[Systems] Hacked content detected on http://www.sugarlabs.org/
Bernie Innocenti
bernie at codewiz.org
Thu Oct 15 07:53:24 EDT 2015
Hurray!
I'm typing this offline from Cuba, but I saw Sam's new site a few months ago and it was truly awesome.
Sam, how do we update the new site? Is it in a git repo?
Could you delete the symlinks in sites-enabled on sunjammer and rename the www directory to something like www.DELETEME so it's clear it's not used any more?
Now that sunjammer is hosting fewer critical services, I would feel comfortable upgrading it. The only thing we must be careful about is not breaking email.
On October 14, 2015 6:06:28 PM EDT, James Cameron <quozl at laptop.org> wrote:
>Looks good now.
>
>@Walter, a wider announcement of the update?
>
>On Wed, Oct 14, 2015 at 07:05:50PM +1100, Sam P. wrote:
>> Great. I've migrated www and @ to freedom. You should see the newer
>site when
>> your dns updates.
>>
>> It's now on freedom, so HTTPS and HSTS on that sub domain. Be warned
>of that
>> if we need to migrate back to sunjammer.
>>
>> On Wed, Oct 14, 2015 at 6:10 PM, Ignacio Rodríguez
><[1]nachoel01 at gmail.com>
>> wrote:
>>
>> Wow.
>>
>> Nice work Sam, it looks nice and user friendly,
>> so I think we should put it ASAP and disable php (or simply don't
>use
>> it) for [2]http://sugarlabs.org in apache settings (I think that
>is
>> possible, correct me if I'm wrong)
>>
>> Greetings
>>
>> 2015-10-14 3:54 GMT-03:00, Sam P. <sam at sam.today>:
>> > Ok, so changed the new static site to hide all of the todos and
>stuff:
>> > [3]http://www.sam.today/
>> >
>> > When you all are ok I'll deploy it if you want.
>> >
>> > On Wed, Oct 14, 2015 at 8:36 AM, Sam P. <sam at sam.today> wrote:
>> >
>> >> Yeah, its pretty close to ready. I can probably hide the
>todos and
>> >> change
>> >> some of the links so it will be OK? CCing for Walter's
>opinion
>> >>
>> >> On Wed, 14 Oct 2015 7:50 am Bernie Innocenti
><[4]bernie at codewiz.org>
>> wrote:
>> >>
>> >>> How about replacing this old and insecure website?
>> >>>
>> >>> If the new one isn't ready yet, we could temporarily serve a
>> >>> minimalistic
>> >>> page with the SL logo and a few links to the main resources.
>A bit like
>> >>> the
>> >>> Google home page...
>> >>>
>> >>> On October 13, 2015 4:26:37 PM EDT, Samuel Cantero <[5]
>> scanterog at gmail.com>
>> >>> wrote:
>> >>>
>> >>>> Hello everyone,
>> >>>>
>> >>>> I just recently erase all the unwanted images and the
>malicious php
>> >>>> files for www.slo.
>> >>>>
>> >>>> The injected URLs [f*or ex:
>> >>>> [6]sugarlabs.org/index.php/cheap-canadian-viagra/
>> >>>> <[7]http://sugarlabs.org/index.php/cheap-canadian-viagra/>
>or
>> >>>> [8]sugarlabs.org/index.php/viagra
>> >>>> <[9]http://sugarlabs.org/index.php/viagra>*]
>> >>>> are not working anymore. Those URLs were generated with the
>head.php
>> >>>> script. The complete decoded code can be found here:
>> >>>> [10]http://www.fpaste.org/278824/.
>> >>>>
>> >>>> Also, the b374k-shell webshell is not working anymore. For
>the
>> curious,
>> >>>> it looked like this: [11]http://snag.gy/BmcA1.jpg
>> >>>>
>> >>>
>> >>>> I've found similar php files in [12]walterbender.org the
>other day. I
>> >>>> replaced the wh ole site for an uncompromised one.
