processors.csrf', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'django_mailman3.context_processors.common', 'hyperkitty.context_processors.common', 'postorius.context_processors.postorius']}}] TEST_NON_SERIALIZED_APPS = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' THOUSAND_SEPARATOR = ',' TIME_FORMAT = 'P' TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M'] TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_THOUSAND_SEPARATOR = False USE_TZ = True USE_X_FORWARDED_HOST = True USE_X_FORWARDED_PORT = False WSGI_APPLICATION = 'wsgi.application' X_FRAME_OPTIONS = 'SAMEORIGIN' YEAR_MONTH_FORMAT = 'F Y’
Mailman-users mailing list -- mailman-users@mailman3.org <mailto:mailman-users@mailman3.org> To unsubscribe send an email to mailman-users-leave@mailman3.org <mailto:mailman-users-leave@mailman3.org> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ <https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/>
Mailman-users mailing list -- mailman-users@mailman3.org <mailto:mailman-users@mailman3.org> To unsubscribe send an email to mailman-users-leave@mailman3.org <mailto:mailman-users-leave@mailman3.org> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ <https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/>
On 7/14/22 5:19 AM, Lists via Mailman-users wrote:
Also, this error doesn’t appear in the MM or Apache logs, it just gets emailed, so I am going to have to figure out how to turn on the appropriate logging in order to get fail2ban to monitor it. Any pointers in this regard would be gratefully received.
This error comes from Django. Django logging is configured in its settings, i.e. settings[_local].py or whereever you have them.
I am curently traveling and on my way home and don't have time to provide more details, but if you need help, ask and I or someone will respond.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 7/14/22 08:19, Lists via Mailman-users wrote:
Also, this error doesn’t appear in the MM or Apache logs, it just gets emailed, so I am going to have to figure out how to turn on the appropriate logging in order to get fail2ban to monitor it. Any pointers in this regard would be gratefully received.
We're getting hit with this BS all the time too. This is what happens when we can no longer spank our children.
For fail2ban, here's my jail.local entry:
[django-local] enabled = true port = http,https filter = django-local action = ipfilter logpath = /var/log/mailman3/web/mailman-web.log maxretry = 1 findtime = 21600 bantime = 604800
...and my filters/django-local.conf file:
[Definition] failregex = ^\[pid.*\] <HOST> .*GET /mailman3/accounts/fedora/login ignoreregex =
I don't know if this is optimal, but it works, and it's catching these little idiots left and right, a few dozen per day. My platform is Solaris (SmartOS).
-Dave-- Dave McGuire, AK4HZ New Kensington, PA
Dave McGuire writes:
We're getting hit with this BS all the time too. This is what happens when we can no longer spank our children.
I don't think it's all script kiddies, though. I actually look at this stuff rather than automating with fail2ban. Among other things there are attackers who have access to /16s and I'm not interested in whack-a-mole *sigh*. I also follow some of the usual suspects on Twitter (eg, @briankrebs) and I've seen at least two brand-new CVEs show up on my site in the same week.
For fail2ban, here's my jail.local entry:
Thanks! I'm sure this will be helpful to several users.
I don't know if this is optimal, but it works, and it's catching these little idiots left and right, a few dozen per day. My platform is Solaris (SmartOS).
My site is small, but I only see 0-10 (weighted to the low end) a day. You might want to sort the blocklist and ban a few netblocks if you haven't done that already. In one case (sorry, I forget the domain) I ended up searching out a domain's netblocks and banning all 3 of them.
Steve
On 7/15/22 01:21, Stephen J. Turnbull wrote:
We're getting hit with this BS all the time too. This is what happens when we can no longer spank our children.
I don't think it's all script kiddies, though. I actually look at this stuff rather than automating with fail2ban.
I used to look at them, for over a year, until I got fed up with it. It was taking way too much time away from the work I was supposed to be doing. I figured that I probably wouldn't be able to find the delinquent little twats that were doing it and break their fingers, so I finally bit the bullet and dealt with fail2ban's awful configuration system. Now I just check it every week or two and see the number of blocked IP addresses steadily growing, and smile.
