On 08/03/2018 01:42 PM, David Galloway wrote: > Hi all, > > Yesterday, tracker.ceph.com was the target of a spam attack. The > Redmine REST API was used to create bogus accounts which went on to > create over a thousand bogus Redmine issues. The API was disabled > yesterday morning to stop the attack. > > I've put some measures in place this morning to rate limit account > creations and prevent issues from getting created via the API entirely. > The API was re-enabled around 13:30 UTC today. > > A remaining side effect of the attack is the VM which Redmine is hosted > on has been blocked from sending outgoing e-mails. All outgoing e-mail > has been deferred since yesterday at 11:41 UTC. > Outgoing mail is being processed again. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
