[Systems] Hacked content detected on http://www.sugarlabs.org/
Bernie Innocenti
bernie at codewiz.org
Thu Oct 15 07:47:41 EDT 2015
Leaving php enabled on a site is a potential security risk even if it's not used.
A few years ago, www.gnu.org got hacked because it had php enabled and attackers figured out how to commit a php shell in CVS through Savannah. When we stopped them, they were uploading kernel exploits to gain root.
On October 14, 2015 3:10:57 AM EDT, "Ignacio Rodríguez" <nachoel01 at gmail.com> wrote:
>Wow.
>
>Nice work Sam, it looks nice and user friendly,
>so I think we should put it ASAP and disable php (or simply don't use
>it) for http://sugarlabs.org in apache settings (I think that is
>possible, correct me if I'm wrong)
>
>Greetings
>
>2015-10-14 3:54 GMT-03:00, Sam P. <sam at sam.today>:
>> Ok, so changed the new static site to hide all of the todos and
>stuff:
>> http://www.sam.today/
>>
>> When you all are ok I'll deploy it if you want.
>>
>> On Wed, Oct 14, 2015 at 8:36 AM, Sam P. <sam at sam.today> wrote:
>>
>>> Yeah, its pretty close to ready. I can probably hide the todos and
>>> change
>>> some of the links so it will be OK? CCing for Walter's opinion
>>>
>>> On Wed, 14 Oct 2015 7:50 am Bernie Innocenti <bernie at codewiz.org>
>wrote:
>>>
>>>> How about replacing this old and insecure website?
>>>>
>>>> If the new one isn't ready yet, we could temporarily serve a
>>>> minimalistic
>>>> page with the SL logo and a few links to the main resources. A bit
>like
>>>> the
>>>> Google home page...
>>>>
>>>> On October 13, 2015 4:26:37 PM EDT, Samuel Cantero
><scanterog at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello everyone,
>>>>>
>>>>> I just recently erase all the unwanted images and the malicious
>php
>>>>> files for www.slo.
>>>>>
>>>>> The injected URLs [f*or ex:
>>>>> sugarlabs.org/index.php/cheap-canadian-viagra/
>>>>> <http://sugarlabs.org/index.php/cheap-canadian-viagra/> or
>>>>> sugarlabs.org/index.php/viagra
>>>>> <http://sugarlabs.org/index.php/viagra>*]
>>>>> are not working anymore. Those URLs were generated with the
>head.php
>>>>> script. The complete decoded code can be found here:
>>>>> http://www.fpaste.org/278824/.
>>>>>
>>>>> Also, the b374k-shell webshell is not working anymore. For the
>curious,
>>>>> it looked like this: http://snag.gy/BmcA1.jpg
>>>>>
>>>>
>>>>> I've found similar php files in walterbender.org the other day. I
>>>>> replaced the wh ole site for an uncompromised one.
>>>>>
>>>>
>>>>> Anyway, we still have to find how they did that and how can we
>protect
>>>>> our server from this kind of exploit. It is not easy though. It
>can be
>>>>> a
>>>>> security vulnerability on wordpress, some plugin or a permission
>>>>> problem.
>>>>>
>>>>> Still pending to follow the CERT intruder detection checklist.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>> On Tue, Oct 13, 2015 at 7:18 AM, Sam P. <sam at sam.today> wrote:
>>>>>
>>>> I was just running ls -lsah on the root of www.slo, and it told me:
>>>>>>
>>>>>> * Th e spam (head.php) was last modified on Jun 23 13:56. I
>assume
>>>>>> this is the creation date too.
>>>>>>
>>>>> * head.php is owned by www-data. I assume this means that it came
>from
>>>>>> php or apache?
>>>>>> * index.php was modified 1 minute after head.php. It has a
>command to
>>>>>> "include("head.php");"
>>>>>> * every directory was modified within 2 minutes after the spam
>>>>>> creation, including .git
>>>>>> * eg. css/comnon.php base64 or something encoded php. Looks
>a
>>>>>> different style to head.php, no use of regex, but IDK. It is a
>php
>>>>>> webshell named b374k-shell version 2.8.