Among other things there are attackers who have access to /16s and I'm not interested in whack-a-mole *sigh*. I also follow some of the usual suspects on Twitter (eg, @briankrebs) and I've seen at least two brand-new CVEs show up on my site in the same week.
Right now I see over a hundred individual IP addresses in 114.119.137/24 in my list, yes.
For fail2ban, here's my jail.local entry:
Thanks! I'm sure this will be helpful to several users.
I hope so. If I can spare anyone else the pain of spending two solid hours with fail2ban's configuration-system-of-questionable-judgment, I'll count that as a win.
I don't know if this is optimal, but it works, and it's catching these little idiots left and right, a few dozen per day. My platform is Solaris (SmartOS).
My site is small, but I only see 0-10 (weighted to the low end) a day. You might want to sort the blocklist and ban a few netblocks if you haven't done that already. In one case (sorry, I forget the domain) I ended up searching out a domain's netblocks and banning all 3 of them.
Thanks, that's a good idea. Maybe I'll write a little script to do it.
-Dave-- Dave McGuire, AK4HZ New Kensington, PA
On Jul 15, 2022, at 8:40 AM, Dave McGuire <mcguire@neurotica.com> wrote:
For fail2ban, here's my jail.local entry: Thanks! I'm sure this will be helpful to several users.
I hope so. If I can spare anyone else the pain of spending two solid hours with fail2ban's configuration-system-of-questionable-judgment, I'll count that as a win.
Hah. I grew up on pre-m4 sendmail configs, so fail2ban seems pretty middle-of-the-road by comparison.
- Mark <— old
mark@pdc-racing.net | 408-348-2878
On 7/15/22 12:02, Mark Dadgar wrote:
For fail2ban, here's my jail.local entry: Thanks! I'm sure this will be helpful to several users.
I hope so. If I can spare anyone else the pain of spending two solid hours with fail2ban's configuration-system-of-questionable-judgment, I'll count that as a win.
Hah. I grew up on pre-m4 sendmail configs, so fail2ban seems pretty middle-of-the-road by comparison.
- Mark <— old
I'm right there with you, olde pfarte. m4 sure did make things nice. I just expect much better configuration systems by now, for such commonly-used software.
The all-time winner has to be amavisd. A configuration file that's actually a Perl script? Come ON.
-Dave-- Dave McGuire, AK4HZ New Kensington, PA
On Jul 15, 2022, at 9:15 AM, Dave McGuire <mcguire@neurotica.com> wrote:
On 7/15/22 12:02, Mark Dadgar wrote:
For fail2ban, here's my jail.local entry: Thanks! I'm sure this will be helpful to several users.
I hope so. If I can spare anyone else the pain of spending two solid hours with fail2ban's configuration-system-of-questionable-judgment, I'll count that as a win. Hah. I grew up on pre-m4 sendmail configs, so fail2ban seems pretty middle-of-the-road by comparison.
- Mark <— old
I'm right there with you, olde pfarte. m4 sure did make things nice. I just expect much better configuration systems by now, for such commonly-used software.
The day I replaced my last sendmail instance with postfix involved no small amount of Scotch.
The all-time winner has to be amavisd. A configuration file that's actually a Perl script? Come ON.
This literally made me laugh out loud. 😁
- Mark
mark@pdc-racing.net | 408-348-2878
De: Mark Dadgar <mark@pdc-racing.net>
On Jul 15, 2022, at 9:15 AM, Dave McGuire <mcguire@neurotica.com> wrote:
On 7/15/22 12:02, Mark Dadgar wrote:
I'm right there with you, olde pfarte. m4 sure did make things nice. I just expect much better configuration systems by now, for such commonly-used software.
The day I replaced my last sendmail instance with postfix involved no small amount of Scotch.
Will you both please stop showing off your age? There are more dinosaurs lurking in this list 😂😂😂😜😜😜😂😂😂
The all-time winner has to be amavisd. A configuration file that's actually a Perl script? Come ON.
