[Systems] Hacked content detected on http://www.sugarlabs.org/
Sam P.
sam at sam.today
Fri Oct 16 06:22:13 EDT 2015
Yep, PHP is disabled since I moved it to freedom; grep confirms fastcgi
isn't enabled on anything. I don't ever plan to enable cgi or php on
freedom.
I've marked the folder as hacked and disabled on sunjammer. I've also
disabled the apache2 configuration for the site.
On Thu, Oct 15, 2015 at 10:47 PM, Bernie Innocenti <bernie at codewiz.org>
wrote:
> Leaving php enabled on a site is a potential security risk even if it's
> not used.
>
> A few years ago, www.gnu.org got hacked because it had php enabled and
> attackers figured out how to commit a php shell in CVS through Savannah.
> When we stopped them, they were uploading kernel exploits to gain root.
>
> On October 14, 2015 3:10:57 AM EDT, "Ignacio Rodríguez" <
> nachoel01 at gmail.com> wrote:
>
>> Wow.
>>
>> Nice work Sam, it looks nice and user friendly,
>> so I think we should put it ASAP and disable php (or simply don't use
>> it) for http://sugarlabs.org in apache settings (I think that is
>> possible, correct me if I'm wrong)
>>
>> Greetings
>>
>> 2015-10-14 3:54 GMT-03:00, Sam P. <sam at sam.today>:
>>
>>> Ok, so changed the new static site to hide all of the todos and stuff:
>>> http://www.sam.today/
>>>
>>> When you all are ok I'll deploy it if you want.
>>>
>>> On Wed, Oct 14, 2015 at 8:36 AM, Sam P. <sam at sam.today> wrote:
>>>
>>> Yeah, its pretty close to ready. I can probably hide the todos and
>>>> change
>>>> some of the link
>>>> s so it
>>>> will be OK? CCing for Walter's opinion
>>>>
>>>> On Wed, 14 Oct 2015 7:50 am Bernie Innocenti <bernie at codewiz.org> wrote:
>>>>
>>>> How about replacing this old and insecure website?
>>>>>
>>>>> If the new one isn't ready yet, we could temporarily serve a
>>>>> minimalistic
>>>>> page with the SL logo and a few links to the main resources. A bit like
>>>>> the
>>>>> Google home page...
>>>>>
>>>>> On October 13, 2015 4:26:37 PM EDT, Samuel Cantero <scanterog at gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hello everyone,
>>>>>>
>>>>>> I just recently erase all the unwanted images and the malicious php
>>>>>> files for www.slo.
>>>>>>
>>>>>> The injected URLs [f*or ex:
>>>>>> sugarlabs.org/index.php/cheap-canadian-viagra/
>>>>>> <http://sugarlabs.org/index.php/cheap-canadian-viagra/> or
>>>>>> sugarlabs.org/index.php/viagra
>>>>>> <http://sugarlabs.org/index.php/viagra>*]
>>>>>> are not working anymore. Those URLs were generated with the head.php
>>>>>> script. The complete decoded code can be found here:
>>>>>> http://www.fpaste.org/278824/.
>>>>>>
>>>>>> Also, the b374k-shell webshell is not working anymore. For the curious,
>>>>>> it looked like this: http://snag.gy/BmcA1.jpg
>>>>>
>>>>>
>>>>>
>>>>> I've found sim
>>>>>> ilar
>>>>>> php files in walterbender.org the other day. I
>>>>>> replaced the wh ole site for an uncompromised one.
>>>>>
>>>>>
>>>>>
>>>>> Anyway, we still have to find how they did that and how can we protect
>>>>>> our server from this kind of exploit. It is not easy though. It can be
>>>>>> a
>>>>>> security vulnerability on wordpress, some plugin or a permission
>>>>>> problem.
>>>>>>
>>>>>> Still pending to follow the CERT intruder detection checklist.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> On Tue, Oct 13, 2015 at 7:18 AM, Sam P. <sam at sam.today> wrote:
>>>>>
>>>>>
>>>>> I was just running ls -lsah on the root of www.slo, and it told me:
>>>>>
>>>>>>
>>>>>>> * Th e spam (head.php) was last modified on Jun 23 13:56. I assume
>>>>>>> this is the creation date too.
>>>>>>
>>>>>>
>>>>>> * head.php is owned by www-data. I assume this means that it came from
>>>>>>
>>>>>>> php or apache?