>> >>>>
>> >>>
>> >>>> Anyway, we still have to find how they did that and how can
>we protect
>> >>>> our server from this kind of exploit. It is not easy though.
>It can be
>> >>>> a
>> >>>> security vulnerability on wordpress, some plugin or a
>permission
>> >>>> problem.
>> >>>>
>> >>>> Still pending to follow the CERT intruder detection
>checklist.
>> >>>>
>> >>>> Regards,
>> >>>>
>> >>>>
>> >>>> On Tue, Oct 13, 2015 at 7:18 AM, Sam P. <sam at sam.today>
>wrote:
>> >>>>
>> >>> I was just running ls -lsah on the root of www.slo, and it
>told me:
>> >>>>>
>> >>>>> * Th e spam (head.php) was last modified on Jun 23 13:56.
>I assume
>> >>>>> this is the creation date too.
>> >>>>>
>> >>>> * head.php is owned by www-data. I assume this means that
>it came
>> from
>> >>>>> php or apache?
>> >>>>> * index.php was modified 1 minute after head.php. It has a
>command
>> to
>> >>>>> "include("head.php");"
>> >>>>> * every directory was modified within 2 minutes after the
>spam
>> >>>>> creation, including .git
>> >>>>> * eg. css/comnon.php base64 or something encoded php.
>Looks a
>> >>>>> different style to head.php, no use of regex, but IDK. It
>is a php
>> >>>>> webshell named b374k-shell version 2.8.
>> >>>>> * eg. assets/fs-login.php encoded php that is decoded
>using a
>> >>>>> regex. Prompts for a passoword, but no identifying stuff
>> >>>>> * There are also files called fedit.php Iicense.php
>(starting
>> with
>> >>>>> cap. i) lndex.php (lower case L)
>> >>>>>
>> >>>>> Some files came before head.php, see
>> >>>>> [13]http://www.fpaste.org/278658/47310741/
>> >>>>>
>> >>>>> Also, reviewing Walter's repo, I can't find a clean copy of
>the
>> >>>>> website, see
>[14]https://github.com/walterbender/www-sugarlabs/issues
>> /11
>> >>>>> So hum, cleaning this will be fun!
>> >>>>>
>> >>>>> Thanks,
>> >>>>> Sam
>> >>>>>
>> >>>>
>> >>>>> On Tue, Oct 13, 2015 at 12:35 PM, Samuel Cantero <[15]
>> scanterog at gmail.com>
>> >>>>> wrote:
>> >>>>>
>> >>>>>> I can't continue working on this today. Tomorrow I will
>try to
>> search
>> >>>>>> related files. We can erase the suspicious files now but
>if we do
>> not
>> >>>>>> find
>> >>>>>> the root cause, it will happen again.
>> >>>>>>
>> >>>>>> Thanks James. I will google for it.
>> >>>>>>
>> >>>>>> On Mon, Oct 12, 2015 at 10:27 PM, James Cameron <[16]
>> quozl at laptop.org>
>> >>>>>> wrote:
>> >>>>>>
>> >>>>>>> Sadly, I've done PHP. There were PHP vulnerabilities
>that can lead
>> >>>>>>> to site compromise if the www directory was writable by
>the apache
>> >>>>>>> processes that run PHP.
>> >>>>>>>
>> >>>>>>> Follow the CERT intruder detection checklist if you can.
>> >>>>>>>
>> >>>>>>> On 13/10/2015, at 12:01 PM, Samuel Cantero wrote:
>> >>>>>>>
>> >>>>>>> > Also, I've found the followings php files with
>suspicious code:
>> >>>>>>> >
>> >>>>>>> >
>/srv/www-sugarlabs/www/images/favicons/class.wp-date.php
>> >>>>>>> > /srv/www-sugarlabs/www/old/fedit.php
>> >>>>>>> > /srv/www-sugarlabs/www/old/Iicense.php
>> >>>>>>> > /srv/www-sugarlabs/www/scripts/fs-login.php
>> >>>>>>> > /srv/www-sugarlabs/www/xsl/fs-login.php
>> >>>>>>> > /srv/www-sugarlabs/www/.git/lndex.php
>> >>>>>>> > /srv/www-sugarlabs/www/cache/fedit.php
>> >>>>>>> > /srv/www-sugarlabs/www/cache/Iicense.php
>> >>>>>>> > /srv/www-sugarlabs/www/.cache.php
>> >>>>>>> >
>> >>>>>>> > In addition, some gzipped base64 encoded php using some
>> >>>>>>> > hexadecimal
>> >>>>>>> character codes. This "fancy" code is executed via
>preg_replace
>> with
>> >>>>>>> the e
>> >>>>>>> modifier.