>>>>>> * eg. assets/fs-login.php encoded php that is decoded using a
>>>>>> regex. Prompts for a passoword, but no identifying stuff
>>>>>> * There are also files called fedit.php Iicense.php (starting
>with
>>>>>> cap. i) lndex.php (lower case L)
>>>>>>
>>>>>> Some files came before head.php, see
>>>>>> http://www.fpaste.org/278658/47310741/
>>>>>>
>>>>>> Also, reviewing Walter's repo, I can't find a clean copy of the
>>>>>> website, see
>https://github.com/walterbender/www-sugarlabs/issues/11
>>>>>> So hum, cleaning this will be fun!
>>>>>>
>>>>>> Thanks,
>>>>>> Sam
>>>>>>
>>>>>
>>>>>> On Tue, Oct 13, 2015 at 12:35 PM, Samuel Cantero
><scanterog at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I can't continue working on this today. Tomorrow I will try to
>search
>>>>>>> related files. We can erase the suspicious files now but if we
>do not
>>>>>>> find
>>>>>>> the root cause, it will happen again.
>>>>>>>
>>>>>>> Thanks James. I will google for it.
>>>>>>>
>>>>>>> On Mon, Oct 12, 2015 at 10:27 PM, James Cameron
><quozl at laptop.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Sadly, I've done PHP. There were PHP vulnerabilities that can
>lead
>>>>>>>> to site compromise if the www directory was writable by the
>apache
>>>>>>>> processes that run PHP.
>>>>>>>>
>>>>>>>> Follow the CERT intruder detection checklist if you can.
>>>>>>>>
>>>>>>>> On 13/10/2015, at 12:01 PM, Samuel Cantero wrote:
>>>>>>>>
>>>>>>>> > Also, I've found the followings php files with suspicious
>code:
>>>>>>>> >
>>>>>>>> > /srv/www-sugarlabs/www/images/favicons/class.wp-date.php
>>>>>>>> > /srv/www-sugarlabs/www/old/fedit.php
>>>>>>>> > /srv/www-sugarlabs/www/old/Iicense.php
>>>>>>>> > /srv/www-sugarlabs/www/scripts/fs-login.php
>>>>>>>> > /srv/www-sugarlabs/www/xsl/fs-login.php
>>>>>>>> > /srv/www-sugarlabs/www/.git/lndex.php
>>>>>>>> > /srv/www-sugarlabs/www/cache/fedit.php
>>>>>>>> > /srv/www-sugarlabs/www/cache/Iicense.php
>>>>>>>> > /srv/www-sugarlabs/www/.cache.php
>>>>>>>> >
>>>>>>>> > In addition, some gzipped base64 encoded php using some
>>>>>>>> > hexadecimal
>>>>>>>> character codes. This "fancy" code is executed via preg_replace
>with
>>>>>>>> the e
>>>>>>>> modifier.
>>>>>>>> >
>>>>>>>> > /srv/www-sugarlabs/www/images/Iicense.php
>>>>>>>> > /srv/www-sugarlabs/www/press/Iicense.php
>>>>>>>> > /srv/www-sugarlabs/www/xml/fedit.php
>>>>>>>> > /srv/www-sugarlabs/www/head.php
>>>>>>>> > /srv/www-sugarlabs/www/static/lndex.php
>>>>>>>> > /srv/www-sugarlabs/www/assets/fs-login.php
>>>>>>>> >
>>>>>>>> > An expert in PHP here?
>>>>>>>> >
>>>>>>>> > This is just Sugar Labs web site. Maybe we have a lot of them
>in
>>>>>>>> the entire /srv directory. I have to look for it.
>>>>>>>> >
>>>>>>>> > Regards,
>>>>>>>> >
>>>>>>>> > On Mon, Oct 12, 2015 at 9:03 PM, Samuel Cantero <
>>>>>>>> scanterog at gmail.com> wrote:
>>>>>>>> > Google is right. Our site has been hacked.