>>>>>>> * index.php was modified 1 minute after head.php. It has a command to
>>>>>>> "include("head.php");"
>>>>>>> * every directory was modified within 2 minutes after the spam
>>>>>>> creation, including .git
>>>>>>> * eg. css/comnon.php base64 or something encoded php. Looks a
>>>>>>> different style to head.php, no use of regex, but IDK. It is a php
>>>>>>> webshell named b374k-shell version 2.8.
>>>>>>> * eg. assets/fs-login.php encoded php that is decoded using a
>>>>>>> regex. Prompts for a passoword, but no identifying stuff
>>>>>>> * There are also files called fedit.php Iicense.php
>>>>>>> (starting with
>>>>>>> cap. i) lndex.php (lower case L)
>>>>>>>
>>>>>>> Some files came before head.php, see
>>>>>>> http://www.fpaste.org/278658/47310741/
>>>>>>>
>>>>>>> Also, reviewing Walter's repo, I can't find a clean copy of the
>>>>>>> website, see https://github.com/walterbender/www-sugarlabs/issues/11
>>>>>>> So hum, cleaning this will be fun!
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Sam
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Oct 13, 2015 at 12:35 PM, Samuel Cantero <scanterog at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> I can't continue working on this today. Tomorrow I will try to search
>>>>>>>> related files. We can erase the suspicious files now but if w
>>>>>>>> e do
>>>>>>>> not
>>>>>>>> find
>>>>>>>> the root cause, it will happen again.
>>>>>>>>
>>>>>>>> Thanks James. I will google for it.
>>>>>>>>
>>>>>>>> On Mon, Oct 12, 2015 at 10:27 PM, James Cameron <quozl at laptop.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Sadly, I've done PHP. There were PHP vulnerabilities that can lead
>>>>>>>>> to site compromise if the www directory was writable by the apache
>>>>>>>>> processes that run PHP.
>>>>>>>>>
>>>>>>>>> Follow the CERT intruder detection checklist if you can.
>>>>>>>>>
>>>>>>>>> On 13/10/2015, at 12:01 PM, Samuel Cantero wrote:
>>>>>>>>>
>>>>>>>>> Also, I've found the followings php files with suspicious code:
>>>>>>>>>>
>>>>>>>>>> /srv/www-sugarlabs/www/images/favicons/class.wp-date.php
>>>>>>>>>> /srv/www-sugarlabs/www/old/fedit.php
>>>>>>>>>> /srv/www-sugarlabs/www/old/Iicense.php
>>>>>>>>>>
>>>>>>>>>> /srv/www-sugarlabs/www/scripts/fs-login.php
>>>>>>>>>> /srv/www-sugarlabs/www/xsl/fs-login.php
>>>>>>>>>> /srv/www-sugarlabs/www/.git/lndex.php
>>>>>>>>>> /srv/www-sugarlabs/www/cache/fedit.php
>>>>>>>>>> /srv/www-sugarlabs/www/cache/Iicense.php
>>>>>>>>>> /srv/www-sugarlabs/www/.cache.php
>>>>>>>>>>
>>>>>>>>>> In addition, some gzipped base64 encoded php using some
>>>>>>>>>> hexadecimal
>>>>>>>>>>
>>>>>>>>> character codes. This "fancy" code is executed via preg_replace with
>>>>>>>>> the e
>>>>>>>>> modifier.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> /srv/www-sugarlabs/www/images/Iicense.php
>>>>>>>>>> /srv/www-sugarlabs/www/press/Iicense.php
>>>>>>>>>> /srv/www-sugarlabs/www/xml/fedit.php
>>>>>>>>>> /srv/www-sugarlabs/www/head.php
>>>>>>>>>> /srv/www-sugarlabs/www/static/lndex.php
>>>>>>>>>> /srv/www-sugarlabs/www/assets/fs-login.php
>>>>>>>>>>
>>>>>>>>>> An expert in PHP here?
>>>>>>>>>>
>>>>>>>>>> This is just Sugar Labs web site. Maybe we have a lot of them in
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> the
>>>>>>>>> entire /srv directory. I have to look for it.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>>
>>>>>>>>>> On Mon, Oct 12, 2015 at 9:03 PM, Samuel Cantero <
>>>>>>>>>>
>>>>>>>>> scanterog at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Google is right. Our site has been hacked.