>> >>>>>>> >
>> >>>>>>> > /srv/www-sugarlabs/www/images/Iicense.php
>> >>>>>>> > /srv/www-sugarlabs/www/press/Iicense.php
>> >>>>>>> > /srv/www-sugarlabs/www/xml/fedit.php
>> >>>>>>> > /srv/www-sugarlabs/www/head.php
>> >>>>>>> > /srv/www-sugarlabs/www/static/lndex.php
>> >>>>>>> > /srv/www-sugarlabs/www/assets/fs-login.php
>> >>>>>>> >
>> >>>>>>> > An expert in PHP here?
>> >>>>>>> >
>> >>>>>>> > This is just Sugar Labs web site. Maybe we have a lot
>of them in
>> >>>>>>> the entire /srv directory. I have to look for it.
>> >>>>>>> >
>> >>>>>>> > Regards,
>> >>>>>>> >
>> >>>>>>> > On Mon, Oct 12, 2015 at 9:03 PM, Samuel Cantero <
>> >>>>>>> [17]scanterog at gmail.com> wrote:
>> >>>>>>> > Google is right. Our site has been hacked.
>> >>>>>>> >
>> >>>>>>> > One example: [18]http://www.sugarlabs.org/images/
>> >>>>>>> >
>> >>>>>>> > There is a URL inyection:
>> >>>>>>> [19]http://www.sugarlabs.org/index.php/cialis-10mg/
>> >>>>>>> >
>> >>>>>>> > I will try to find all URLs not belonging to our site
>and the
>> root
>> >>>>>>> cause.
>> >>>>>>> >
>> >>>>>>> > Regards,
>> >>>>>>> >
>> >>>>>>> > On Mon, Oct 12, 2015 at 5:50 PM, Bernie Innocenti <
>> >>>>>>> [20]bernie at codewiz.org> wrote:
>> >>>>>>> > Maybe all we need to do is click the reconsideration
>request link
>> >>>>>>> and see what happens.
>> >>>>>>> >
>> >>>>>>> > Feel free to take control of the domain if you want to
>see the
>> >>>>>>> Google webmaster console.
>> >>>>>>> >
>> >>>>>>> > On October 12, 2015 3:11:53 PM EDT, "Ignacio Rodríguez"
><
>> >>>>>>> [21]nachoel01 at gmail.com> wrote:
>> >>>>>>> > Is that updated?
>> >>>>>>> >
>> >>>>>>> > I remember to see some spam in [22]sugarlabs.org (but
>it was
>> Fixed).
>> >>>>>>> >
>> >>>>>>> > AS the email says, can we rfetch as Google? I mean,
>the tool for
>> >>>>>>> that-
>> >>>>>>> > Greetings,
>> >>>>>>> > Ignacio
>> >>>>>>> >
>> >>>>>>> > 2015-10-12 16:02 GMT, Sebastian Silva <[23]
>> sebastian at fuentelibre.org>:
>> >>>>>>> > I did a very quick look on the pages reported, and
>can't find
>> >>>>>>> anything
>> >>>>>>> > suspicious with them.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > On 12/10/15 10:52, Samuel Cantero wrote:
>> >>>>>>> > I can check this later (in 8 hours). I am away from my
>laptop
>> >>>>>>> > now.
>> >>>>>>> If
>> >>>>>>> > someone has found something please share the info.