>>>>>>>> >
>>>>>>>> > One example: http://www.sugarlabs.org/images/
>>>>>>>> >
>>>>>>>> > There is a URL inyection:
>>>>>>>> http://www.sugarlabs.org/index.php/cialis-10mg/
>>>>>>>> >
>>>>>>>> > I will try to find all URLs not belonging to our site and the
>root
>>>>>>>> cause.
>>>>>>>> >
>>>>>>>> > Regards,
>>>>>>>> >
>>>>>>>> > On Mon, Oct 12, 2015 at 5:50 PM, Bernie Innocenti <
>>>>>>>> bernie at codewiz.org> wrote:
>>>>>>>> > Maybe all we need to do is click the reconsideration request
>link
>>>>>>>> and see what happens.
>>>>>>>> >
>>>>>>>> > Feel free to take control of the domain if you want to see
>the
>>>>>>>> Google webmaster console.
>>>>>>>> >
>>>>>>>> > On October 12, 2015 3:11:53 PM EDT, "Ignacio Rodríguez" <
>>>>>>>> nachoel01 at gmail.com> wrote:
>>>>>>>> > Is that updated?
>>>>>>>> >
>>>>>>>> > I remember to see some spam in sugarlabs.org (but it was
>Fixed).
>>>>>>>> >
>>>>>>>> > AS the email says, can we rfetch as Google? I mean, the tool
>for
>>>>>>>> that-
>>>>>>>> > Greetings,
>>>>>>>> > Ignacio
>>>>>>>> >
>>>>>>>> > 2015-10-12 16:02 GMT, Sebastian Silva
><sebastian at fuentelibre.org>:
>>>>>>>> > I did a very quick look on the pages reported, and can't
>find
>>>>>>>> anything
>>>>>>>> > suspicious with them.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > On 12/10/15 10:52, Samuel Cantero wrote:
>>>>>>>> > I can check this later (in 8 hours). I am away from my
>laptop
>>>>>>>> > now.
>>>>>>>> If
>>>>>>>> > someone has found something please share the info.
>>>>>>>> >
>>>>>>>> > Regards,
>>>>>>>> >
>>>>>>>> > On Monday, 12 October 2015, Bernie Innocenti
><bernie at codewiz.org
>>>>>>>> >
>>>>>>>> > <mailto:
>>>>>>>> > bernie at codewiz.org>> wrote:
>>>>>>>> >
>>>>>>>> > Can someone look into this to see if our ancient website
>>>>>>>> really is
>>>>>>>> > serving "hacked" content?
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > *From:* Google Search Console Team
><sc-noreply at google.com
>>>>>>>> > <javascript:_e(%7B%7D,'cvml','sc-noreply at google.com');>>
>>>>>>>> > *Sent:* October 6, 2015 5:47:40 PM EDT
>>>>>>>> > *To:* bernie.codewiz at gmail.com
>>>>>>>> >
><javascript:_e(%7B%7D,'cvml','bernie.codewiz at gmail.com');>
>>>>>>>> > *Subject:* Hacked content detected on
>>>>>>>> http://www.sugarlabs.org/
>>>>>>>> >
>>>>>>>> > Message type: [WNC-633200]
>>>>>>>> > Search Console
>>>>>>>> >
>>>>>>>> > Hacked content detected on http://www.sugarlabs.org/
>>>>>>>> >
>>>>>>>> > To: Webmaster of http://www.sugarlabs.org/,
>>>>>>>> >
>>>>>>>> > Google has detected that your site has been hacked by a
>third
>>>>>>>> > party who created
>>>>>>>> > malicious content on some of your pages. This
>>>>>>>> >
>>>>>>>> > critical issue utilizes your site’s reputation to show
>>>>>>>> potential
>>>>>>>> > visitors unexpected or harmful content on your site or
>in
>>>>>>>> search
>>>>>>>> > results. It also lowers the quality of results for
>Google
>>>>>>>> Search
>>>>>>>> > users. Therefore, we have applied a manual action to
>your
>>>>>>>> > site
>>>>>>>> > that will warn users of hacked content when your site
>appears
>>>>>>>> in
>>>>>>>> > search results. To remove this warning, clean up the
>hacked
>>>>>>>> > content, and file a reconsideration request. After we
>>>>>>>> > determine
>>>>>>>> > that your site no longer has hacked content, we will
>remove
>>>>>>>> this
>>>>>>>> > manual action.