>>>>>>>>>>
>>>>>>>>>> One example: http://www.sugarlabs.org/images/
>>>>>>>>>>
>>>>>>>>>> There is a URL inyection:
>>>>>>>>>>
>>>>>>>>> http://www.sugarlabs.org/index.php/cialis-10mg/
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I will try to find all URLs not belonging to our site and the root
>>>>>>>>>>
>>>>>>>>> cause.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>>
>>>>>>>>>> On Mon, Oct 12, 2015 at 5:50 PM, Bernie Innocenti <
>>>>>>>>>>
>>>>>>>>> bernie at codewiz.org> wrote:
>>>>>>>>>
>>>>>>>>>> Maybe all we need to do is click the reconsideration request link
>>>>>>>>>>
>>>>>>>>> and see what happens.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Feel free to take control of the domain if you want to see the
>>>>>>>>>>
>>>>>>>>> Google webmaster console.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On October 12, 2015 3:11:53 PM EDT, "Ignacio Rodríguez" <
>>>>>>>>>>
>>>>>>>>> nachoel01 at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Is that updated?
>>>>>>>>>>
>>>>>>>>>> I remember to see some spam in sugarlabs.org (but it was Fixed).
>>>>>>>>>>
>>>>>>>>>> AS the email says, can we rfetch as Google? I mean, the tool for
>>>>>>>>>>
>>>>>>>>> that-
>>>>>>>>>
>>>>>>>>>> Greetings,
>>>>>>>>>> Ignacio
>>>>>>>>>>
>>>>>>>>>> 2015-10-12 16:02 GMT, Sebastian Silva <sebastian at fuentelibre.org>:
>>>>>>>>>> I did a very quick look on the pages reported, and can't find
>>>>>>>>>>
>>>>>>>>> anything
>>>>>>>>>
>>>>>>>>>> suspicious with them.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 12/10/15 10:52, Samuel Cantero wrote:
>>>>>>>>>> I can check this later (in 8 hours). I am away from my laptop
>>>>>>>>>> now.
>>>>>>>>>>
>>>>>>>>> If
>>>>>>>>>
>>>>>>>>>> someone has found something please share the info.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>>
>>>>>>>>>> On Monday, 12 October 2015, Bernie Innocenti <bernie at codewiz.org
>>>>>>>>>>
>>>>>>>>>> <mailto:
>>>>>>>>>> bernie at codewiz.org>> wrote:
>>>>>>>>>>
>>>>>>>>>> Can someone look into this to see if our ancient website
>>>>>>>>>>
>>>>>>>>> really is
>>>>>>>>>
>>>>>>>>>> serving "hacked" content?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> *From:* Google Search Console Team <sc-noreply at google.com
>>>>>>>>>> <javascript:_e(%7B%7D,'cvml','sc-noreply at google.com');>>
>>>>>>>>>> *Sent:* October 6, 2015 5:47:40 PM EDT
>>>>>>>>>> *To:* bernie.codewiz at gmail.com
>>>>>>>>>> <javascript:_e(%7B%7D,'cvml','bernie.codewiz at gmail.com');>
>>>>>>>>>> *Subject:* Hacked content detected on
>>>>>>>>>>
>>>>>>>>> http://www.sugarlabs.org
>>>>>>>>> /
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Message type: [WNC-633200]
>>>>>>>>>> Search Console
>>>>>>>>>>
>>>>>>>>>> Hacked content detected on http://www.sugarlabs.org/
>>>>>>>>>>
>>>>>>>>>> To: Webmaster of http://www.sugarlabs.org/,
>>>>>>>>>>
>>>>>>>>>> Google has detected that your site has been hacked by a third
>>>>>>>>>> party who created
>>>>>>>>>> malicious content on some of your pages. This
>>>>>>>>>>
>>>>>>>>>> critical issue utilizes your site’s reputation to show
>>>>>>>>>>
>>>>>>>>> potential
>>>>>>>>>
>>>>>>>>>> visitors unexpected or harmful content on your site or in
>>>>>>>>>>
>>>>>>>>> search
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> results. It also lowers the quality of results for Google
>>>>>>>>>>
>>>>>>>>> Search
>>>>>>>>>
>>>>>>>>>> users. Therefore, we have applied a manual action to your
>>>>>>>>>> site
>>>>>>>>>> that will warn users of hacked content when your site appears
>>>>>>>>>>
>>>>>>>>> in
>>>>>>>>>
>>>>>>>>>> search results. To remove this warning, clean up the hacked
>>>>>>>>>> content, and file a reconsideration request. After we
>>>>>>>>>> determine
>>>>>>>>>> that your site no longer has hacked content, we will remove
>>>>>>>>>>
>>>>>>>>> this
>>>>>>>>>
>>>>>>>>>> manual action.