>> >>>>>>> >
>> >>>>>>> > Regards,
>> >>>>>>> >
>> >>>>>>> > On Monday, 12 October 2015, Bernie Innocenti <[24]
>> bernie at codewiz.org
>> >>>>>>> >
>> >>>>>>> > <mailto:
>> >>>>>>> > [25]bernie at codewiz.org>> wrote:
>> >>>>>>> >
>> >>>>>>> > Can someone look into this to see if our ancient
>website
>> >>>>>>> really is
>> >>>>>>> > serving "hacked" content?
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > *From:* Google Search Console Team <[26]
>> sc-noreply at google.com
>> >>>>>>> >
><javascript:_e(%7B%7D,'cvml','[27]sc-noreply at google.com');>>
>> >>>>>>> > *Sent:* October 6, 2015 5:47:40 PM EDT
>> >>>>>>> > *To:* [28]bernie.codewiz at gmail.com
>> >>>>>>> >
><javascript:_e(%7B%7D,'cvml','[29]bernie.codewiz at gmail.com
>> ');>
>> >>>>>>> > *Subject:* Hacked content detected on
>> >>>>>>> [30]http://www.sugarlabs.org/
>> >>>>>>> >
>> >>>>>>> > Message type: [WNC-633200]
>> >>>>>>> > Search Console
>> >>>>>>> >
>> >>>>>>> > Hacked content detected on
>[31]http://www.sugarlabs.org/
>> >>>>>>> >
>> >>>>>>> > To: Webmaster of [32]http://www.sugarlabs.org/,
>> >>>>>>> >
>> >>>>>>> > Google has detected that your site has been hacked
>by a
>> third
>> >>>>>>> > party who created
>> >>>>>>> > malicious content on some of your pages. This
>> >>>>>>> >
>> >>>>>>> > critical issue utilizes your site’s reputation to
>show
>> >>>>>>> potential
>> >>>>>>> > visitors unexpected or harmful content on your
>site or in
>> >>>>>>> search
>> >>>>>>> > results. It also lowers the quality of results for
>Google
>> >>>>>>> Search
>> >>>>>>> > users. Therefore, we have applied a manual action
>to your
>> >>>>>>> > site
>> >>>>>>> > that will warn users of hacked content when your
>site
>> appears
>> >>>>>>> in
>> >>>>>>> > search results. To remove this warning, clean up
>the hacked
>> >>>>>>> > content, and file a reconsideration request. After
>we
>> >>>>>>> > determine
>> >>>>>>> > that your site no longer has hacked content, we
>will remove
>> >>>>>>> this
>> >>>>>>> > manual action.
>> >>>>>>> >
>> >>>>>>> > Following are some example URLs where we found
>pages that
>> >>>>>>> > have
>> >>>>>>> > been compromised. Review them to gain a better
>sense of
>> where
>> >>>>>>> this
>> >>>>>>> > hacked content appears. The list is not
>exhaustive.
>> >>>>>>> >
>> >>>>>>> >
>[33]http://git.sugarlabs.org/python-xkb/mainline/commits/
>> 35bdff6
>> >>>>>>> >
>> >>>>>>> >
>[34]http://meeting.sugarlabs.org/publiclab/meetings
>> >>>>>>> >
>> >>>>>>> >
>[35]http://meeting.sugarlabs.org/sugar-meeting/2015-06-07
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > Here’s how to fix this problem:
>> >>>>>>> >
>> >>>>>>> > 1
>> >>>>>>> >
>> >>>>>>> > Check Security Issues for details of the hack
>> >>>>>>> >
>> >>>>>>> > Use the examples provided in the Security Issues
>report of
>> >>>>>>> Search
>> >>>>>>> > Console to get an initial sample of hacked pages.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > Security Issues
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [36]https://www.google.com/appserve/mkt/p/
>>
>kVgkGZKCN3DzN06od04KKAtZ0MELd5xT3j6zpU-JXhXWycXm6bg2W2xxZcBHQshGY9Dbo6BoOE6t4b1qxyCKXO2Q-JbiMgnsBSipGOHR246wqlLQhLLeM2-Pn6UVjijAxh4IQbS8msvmyuCEhUM7SaaWo_iSJfqhdrGgwaX47_mqJlPAYaytPzxHn_TzI8idMH-b6vmj470TW8hQl-j2jruE55uGYSy_3fwvNKAOjSLNHJ11QWPMjSaVMX4IpasNLfbmYxP5PZW_0mGwbkoWtSMNVe3Mq7WU
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > 2
>> >>>>>>> >
>> >>>>>>> > Look for other compromised pages or files on your
>site
>> >>>>>>> >
>> >>>>>>> > Be sure to check your entire site, including the
>homepage,
>> >>>>>>> > for
>> >>>>>>> any
>> >>>>>>> > unfamiliar content that could have been added. The
>malicious
>> >>>>>>> code
>> >>>>>>> > might be placed in HTML, JavaScript, or other
>files on your
>> >>>>>>> site.