This literally made me laugh out loud. 😁
Well, Django settings.py is also a script, "problem" is that Perl is WO while Python is RW 😜😜
-- Victoriano Giralt Sent from a hand held device
On 15 Jul 2022, at 17:15, Dave McGuire <mcguire@neurotica.com> wrote:
On 7/15/22 12:02, Mark Dadgar wrote:
For fail2ban, here's my jail.local entry: Thanks! I'm sure this will be helpful to several users.
I hope so. If I can spare anyone else the pain of spending two solid hours with fail2ban's configuration-system-of-questionable-judgment, I'll count that as a win. Hah. I grew up on pre-m4 sendmail configs, so fail2ban seems pretty middle-of-the-road by comparison.
- Mark <— old
I'm right there with you, olde pfarte. m4 sure did make things nice. I just expect much better configuration systems by now, for such commonly-used software.
The all-time winner has to be amavisd. A configuration file that's actually a Perl script? Come ON.
I am loving this thread, even though it’s somewhat irrelevant to Mailman3! It’s made me laugh out loud a couple of time!
What is it about spam filter apps and hideous configuration? I currently use rspamd, which is quite effective but also has horrible configuration syntax. Very complex, and half of it seems to be in Lua.
Sendmail was hateful. I moved to exim in its very early days (about 1996) purely because its config file was so easy to understand (and also because Phil Hazel worked about 200 metres away if I had an issue). More recently I’ve switched to Postfix because it seems to have the most mindshare, but its configuration is really horrible compared to exim and I may switch back - if you’ve got complex mail routing to do (and I think running mailing lists counts) it’s much much simpler to debug what’s going on with exim than with postfix. Postfix configs are nice for simple cases, but rapidly become impenetrable once you add milters, mailing lists, DKIM and whatnot.
Tim
Tim Cutts writes:
On 15 Jul 2022, at 17:15, Dave McGuire <mcguire@neurotica.com> wrote:
The all-time winner has to be amavisd. A configuration file that's actually a Perl script? Come ON.
Aside: Mailman resembles that remark, except that it's not even consistent about using Python modules (close enough to script), there's also some .ini (at least for builds) and even ZCML hanging around!
I am loving this thread, even though it’s somewhat irrelevant to Mailman3! It’s made me laugh out loud a couple of time!
Yes!
Sendmail was hateful. I moved to exim in its very early days (about 1996) purely because its config file was so easy to understand
Yeah, I did the same except it was Smail in 1995, and a few months later the computer committee hauled me in because Smail allowed me to *configure* refuse-to-relay but didn't actually implement it until about 3 days after the dressing-down. :-D
Postfix configs are nice for simple cases, but rapidly become impenetrable once you add milters, mailing lists, DKIM and whatnot.
That's interesting that you say that, because I'm running Exim4 out of Debian packaging, using "conf.d" organization and the update-update-conf (IIRC) script to turn that back into the monolith that Exim expects. I've found I can generally keep my Mailman configs to about 3 files (one for sitewide #defines, one for routing, one for transport) but it makes me nervous about how it interacts with the rest of the system. The monolith, of course, is unreadable and order-dependent....
I guess that just comes with the territory, mail routing *is* complex.
If you look at the Debian history for the exim package (https://tracker.debian.org/media/packages/e/exim4/copyright-4.89-2deb9u8), that it was me that first packaged it for Debian, but the current rather complex ways of configuring it came long after I handed the package over to others. The original configuration system I used was derived from the smail package of the time.
So I’m sorry. :-)
Tim
On 16 Jul 2022, at 08:29, Stephen J. Turnbull <stephenjturnbull@gmail.com> wrote:
That's interesting that you say that, because I'm running Exim4 out of Debian packaging, using "conf.d" organization and the update-update-conf (IIRC) script to turn that back into the monolith that Exim expects. I've found I can generally keep my Mailman configs to about 3 files (one for sitewide #defines, one for routing, one for transport) but it makes me nervous about how it interacts with the rest of the system. The monolith, of course, is unreadable and order-dependent....