>>>>>>>>>>
>>>>>>>>>> Following are some example URLs where we found pages that
>>>>>>>>>> have
>>>>>>>>>> been compromised
>>>>>>>>>> .
>>>>>>>>>> Review them to gain a better sense of where
>>>>>>>>>>
>>>>>>>>> this
>>>>>>>>>
>>>>>>>>>> hacked content appears. The list is not exhaustive.
>>>>>>>>>>
>>>>>>>>>> http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6
>>>>>>>>>>
>>>>>>>>>> http://meeting.sugarlabs.org/publiclab/meetings
>>>>>>>>>>
>>>>>>>>>> http://meeting.sugarlabs.org/sugar-meeting/2015-06-07
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Here’s how to fix this problem:
>>>>>>>>>>
>>>>>>>>>> 1
>>>>>>>>>>
>>>>>>>>>> Check Security Issues for details of the hack
>>>>>>>>>>
>>>>>>>>>> Use the examples provided in the Security Issues report of
>>>>>>>>>>
>>>>>>>>> Search
>>>>>>>>>
>>>>>>>>>> Console to get an initial sample of hacked pages.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Security Issues
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/kVgkGZKCN3DzN06od04KKAtZ0MELd5xT3j6zpU-JXhXWycXm6bg2W2xxZcBHQshGY9Dbo6BoOE6t4b1qxyCKXO2Q-JbiMgnsBSipGOHR246wqlLQhLLeM2-Pn6UVjijAxh4IQbS8msvmyuCEhUM7SaaWo_iSJfqhdrGgwaX47_mqJlPAYaytPzxHn_TzI8idMH-b6vmj470TW8hQl-j2jruE55uGYSy_3fwvNKAOjSLNHJ11QWPMjSaVMX4IpasNLfbmYxP5PZW_0mGwbkoWtSMNVe3Mq7WU
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2
>>>>>>>>>>
>>>>>>>>>> L
>>>>>>>>>> ook for
>>>>>>>>>> other compromised pages or files on your site
>>>>>>>>>>
>>>>>>>>>> Be sure to check your entire site, including the homepage,
>>>>>>>>>> for
>>>>>>>>>>
>>>>>>>>> any
>>>>>>>>>
>>>>>>>>>> unfamiliar content that could have been added. The malicious
>>>>>>>>>>
>>>>>>>>> code
>>>>>>>>>
>>>>>>>>>> might be placed in HTML, JavaScript, or other files on your
>>>>>>>>>>
>>>>>>>>> site.
>>>>>>>>>
>>>>>>>>>> It can also be hidden in places you might overlook, such as
>>>>>>>>>>
>>>>>>>>> server
>>>>>>>>>
>>>>>>>>>> configuration files (e.g. .htaccess file) or other dynamic
>>>>>>>>>> scrip
>>>>>>>>>> ting
>>>>>>>>>> pages (e.g. PHP, JSP). It’s important to be
>>>>>>>>>> thorough
>>>>>>>>>>
>>>>>>>>> in
>>>>>>>>>
>>>>>>>>>> your investigation.
