On 08/10/2018 09:09 PM, David Galloway wrote: > > On 08/06/2018 11:10 AM, David Galloway wrote: >> >> >> On 08/06/2018 10:55 AM, David Galloway wrote: >>> >>> On 08/03/2018 01:42 PM, David Galloway wrote: >>>> Hi all, >>>> >>>> Yesterday, tracker.ceph.com was the target of a spam attack. The >>>> Redmine REST API was used to create bogus accounts which went on to >>>> create over a thousand bogus Redmine issues. The API was disabled >>>> yesterday morning to stop the attack. >>>> >>>> I've put some measures in place this morning to rate limit account >>>> creations and prevent issues from getting created via the API entirely. >>>> The API was re-enabled around 13:30 UTC today. >>>> >>>> A remaining side effect of the attack is the VM which Redmine is hosted >>>> on has been blocked from sending outgoing e-mails. All outgoing e-mail >>>> has been deferred since yesterday at 11:41 UTC. >>>> >>> >>> Outgoing mail is being processed again. >> >> I spoke too soon. As soon as mail started going out again, we got >> blacklisted from all the queued mail going out at once. >> >> I put some throttling in place and deleted all the outgoing messages >> with the spammer's domain in them. Will hopefully be back in business soon. > > Just wanted to provide an update on outgoing tracker e-mails. > > Our IP kept getting blocked by OVH's automated anti-spam system within 2 > e-mails after unblocking the IP. > > I implemented an SPF DNS record as well as DKIM e-mail signing today as > per OVH's recommendation and the IP got blocked again. > > I've asked OVH for additional recommendations on how to remedy the > situation. So for now, unfortunately, tracker/Redmine is still blocked > from sending outgoing e-mails. > > Really sorry for the inconvenience. > Tracker e-mails have been going out for 24 hours now. I think we're good again!