>> >>>>>>> > It can also be hidden in places you might
>overlook, such as
>> >>>>>>> server
>> >>>>>>> > configuration files (e.g. .htaccess file) or other
>dynamic
>> >>>>>>> > scripting pages (e.g. PHP, JSP). It’s important to
>be
>> >>>>>>> > thorough
>> >>>>>>> in
>> >>>>>>> > your investigation.
>> >>>>>>> >
>> >>>>>>> > 3
>> >>>>>>> >
>> >>>>>>> > Use the Fetch as Google tool to isolate the
>malicious
>> content
>> >>>>>>> >
>> >>>>>>> > Because some pages can appear one way to a user
>and another
>> >>>>>>> way to
>> >>>>>>> > Google crawlers, you can use the Fetch as Google
>tool to
>> >>>>>>> > reveal
>> >>>>>>> > some kinds of hacking. Enter URLs from your site
>in the tool
>> >>>>>>> > to
>> >>>>>>> > see the pages as Google sees them. If the page has
>hidden
>> >>>>>>> hacked
>> >>>>>>> > content, the tool can reveal that content.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > Fetch as Google
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [37]https://www.google.com/appserve/mkt/p/
>>
>I3Dm05ZvmwWJtGtmHNGyYK86h2nzUYGDM-1dIVEnmSHrHs0N84tDyBfUA5iDb72j6B-yiwNg-OrBO0P0PQbrU3v8R5tcVAdzYMv3OpcObaRWw6HuB_hF_vBUQ0wZEYtCIbe16MSxBLicOuFq6SP20C3-AbQorJKlU227T3AeC21nVaTf-KFMOvGO-OFQMdU8_Rthc-UT-ZB7e9_xKK8fusESgfkMAlFFnhedw1Mmy6z-7H7n_sA47L5Kf5TfpXQWf4tNFKZzfwYoKnY8NFJkNqyEOVpVQkAX
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > 4
>> >>>>>>> >
>> >>>>>>> > Remove all malicious content
>> >>>>>>> >
>> >>>>>>> > You can also contact your hosting provider and ask
>them for
>> >>>>>>> > assistance. If you’re having trouble identifying
>and
>> removing
>> >>>>>>> all
>> >>>>>>> > the content on your site that is compromised,
>consider
>> >>>>>>> restoring
>> >>>>>>> > an older backed-up
>> >>>>>>> > version of your site.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > 5
>> >>>>>>> >
>> >>>>>>> > Secure your site from any future attacks
>> >>>>>>> >
>> >>>>>>> > Identify and fix vulnerabilities that caused your
>site to be
>> >>>>>>> > compromised. Change passwords for administrative
>accounts.
>> >>>>>>> > Consider contacting your hosting service to get
>help with
>> the
>> >>>>>>> issue.