>>>>>>>>>>
>>>>>>>>>> 3
>>>>>>>>>>
>>>>>>>>>> Use the Fetch as Google tool to isolate the malicious content
>>>>>>>>>>
>>>>>>>>>> Because some pages can appear one way to a user and another
>>>>>>>>>>
>>>>>>>>> way to
>>>>>>>>>
>>>>>>>>>> Google crawlers, you can use the Fetch as Google tool to
>>>>>>>>>> reveal
>>>>>>>>>> some kinds of hacking. Enter URLs from your site in the tool
>>>>>>>>>> to
>>>>>>>>>> see the pages as Google sees them. If the page has hidden
>>>>>>>>>>
>>>>>>>>> hacked
>>>>>>>>>
>>>>>>>>>> content, the tool can reveal that content.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Fetch as Google
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/I3Dm05ZvmwWJtGtmHNGyYK86h2nzUYGDM-1dIVEnmSHrHs0N84tDyBfUA5iDb72j6B-yiwNg-OrBO0P0PQbrU3v8R5tcVAdzYMv3OpcObaRWw6HuB_hF_vBUQ0wZEYtCIbe16MSxBLicOuFq6SP20C3-AbQorJKlU227T3AeC21nVaTf-KFMOvGO-OFQMdU8_Rthc-UT-ZB7e9_xKK8fusESgfkMAlFFnhedw1Mmy6z-7H7n_sA47L5Kf5TfpXQWf4tNFKZzfwYoKnY8NFJkNqyEOVpVQkAX
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 4
>>>>>>>>>>
>>>>>>>>>> Remove all malicious content
>>>>>>>>>>
>>>>>>>>>> You can also contact your hosting provider and ask them for
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> assistance. If you’re having trouble identifying and removing
>>>>>>>>>>
>>>>>>>>> all
>>>>>>>>>
>>>>>>>>>> the content on your site that is compromised, consider
>>>>>>>>>>
>>>>>>>>> restoring
>>>>>>>>>
>>>>>>>>>> an older backed-up
>>>>>>>>>> version of your site.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 5
>>>>>>>>>>
>>>>>>>>>> Secure your site from any future attacks
>>>>>>>>>>
>>>>>>>>>> Identify and fix vulnerabilities that caused your site to be
>>>>>>>>>> compromised. Change passwords for administrative accounts.
>>>>>>>>>> Consider contacting your hosting service to get help with the
>>>>>>>>>>
>>>>>>>>> issue.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 6
>>>>>>>>>>
>>>>>>>>>> Submit a reconsideration request
>>>>>>>>>> <
>>>>>>>>>> br />
>>>>>>>>>> Once you fix your site, file for reconsideration to remove
>>>>>>>>>>
>>>>>>>>>> this
>>>>>>>>>> manual action. Include any details or documentation that can
>>>>>>>>>>
>>>>>>>>> help
>>>>>>>>>
>>>>>>>>>> us understand the changes made to your site.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Reconsideration Request
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/mkMChrLY5uOSnnaQ5gbTAFDfGwF9b6RURLy_mBu1favZezzi13VSZPX07YO4eT4qaxKtQQFbGwR5lgEHDrnmLOaVzvClgPw3zw4P5NW1tQCDpPfXWL3li5UfVcsWLvABq0-kSdP0RwG3S-icgEz1HOe4fAssqjSSFWSwdgGpDcsqBZK8h8zWXqgHmAnfU3-a93zxp54EiQASOsPPnMSvqx8oBIco-F5o-Ro4Da3xmZU6HpjdwyGPq_PYyPJ1utqx1VNivc0ptczU9Ga6kc6x_HzwsjXAtvwTwFDuzAqE
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Need more help?
>>>>>>>>>>
>>>>>>>>>> • Read our guide for hacked sites
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/IV-1opuTX8iamyLtoalATOnDHD7nAlmgL8CVzxJazsopWNGnaydlADoMVjEnxX6PPmcoakoeoAI_pi9Fr94XUsVcDgZ_5t0jCV4eFMo3ehPi0RqjmdUphK8AeWrRaiNuPE-G8mLJo_0ZxqlIaNYBxdHxDhw9idMBli6GQxEjRhkJdZHPB7crjABDHO7pW3yIGDi2MuVI09y1bKc7QlGI6OTxGFTLmpQsLxGTCflqCA==
>>>>>>>>>
>>>>>>>>>> .
>>>>>>>>>>
>>>>>>>>>> • Learn how to use the Fetch as Google
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/9Ir-Bt-67WRNvKE9owMrZLp8oZJ1HImuPu4xcaEPRb0JtnzPu6aTmg2CUheZmi-tuwqORJVIvjiPKkndT4yNd0YpPysKDsWv32eQNwCtJ4If7XJl13TyrO9HotNhwd7K9lpUYNvbMjVNl7nYSBHZ7AP4nWHNjelPl4jlZIRAMWdMtDDlsvyDT79bBAs83a7NjBY2D8FnVFd5b7MV3B4prCLse477PGMw_ADsoybItKdyR1bpPjsQ288=
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> tool in our Help Center.