>>>>>>>> >
>>>>>>>> > Following are some example URLs where we found pages
>that
>>>>>>>> > have
>>>>>>>> > been compromised. Review them to gain a better sense of
>where
>>>>>>>> this
>>>>>>>> > hacked content appears. The list is not exhaustive.
>>>>>>>> >
>>>>>>>> >
>http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6
>>>>>>>> >
>>>>>>>> > http://meeting.sugarlabs.org/publiclab/meetings
>>>>>>>> >
>>>>>>>> > http://meeting.sugarlabs.org/sugar-meeting/2015-06-07
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Here’s how to fix this problem:
>>>>>>>> >
>>>>>>>> > 1
>>>>>>>> >
>>>>>>>> > Check Security Issues for details of the hack
>>>>>>>> >
>>>>>>>> > Use the examples provided in the Security Issues report
>of
>>>>>>>> Search
>>>>>>>> > Console to get an initial sample of hacked pages.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Security Issues
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/kVgkGZKCN3DzN06od04KKAtZ0MELd5xT3j6zpU-JXhXWycXm6bg2W2xxZcBHQshGY9Dbo6BoOE6t4b1qxyCKXO2Q-JbiMgnsBSipGOHR246wqlLQhLLeM2-Pn6UVjijAxh4IQbS8msvmyuCEhUM7SaaWo_iSJfqhdrGgwaX47_mqJlPAYaytPzxHn_TzI8idMH-b6vmj470TW8hQl-j2jruE55uGYSy_3fwvNKAOjSLNHJ11QWPMjSaVMX4IpasNLfbmYxP5PZW_0mGwbkoWtSMNVe3Mq7WU
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > 2
>>>>>>>> >
>>>>>>>> > Look for other compromised pages or files on your site
>>>>>>>> >
>>>>>>>> > Be sure to check your entire site, including the
>homepage,
>>>>>>>> > for
>>>>>>>> any
>>>>>>>> > unfamiliar content that could have been added. The
>malicious
>>>>>>>> code
>>>>>>>> > might be placed in HTML, JavaScript, or other files on
>your
>>>>>>>> site.
>>>>>>>> > It can also be hidden in places you might overlook, such
>as
>>>>>>>> server
>>>>>>>> > configuration files (e.g. .htaccess file) or other
>dynamic
>>>>>>>> > scripting pages (e.g. PHP, JSP). It’s important to be
>>>>>>>> > thorough
>>>>>>>> in
>>>>>>>> > your investigation.
>>>>>>>> >
>>>>>>>> > 3
>>>>>>>> >
>>>>>>>> > Use the Fetch as Google tool to isolate the malicious
>content
>>>>>>>> >
>>>>>>>> > Because some pages can appear one way to a user and
>another
>>>>>>>> way to
>>>>>>>> > Google crawlers, you can use the Fetch as Google tool to
>>>>>>>> > reveal
>>>>>>>> > some kinds of hacking. Enter URLs from your site in the
>tool
>>>>>>>> > to
>>>>>>>> > see the pages as Google sees them. If the page has
>hidden
>>>>>>>> hacked
>>>>>>>> > content, the tool can reveal that content.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Fetch as Google
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/I3Dm05ZvmwWJtGtmHNGyYK86h2nzUYGDM-1dIVEnmSHrHs0N84tDyBfUA5iDb72j6B-yiwNg-OrBO0P0PQbrU3v8R5tcVAdzYMv3OpcObaRWw6HuB_hF_vBUQ0wZEYtCIbe16MSxBLicOuFq6SP20C3-AbQorJKlU227T3AeC21nVaTf-KFMOvGO-OFQMdU8_Rthc-UT-ZB7e9_xKK8fusESgfkMAlFFnhedw1Mmy6z-7H7n_sA47L5Kf5TfpXQWf4tNFKZzfwYoKnY8NFJkNqyEOVpVQkAX
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > 4
>>>>>>>> >
>>>>>>>> > Remove all malicious content
>>>>>>>> >
>>>>>>>> > You can also contact your hosting provider and ask them
>for
>>>>>>>> > assistance. If you’re having trouble identifying and
>removing
>>>>>>>> all
>>>>>>>> > the content on your site that is compromised, consider
>>>>>>>> restoring
>>>>>>>> > an older backed-up
>>>>>>>> > version of your site.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > 5
>>>>>>>> >
>>>>>>>> > Secure your site from any future attacks
>>>>>>>> >
>>>>>>>> > Identify and fix vulnerabilities that caused your site
>to be
>>>>>>>> > compromised. Change passwords for administrative
>accounts.