Tim Cutts writes:
If you look at the Debian history for the exim package (https://tracker.debian.org/media/packages/e/exim4/copyright-4.89-2deb9u8), that it was me that first packaged it for Debian, but the current rather complex ways of configuring it came long after I handed the package over to others. The original configuration system I used was derived from the smail package of the time.
Oh, I understand why Debian does things the way they do. I don't have a problem with this most of the time, I just like to "know stuff".
So I’m sorry. :-)
Well, then, thanks! and no apologies needed. ;-)
Tim Cutts writes:
Just be careful when configuring it for remote servers so you don’t saw off the branch you’re sitting on….
Great story, love to hear them!
(Not repeating because the point is it's a great story, not to beat on Tim. If you have need to know -- and we all do -- go look it up in the archives. ;-)
Steve
Lists via Mailman-users writes:
We are seeing thousands of these emails every day, looks like someone is trying to hack our Mailman3 but would appreciate someone with more knowledge of MM3 to confirm.
Who is "we"? Specifically, do you have something to do with the Fedora Project (Linux distribution)?
To be honest, this looks to me more like collateral damage from a web crawler than a hacking attempt. It's a real service offered by your server (unlike a lot of the bogus requests I see). More below.
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error?
I don't think this is a Mailman message, but from Django, or perhaps the 'django_mailman3.lib.auth.fedora' application (not sure whether that's our code, despite the name it's probably calling into code we borrow from Fedora). I'll look into an upstream bug report if this isn't in our code.
also how do we stop/block this?
- Put that URL in robots.txt to keep honest crawlers out (see analysis of example report below).
- Firewall bad bots and script kiddies. That's what I do, anyway.
- Also, if you aren't associated with the Fedora project, you might want to disable the Fedora social auth login (remove it from the installed applications in settings.py). You should be careful about that, because there's a chance some of your users depend on it.
I'm surprised at the "thousands" part. I'd have to see a sample of 10 or 20, and know something about your site, to judge whether *you* are under attack, or if it's just a bunch of low-tech crawleres and kiddies. I see up to a couple hundred a day, with most being attempts to access actual resources via the IP address rather than the domain. Over a couple of years I've banned 772 separate IP addresses (maybe a dozen are netblocks, mostly /24s, but a couple of /16s). I suppose that cuts down the number I see by quite a bit.
Subject: [Django] ERROR (EXTERNAL IP): Internal Server Error: /mailman3/accounts/fedora/login/
Internal Server Error: /mailman3/accounts/fedora/login/
TypeError at /accounts/fedora/login/ _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint' Request URL: https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/
This looks like somebody tried to access the "44net" mailing list archive, maybe legitimately but for some reason didn't provide credentials.
This could be script kiddies or perhaps somewhat clumsy reconnaissance to see what social auth you support (although they're usually more secure than passwords). However, REMOTE_ADDR = '157.90.177.212' resolves to 212.177.90.157.in-addr.arpa domain name pointer ninja-crawler64.webmeup.com., which looks like a legitimate but naive web crawler to me. That would explain why they hit the right address (they got the login URL from your top page, and then the provide credentials URL from the login page, and then the submit button). They were just hitting every URL they could parse.
Traceback:
Nothing unexpected there, or in the rest of the diagnostic information.
Steve
Hi Steve,
No, we’re nothing to do with Fedora, we just run a few low volume mailing lists for our members.
Happy to send you example error emails, I received 1,987 in the past 24 hours. They seem to come in waves, it’s particularly bad right now, but it will die off to a lower level for a while, then hit a peak again in a week or so.
Let me know how many examples you want and I will send them direct to your email.
Thanks, Chris
On 14 Jul 2022, at 13:33, Stephen J. Turnbull <stephenjturnbull@gmail.com> wrote:
Lists via Mailman-users writes:
We are seeing thousands of these emails every day, looks like someone is trying to hack our Mailman3 but would appreciate someone with more knowledge of MM3 to confirm.