>>>>>>>>>> • Learn more about reconsideration requests
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/aQ8PKvfwLMXzVU_Y2JKYswOlSi_DMZlgJxl_1pKoECDrfGb2bMv7ktikhnlpXYFo5pFod5pV_5MID2lXxPnG8JXg2IT2QK4EEHFK5CKy_jEld6vmacZzTy5qkLiQ_KXYEpR3IHJRXl_5bAzuInboteGdP3kowTaHbH0k5_KGdQ-7x_7Uc9S6ZuON2GRJgf_l7VBFlCpYx63dthhREfGl3aJAmrrd5B12fcQXpUS-XivElQ5E4tuW7TZJ6-2t
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> in our Help Center.
>>>>>>>>>> • Ask questions in our forum
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/ciVSXy1Lws4CbKwqiPW7Vh6w0QYywSigyhOIHLlIjWP3nj6-NftgW0tj9Q7pqbfedTFBQzUv2xyKSI6xfNA58JuQX50x7h1ytUIKOkQiKXj_ERqHQ2gb03stUwFcck5XtNQmsaC97h1gYDzzEc9Znv0rvIn8yn7rZTLHocA63VlvS7nA4uEpsVVNhe_z53A40yKJiZ6MjC4w-CPfWa_U9yssivxOXqpB3412s9ovXag888rv1S221MwGu1kHRZrF
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> for more help - mention message type [WNC-633200].
>>>>>>>>>>
>>>>>>>>>> Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043
>>>>>>>>>> |
>>>>>>>>>> Unsubscribe
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/nD7NcGKMjSxCRFdqrYmqkL7hvzslENpmCZMgpewUjQhJa8Y3IGhAn89ccuRCUkWOuTf5YyzJCYxX0gomovUPNbNSks2EX6CeQsbJ3U39wrbENLoAoJgF2YmZ6NdumTzBxHR3erjkR92y7Fv7QpLly4IS93wNFYQYYOGhysjJLJ60gwhvItjpmW6p-A==
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Add partners
>>>>>>>>>>
>>>>>>>>>> <
>>>>>>>>>>
>>>>>>>>> https://www.google.com/appserve/mkt/p/qTjtKM7FKDMWcpoZIrRbnRQOfhxVo6TyQct8JuQPryv-Ov_yf7iqFkiNR_wU8HLKO5ksfov9m5IVJki2NB0YDH1Jm-7KEXDMHFkAFu5ka67xYh1d1SL3hT0VuzTq99m4jFvLm0xQr0nTwz6TDTOBbeZKywq9JWpM_2HXJJrI8CgyO7_rdp7TIPdbc3kzCzJGA_xOBL-ktb1uoJAcHmk-FIJhuDu91iioHwpjGAC3o0WN06RKsDkeHjzQ2mDV_0ksYVzhx4V3yyoc-I8MQ0QvuBWU_aKms694WJmI_Q==
>>>>>>>>>
>>>>>>>>>> who
>>>>>>>>>> should receive messages for this Search Console account.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Sent from my Android device with K-9 Mail. Please excuse my
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> brevity.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Systems mailing list
>>>>>>>>>> Systems at lists.sugarlabs.org
>>>>>>>>>> http://lists.sugarlabs.org/listinfo/systems
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> I+D SomosAzucar.Org
>>>>>>>>>> "icarito" #somosazucar en Freenode IRC
>>>>>>>>>> "Nadie libera a nadie, nadie se libera solo. Los seres humanos se
>>>>>>>>>>
>>>>>>>>> liberan en
>>>>>>>>>
>>>>>>>>>> comunión" - P. Freire
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Sent from my Android device with K-9 Mail. Please excuse my
>>>>>>>>>> brevity.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------------------------------
>>>>>>>>>>
>>>>>>>>>> Systems mailing list
>>>>>>>>>> Systems at lists.sugarlabs.org
>>>>>>>>>> http://lists.sugarlabs.org/listinfo/systems
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------
>>>>>>>>
>>>>>>>> Systems mailing list
>>>>>>>> Systems at lists.sugarlabs.org
>>>>>>>> http://lists.sugarlabs.org/listinfo/systems
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Systems mailing list
>>>>>> Systems at lists.sugarlabs.org
>>>>>> http://lists.sugarlabs.org/listinfo/systems
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>
>>>>
>>>>
>>>>
>>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151016/a0a04536/attachment.html>
More information about the Systems
mailing list