>>>>>>>> > Consider contacting your hosting service to get help
>with the
>>>>>>>> issue.
>>>>>>>> >
>>>>>>>> > 6
>>>>>>>> >
>>>>>>>> > Submit a reconsideration request
>>>>>>>> >
>>>>>>>> > Once you fix your site, file for reconsideration to
>remove
>>>>>>>> > this
>>>>>>>> > manual action. Include any details or documentation that
>can
>>>>>>>> help
>>>>>>>> > us understand the changes made to your site.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Reconsideration Request
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/mkMChrLY5uOSnnaQ5gbTAFDfGwF9b6RURLy_mBu1favZezzi13VSZPX07YO4eT4qaxKtQQFbGwR5lgEHDrnmLOaVzvClgPw3zw4P5NW1tQCDpPfXWL3li5UfVcsWLvABq0-kSdP0RwG3S-icgEz1HOe4fAssqjSSFWSwdgGpDcsqBZK8h8zWXqgHmAnfU3-a93zxp54EiQASOsPPnMSvqx8oBIco-F5o-Ro4Da3xmZU6HpjdwyGPq_PYyPJ1utqx1VNivc0ptczU9Ga6kc6x_HzwsjXAtvwTwFDuzAqE
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Need more help?
>>>>>>>> >
>>>>>>>> > • Read our guide for hacked sites
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/IV-1opuTX8iamyLtoalATOnDHD7nAlmgL8CVzxJazsopWNGnaydlADoMVjEnxX6PPmcoakoeoAI_pi9Fr94XUsVcDgZ_5t0jCV4eFMo3ehPi0RqjmdUphK8AeWrRaiNuPE-G8mLJo_0ZxqlIaNYBxdHxDhw9idMBli6GQxEjRhkJdZHPB7crjABDHO7pW3yIGDi2MuVI09y1bKc7QlGI6OTxGFTLmpQsLxGTCflqCA==
>>>>>>>> >.
>>>>>>>> >
>>>>>>>> > • Learn how to use the Fetch as Google
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/9Ir-Bt-67WRNvKE9owMrZLp8oZJ1HImuPu4xcaEPRb0JtnzPu6aTmg2CUheZmi-tuwqORJVIvjiPKkndT4yNd0YpPysKDsWv32eQNwCtJ4If7XJl13TyrO9HotNhwd7K9lpUYNvbMjVNl7nYSBHZ7AP4nWHNjelPl4jlZIRAMWdMtDDlsvyDT79bBAs83a7NjBY2D8FnVFd5b7MV3B4prCLse477PGMw_ADsoybItKdyR1bpPjsQ288=
>>>>>>>> >
>>>>>>>> > tool in our Help Center.
>>>>>>>> > • Learn more about reconsideration requests
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/aQ8PKvfwLMXzVU_Y2JKYswOlSi_DMZlgJxl_1pKoECDrfGb2bMv7ktikhnlpXYFo5pFod5pV_5MID2lXxPnG8JXg2IT2QK4EEHFK5CKy_jEld6vmacZzTy5qkLiQ_KXYEpR3IHJRXl_5bAzuInboteGdP3kowTaHbH0k5_KGdQ-7x_7Uc9S6ZuON2GRJgf_l7VBFlCpYx63dthhREfGl3aJAmrrd5B12fcQXpUS-XivElQ5E4tuW7TZJ6-2t
>>>>>>>> >
>>>>>>>> > in our Help Center.