>> >>>>>>> >
>> >>>>>>> > 6
>> >>>>>>> >
>> >>>>>>> > Submit a reconsideration request
>> >>>>>>> >
>> >>>>>>> > Once you fix your site, file for reconsideration
>to remove
>> >>>>>>> > this
>> >>>>>>> > manual action. Include any details or
>documentation that can
>> >>>>>>> help
>> >>>>>>> > us understand the changes made to your site.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > Reconsideration Request
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [38]https://www.google.com/appserve/mkt/p/
>>
>mkMChrLY5uOSnnaQ5gbTAFDfGwF9b6RURLy_mBu1favZezzi13VSZPX07YO4eT4qaxKtQQFbGwR5lgEHDrnmLOaVzvClgPw3zw4P5NW1tQCDpPfXWL3li5UfVcsWLvABq0-kSdP0RwG3S-icgEz1HOe4fAssqjSSFWSwdgGpDcsqBZK8h8zWXqgHmAnfU3-a93zxp54EiQASOsPPnMSvqx8oBIco-F5o-Ro4Da3xmZU6HpjdwyGPq_PYyPJ1utqx1VNivc0ptczU9Ga6kc6x_HzwsjXAtvwTwFDuzAqE
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > Need more help?
>> >>>>>>> >
>> >>>>>>> > • Read our guide for hacked sites
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [39]https://www.google.com/appserve/mkt/p/
>>
>IV-1opuTX8iamyLtoalATOnDHD7nAlmgL8CVzxJazsopWNGnaydlADoMVjEnxX6PPmcoakoeoAI_pi9Fr94XUsVcDgZ_5t0jCV4eFMo3ehPi0RqjmdUphK8AeWrRaiNuPE-G8mLJo_0ZxqlIaNYBxdHxDhw9idMBli6GQxEjRhkJdZHPB7crjABDHO7pW3yIGDi2MuVI09y1bKc7QlGI6OTxGFTLmpQsLxGTCflqCA
>> ==
>> >>>>>>> >.
>> >>>>>>> >
>> >>>>>>> > • Learn how to use the Fetch as Google
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [40]https://www.google.com/appserve/mkt/p/
>>
>9Ir-Bt-67WRNvKE9owMrZLp8oZJ1HImuPu4xcaEPRb0JtnzPu6aTmg2CUheZmi-tuwqORJVIvjiPKkndT4yNd0YpPysKDsWv32eQNwCtJ4If7XJl13TyrO9HotNhwd7K9lpUYNvbMjVNl7nYSBHZ7AP4nWHNjelPl4jlZIRAMWdMtDDlsvyDT79bBAs83a7NjBY2D8FnVFd5b7MV3B4prCLse477PGMw_ADsoybItKdyR1bpPjsQ288
>> =
>> >>>>>>> >
>> >>>>>>> > tool in our Help Center.
>> >>>>>>> > • Learn more about reconsideration requests
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [41]https://www.google.com/appserve/mkt/p/
>>
>aQ8PKvfwLMXzVU_Y2JKYswOlSi_DMZlgJxl_1pKoECDrfGb2bMv7ktikhnlpXYFo5pFod5pV_5MID2lXxPnG8JXg2IT2QK4EEHFK5CKy_jEld6vmacZzTy5qkLiQ_KXYEpR3IHJRXl_5bAzuInboteGdP3kowTaHbH0k5_KGdQ-7x_7Uc9S6ZuON2GRJgf_l7VBFlCpYx63dthhREfGl3aJAmrrd5B12fcQXpUS-XivElQ5E4tuW7TZJ6-2t
>> >>>>>>> >
>> >>>>>>> > in our Help Center.
>> >>>>>>> > • Ask questions in our forum
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [42]https://www.google.com/appserve/mkt/p/
>>
>ciVSXy1Lws4CbKwqiPW7Vh6w0QYywSigyhOIHLlIjWP3nj6-NftgW0tj9Q7pqbfedTFBQzUv2xyKSI6xfNA58JuQX50x7h1ytUIKOkQiKXj_ERqHQ2gb03stUwFcck5XtNQmsaC97h1gYDzzEc9Znv0rvIn8yn7rZTLHocA63VlvS7nA4uEpsVVNhe_z53A40yKJiZ6MjC4w-CPfWa_U9yssivxOXqpB3412s9ovXag888rv1S221MwGu1kHRZrF
>> >>>>>>> >
>> >>>>>>> > for more help - mention message type [WNC-633200].