Who is "we"? Specifically, do you have something to do with the Fedora Project (Linux distribution)?
To be honest, this looks to me more like collateral damage from a web crawler than a hacking attempt. It's a real service offered by your server (unlike a lot of the bogus requests I see). More below.
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error?
I don't think this is a Mailman message, but from Django, or perhaps the 'django_mailman3.lib.auth.fedora' application (not sure whether that's our code, despite the name it's probably calling into code we borrow from Fedora). I'll look into an upstream bug report if this isn't in our code.
also how do we stop/block this?
- Put that URL in robots.txt to keep honest crawlers out (see analysis of example report below).
- Firewall bad bots and script kiddies. That's what I do, anyway.
- Also, if you aren't associated with the Fedora project, you might want to disable the Fedora social auth login (remove it from the installed applications in settings.py). You should be careful about that, because there's a chance some of your users depend on it.
I'm surprised at the "thousands" part. I'd have to see a sample of 10 or 20, and know something about your site, to judge whether *you* are under attack, or if it's just a bunch of low-tech crawleres and kiddies. I see up to a couple hundred a day, with most being attempts to access actual resources via the IP address rather than the domain. Over a couple of years I've banned 772 separate IP addresses (maybe a dozen are netblocks, mostly /24s, but a couple of /16s). I suppose that cuts down the number I see by quite a bit.
Subject: [Django] ERROR (EXTERNAL IP): Internal Server Error: /mailman3/accounts/fedora/login/
Internal Server Error: /mailman3/accounts/fedora/login/
TypeError at /accounts/fedora/login/ _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint' Request URL: https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/
This looks like somebody tried to access the "44net" mailing list archive, maybe legitimately but for some reason didn't provide credentials.
This could be script kiddies or perhaps somewhat clumsy reconnaissance to see what social auth you support (although they're usually more secure than passwords). However, REMOTE_ADDR = '157.90.177.212' resolves to 212.177.90.157.in-addr.arpa domain name pointer ninja-crawler64.webmeup.com., which looks like a legitimate but naive web crawler to me. That would explain why they hit the right address (they got the login URL from your top page, and then the provide credentials URL from the login page, and then the submit button). They were just hitting every URL they could parse.
Traceback:
Nothing unexpected there, or in the rest of the diagnostic information.
Steve
Lists via Mailman-users writes:
No, we’re nothing to do with Fedora, we just run a few low volume mailing lists for our members.
I would disable the fedora auth application as described in my previous mail, then. I wouldn't worry too much about the possibility that there are users of the feature, if there are people with Fedora accounts, they are sophisticated users who know how to request it be reenabled.
Happy to send you example error emails, I received 1,987 in the past 24 hours. They seem to come in waves, it’s particularly bad right now, but it will die off to a lower level for a while, then hit a peak again in a week or so.
This is how it would behave if web crawlers are the problem. Do you have a robots.txt file? If so, is your Django site protected?
https://developers.google.com/search/docs/advanced/robots/intro https://robotstxt.org/
Note that if you decide to adopt Tim's suggestion of fail2ban, you probably need a robots.txt file, if there's *anything* on your site that you want indexed, you don't want the crawlers banned.
Let me know how many examples you want and I will send them direct to your email.
OK, but first let's try the low hanging fruit.
Steve
On 7/14/22 12:29 AM, Lists via Mailman-users wrote:
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error? also how do we stop/block this?
You have Fedora enabled as one of your social account oAuth providers, but it is may be misconfigured or just broken?. Is it possible to log in via fedora at all? If you don't want/need it, just remove it.
I am curently traveling and on my way home and don't have time to provide details of removal, but if you need help, ask and I or someone will respond.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (7)
-
Dave McGuire -
Lists -
Mark Dadgar -
Mark Sapiro -
Stephen J. Turnbull -
Tim Cutts -
Victoriano Giralt