>>>>>>>> > • Ask questions in our forum
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/ciVSXy1Lws4CbKwqiPW7Vh6w0QYywSigyhOIHLlIjWP3nj6-NftgW0tj9Q7pqbfedTFBQzUv2xyKSI6xfNA58JuQX50x7h1ytUIKOkQiKXj_ERqHQ2gb03stUwFcck5XtNQmsaC97h1gYDzzEc9Znv0rvIn8yn7rZTLHocA63VlvS7nA4uEpsVVNhe_z53A40yKJiZ6MjC4w-CPfWa_U9yssivxOXqpB3412s9ovXag888rv1S221MwGu1kHRZrF
>>>>>>>> >
>>>>>>>> > for more help - mention message type [WNC-633200].
>>>>>>>> >
>>>>>>>> > Google Inc. 1600 Amphitheatre Parkway Mountain View, CA
>94043
>>>>>>>> > |
>>>>>>>> > Unsubscribe
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/nD7NcGKMjSxCRFdqrYmqkL7hvzslENpmCZMgpewUjQhJa8Y3IGhAn89ccuRCUkWOuTf5YyzJCYxX0gomovUPNbNSks2EX6CeQsbJ3U39wrbENLoAoJgF2YmZ6NdumTzBxHR3erjkR92y7Fv7QpLly4IS93wNFYQYYOGhysjJLJ60gwhvItjpmW6p-A==
>>>>>>>> >
>>>>>>>> > Add partners
>>>>>>>> >
>>>>>>>> > <
>>>>>>>>
>https://www.google.com/appserve/mkt/p/qTjtKM7FKDMWcpoZIrRbnRQOfhxVo6TyQct8JuQPryv-Ov_yf7iqFkiNR_wU8HLKO5ksfov9m5IVJki2NB0YDH1Jm-7KEXDMHFkAFu5ka67xYh1d1SL3hT0VuzTq99m4jFvLm0xQr0nTwz6TDTOBbeZKywq9JWpM_2HXJJrI8CgyO7_rdp7TIPdbc3kzCzJGA_xOBL-ktb1uoJAcHmk-FIJhuDu91iioHwpjGAC3o0WN06RKsDkeHjzQ2mDV_0ksYVzhx4V3yyoc-I8MQ0QvuBWU_aKms694WJmI_Q==
>>>>>>>> >who
>>>>>>>> > should receive messages for this Search Console account.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> > Sent from my Android device with K-9 Mail. Please excuse
>my
>>>>>>>> brevity.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Systems mailing list
>>>>>>>> > Systems at lists.sugarlabs.org
>>>>>>>> > http://lists.sugarlabs.org/listinfo/systems
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> > I+D SomosAzucar.Org
>>>>>>>> > "icarito" #somosazucar en Freenode IRC
>>>>>>>> > "Nadie libera a nadie, nadie se libera solo. Los seres
>humanos se
>>>>>>>> liberan en
>>>>>>>> > comunión" - P. Freire
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> > Sent from my Android device with K-9 Mail. Please excuse my
>>>>>>>> > brevity.
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > _______________________________________________
>>>>>>>> > Systems mailing list
>>>>>>>> > Systems at lists.sugarlabs.org
>>>>>>>> > http://lists.sugarlabs.org/listinfo/systems
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Systems mailing list
>>>>>>> Systems at lists.sugarlabs.org
>>>>>>> http://lists.sugarlabs.org/listinfo/systems
>>>>>>>
>>>>>>>
>>>>>>
>>>>> Systems mailing list
>>>>> Systems at lists.sugarlabs.org
>>>>> http://lists.sugarlabs.org/listinfo/systems
>>>>>
>>>>>
>>>> --
>>>> Sent from my Android device with K-9 Mail. Please excuse my
>brevity.
>>>>
>>>
>>
>
>
>--
>Ignacio Rodríguez
>SugarLabs at Facebook
><https://www.facebook.com/pages/SugarLabs/187845102582>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151015/5d4a57a0/attachment.html>
More information about the Systems
mailing list