>> >>>>>>> >
>> >>>>>>> > Google Inc. 1600 Amphitheatre Parkway Mountain
>View, CA
>> 94043
>> >>>>>>> > |
>> >>>>>>> > Unsubscribe
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [43]https://www.google.com/appserve/mkt/p/
>>
>nD7NcGKMjSxCRFdqrYmqkL7hvzslENpmCZMgpewUjQhJa8Y3IGhAn89ccuRCUkWOuTf5YyzJCYxX0gomovUPNbNSks2EX6CeQsbJ3U39wrbENLoAoJgF2YmZ6NdumTzBxHR3erjkR92y7Fv7QpLly4IS93wNFYQYYOGhysjJLJ60gwhvItjpmW6p-A
>> ==
>> >>>>>>> >
>> >>>>>>> > Add partners
>> >>>>>>> >
>> >>>>>>> > <
>> >>>>>>> [44]https://www.google.com/appserve/mkt/p/
>>
>qTjtKM7FKDMWcpoZIrRbnRQOfhxVo6TyQct8JuQPryv-Ov_yf7iqFkiNR_wU8HLKO5ksfov9m5IVJki2NB0YDH1Jm-7KEXDMHFkAFu5ka67xYh1d1SL3hT0VuzTq99m4jFvLm0xQr0nTwz6TDTOBbeZKywq9JWpM_2HXJJrI8CgyO7_rdp7TIPdbc3kzCzJGA_xOBL-ktb1uoJAcHmk-FIJhuDu91iioHwpjGAC3o0WN06RKsDkeHjzQ2mDV_0ksYVzhx4V3yyoc-I8MQ0QvuBWU_aKms694WJmI_Q
>> ==
>> >>>>>>> >who
>> >>>>>>> > should receive messages for this Search Console
>account.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > --
>> >>>>>>> > Sent from my Android device with K-9 Mail. Please
>excuse my
>> >>>>>>> brevity.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > Systems mailing list
>> >>>>>>> > [45]Systems at lists.sugarlabs.org
>> >>>>>>> > [46]http://lists.sugarlabs.org/listinfo/systems
>> >>>>>>> >
>> >>>>>>> > --
>> >>>>>>> > I+D SomosAzucar.Org
>> >>>>>>> > "icarito" #somosazucar en Freenode IRC
>> >>>>>>> > "Nadie libera a nadie, nadie se libera solo. Los seres
>humanos
>> se
>> >>>>>>> liberan en
>> >>>>>>> > comunión" - P. Freire
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > --
>> >>>>>>> > Sent from my Android device with K-9 Mail. Please
>excuse my
>> >>>>>>> > brevity.
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>> > _______________________________________________
>> >>>>>>> > Systems mailing list
>> >>>>>>> > [47]Systems at lists.sugarlabs.org
>> >>>>>>> > [48]http://lists.sugarlabs.org/listinfo/systems
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>> _______________________________________________
>> >>>>>> Systems mailing list
>> >>>>>> [49]Systems at lists.sugarlabs.org
>> >>>>>> [50]http://lists.sugarlabs.org/listinfo/systems
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>> Systems mailing list
>> >>>> [51]Systems at lists.sugarlabs.org
>> >>>> [52]http://lists.sugarlabs.org/listinfo/systems
>> >>>>
>> >>>>
>> >>> --
>> >>> Sent from my Android device with K-9 Mail. Please excuse my
>brevity.
>> >>>
>> >>
>> >
>>
>> --
>> Ignacio Rodríguez
>> SugarLabs at Facebook
>> <[53]https://www.facebook.com/pages/SugarLabs/187845102582>
>>
>> References:
>>
>> [1] mailto:nachoel01 at gmail.com
>> [2] http://sugarlabs.org/
>> [3] http://www.sam.today/
>> [4] mailto:bernie at codewiz.org
>> [5] mailto:scanterog at gmail.com
>> [6] http://sugarlabs.org/index.php/cheap-canadian-viagra/
>> [7] http://sugarlabs.org/index.php/cheap-canadian-viagra/
>> [8] http://sugarlabs.org/index.php/viagra
>> [9] http://sugarlabs.org/index.php/viagra
>> [10] http://www.fpaste.org/278824/
>> [11] http://snag.gy/BmcA1.jpg
>> [12] http://walterbender.org/
>> [13] http://www.fpaste.org/278658/47310741/
>> [14] https://github.com/walterbender/www-sugarlabs/issues/11
>> [15] mailto:scanterog at gmail.com
>> [16] mailto:quozl at laptop.org
>> [17] mailto:scanterog at gmail.com
>> [18] http://www.sugarlabs.org/images/
>> [19] http://www.sugarlabs.org/index.php/cialis-10mg/
>> [20] mailto:bernie at codewiz.org
>> [21] mailto:nachoel01 at gmail.com
>> [22] http://sugarlabs.org/
>> [23] mailto:sebastian at fuentelibre.org
>> [24] mailto:bernie at codewiz.org
>> [25] mailto:bernie at codewiz.org
>> [26] mailto:sc-noreply at google.com
>> [27] mailto:sc-noreply at google.com
>> [28] mailto:bernie.codewiz at gmail.com
>> [29] mailto:bernie.codewiz at gmail.com
>> [30] http://www.sugarlabs.org/
>> [31] http://www.sugarlabs.org/
>> [32] http://www.sugarlabs.org/
>> [33] http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6
>> [34] http://meeting.sugarlabs.org/publiclab/meetings
>> [35] http://meeting.sugarlabs.org/sugar-meeting/2015-06-07
>> [36]
>https://www.google.com/appserve/mkt/p/kVgkGZKCN3DzN06od04KKAtZ0MELd5xT3j6zpU-JXhXWycXm6bg2W2xxZcBHQshGY9Dbo6BoOE6t4b1qxyCKXO2Q-JbiMgnsBSipGOHR246wqlLQhLLeM2-Pn6UVjijAxh4IQbS8msvmyuCEhUM7SaaWo_iSJfqhdrGgwaX47_mqJlPAYaytPzxHn_TzI8idMH-b6vmj470TW8hQl-j2jruE55uGYSy_3fwvNKAOjSLNHJ11QWPMjSaVMX4IpasNLfbmYxP5PZW_0mGwbkoWtSMNVe3Mq7WU
>> [37]
>https://www.google.com/appserve/mkt/p/I3Dm05ZvmwWJtGtmHNGyYK86h2nzUYGDM-1dIVEnmSHrHs0N84tDyBfUA5iDb72j6B-yiwNg-OrBO0P0PQbrU3v8R5tcVAdzYMv3OpcObaRWw6HuB_hF_vBUQ0wZEYtCIbe16MSxBLicOuFq6SP20C3-AbQorJKlU227T3AeC21nVaTf-KFMOvGO-OFQMdU8_Rthc-UT-ZB7e9_xKK8fusESgfkMAlFFnhedw1Mmy6z-7H7n_sA47L5Kf5TfpXQWf4tNFKZzfwYoKnY8NFJkNqyEOVpVQkAX
>> [38]
>https://www.google.com/appserve/mkt/p/mkMChrLY5uOSnnaQ5gbTAFDfGwF9b6RURLy_mBu1favZezzi13VSZPX07YO4eT4qaxKtQQFbGwR5lgEHDrnmLOaVzvClgPw3zw4P5NW1tQCDpPfXWL3li5UfVcsWLvABq0-kSdP0RwG3S-icgEz1HOe4fAssqjSSFWSwdgGpDcsqBZK8h8zWXqgHmAnfU3-a93zxp54EiQASOsPPnMSvqx8oBIco-F5o-Ro4Da3xmZU6HpjdwyGPq_PYyPJ1utqx1VNivc0ptczU9Ga6kc6x_HzwsjXAtvwTwFDuzAqE
>> [39]
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151015/753f4108/attachment.html>
More information about the Systems
mailing list