<div dir="ltr">Changed the password and restarted the containers and nginx.<br clear="all"><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre style="color:rgb(46,52,54);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px"><span style="font-family:monospace,monospace">-- <br></span></pre><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><span></span><span></span>Ibiam Chihurumnaya <br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><a href="mailto:ibiamchihurumnaya@gmail.com" style="color:rgb(42,118,198)" target="_blank">ibiamchihurumnaya@gmail.com</a><br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><br></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><br></span></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 28, 2023 at 6:35 PM Chihurumnaya Ibiam <<a href="mailto:ibiamchihurumnaya@gmail.com">ibiamchihurumnaya@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Nope, there's no root password.</div><div><br></div><div>Although weblate itself has a trivial password, I'll change it and update the docker environment file.<br></div><div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre style="color:rgb(46,52,54);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px"><span style="font-family:monospace,monospace">-- <br></span></pre><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><span></span><span></span>Ibiam Chihurumnaya <br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><a href="mailto:ibiamchihurumnaya@gmail.com" style="color:rgb(42,118,198)" target="_blank">ibiamchihurumnaya@gmail.com</a><br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><br></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><br></span></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 28, 2023 at 6:06 PM Bernie Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div dir="auto">Then it's possible that they guessed the root password.<br><br>Was it something trivial or predictable, like "weblate" or "sugarlabs"?</div><br><br><div class="gmail_quote"><div dir="auto">On October 28, 2023 4:49:26 PM UTC, Alex Perez <<a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a>> wrote:</div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
It is definitely listening on a public port,
but it is not an open relay:<br>
<br>
<img name="m_8613950014333405269_m_8453685506114227874_image.png" alt=""><br>
<br>
<span>Bernie Innocenti wrote on 10/28/23 9:34 AM:</span><br>
<blockquote type="cite">
<div dir="auto">Ibiam, is the SMTP server on weblate listening on a
public port?</div>
<br>
<br>
<div class="gmail_quote"><div dir="auto">On October 28, 2023 3:22:31
PM UTC, Alex Perez <a href="mailto:aperez@alexperez.com" target="_blank"><aperez@alexperez.com></a> wrote:</div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
FYI. The e-mail being sent from weblate appears to be
incorrectly configured. I don't have time to deal with this in a timely
manner, but perhaps someone else does. The recipient, <a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>,
reported they received a message from our weblate host, which they
reported as spam. <br>
<div><br><br>-------- Forwarded Message
--------<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><th valign="BASELINE" align="RIGHT" nowrap>Subject: </th><td>Re: [Sonic #7314311]
[ABUSE] E-mail spam alert (23739548 from 192.184.220.214) re Good Day</td></tr><tr><th valign="BASELINE" align="RIGHT" nowrap>Date: </th><td>Fri, 27
Oct 2023 16:43:16 -0700</td></tr><tr><th valign="BASELINE" align="RIGHT" nowrap>From: </th><td>Sonic Abuse <a href="mailto:abuse@sonic.net" target="_blank"><abuse@sonic.net></a></td></tr><tr><th valign="BASELINE" align="RIGHT" nowrap>To: </th><td><a href="mailto:aperez@alexperez.com" target="_blank">aperez@alexperez.com</a></td></tr></tbody></table>
<br><br><pre>Hello,
Recently a message was sent from your mailbox <a href="mailto:root@weblate.sugarlabs.org" target="_blank">"root@weblate.sugarlabs.org"</a> and one of the receipts has reported it as spam. I have included the original headers below.
If you sent this email, and you believe it was marked as spam incorrectly, you may want to contact the recipient.
However if you did not send this email, it is likely that your mailbox was compromised and needs to be secured.
If you have any questions, you can respond to this email or contact our customer support department.
--1698095665.7060_boundary
Content-Type: message/feedback-report
Feedback-Type: abuse
User-Agent: mspam/1.3
Version: 1
Source-IP: 192.184.220.214
Original-Rcpt-To: <a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>
Received-Date: 23 Oct 2023 05:57:47 -0000
--1698095665.7060_boundary
Content-Type: message/rfc822
Content-Disposition: inline; filename="23739548.eml"
Return-Path: <a href="mailto:root@weblate.sugarlabs.org" target="_blank"><root@weblate.sugarlabs.org></a>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on <a href="http://gal.iecc.com" target="_blank">gal.iecc.com</a>
X-Spam-Flag: YES
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.6 required=4.4 tests=ADVANCE_FEE_3_NEW_FRM_MNY,
BAYES_50,DEAR_BENEFICIARY,FILL_THIS_FORM,FILL_THIS_FORM_LONG,
FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO,HK_SCAM,HTML_MESSAGE,
LOTS_OF_MONEY,MIME_HTML_ONLY,MIXED_HREF_CASE,MONEY_ATM_CARD,
MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,SPF_HELO_PASS,SPF_PASS
autolearn=spam autolearn_force=no version=4.0.0
X-Spam-Report:
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.4611]
* 1.6 DEAR_BENEFICIARY BODY: Dear Beneficiary:
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 2.0 MIXED_HREF_CASE Has href in mixed case
* 1.1 HK_SCAM No description available.
* 0.0 LOTS_OF_MONEY Huge... sums of money
* 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
* 0.0 FILL_THIS_FORM Fill in a form with personal information
* 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
* 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
* 1.0 MONEY_ATM_CARD Lots of money on an ATM card
* 2.1 MONEY_FRAUD_5 Lots of money and many fraud phrases
* 1.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money
* 0.4 FORM_FRAUD_5 Fill a form and many fraud phrases
Delivered-To: <a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>
Received: (qmail 24861 invoked from network); 23 Oct 2023 05:57:47 -0000
Authentication-Results: <a href="http://iecc.com" target="_blank">iecc.com</a>; spf=pass <a href="mailto:spf.mailfrom=root@weblate.sugarlabs.org" target="_blank">spf.mailfrom=root@weblate.sugarlabs.org</a> spf.helo=<a href="http://weblate.sugarlabs.org" target="_blank">weblate.sugarlabs.org</a> smtp.remote-ip="192.184.220.214"; dmarc=pass header.from=<a href="http://weblate.sugarlabs.org" target="_blank">weblate.sugarlabs.org</a> polrec.p=quarantine polrec.pct=5
Received: from <a href="http://weblate.sugarlabs.org" target="_blank">weblate.sugarlabs.org</a> (<a href="http://weblate.sugarlabs.org" target="_blank">weblate.sugarlabs.org</a> [192.184.220.214])
by <a href="http://mail1.iecc.com" target="_blank">mail1.iecc.com</a> ([64.57.183.56])
with ESMTPS via TCP (port 51298/25) id 720822916
tls TLS1_3_ECDHE_RSA_AES_256_GCM_AEAD; 23 Oct 2023 05:57:47 -0000
Received: from <a href="http://weblate.sugarlabs.org" target="_blank">weblate.sugarlabs.org</a> (<a href="http://60-251-35-90.hinet-ip.hinet.net" target="_blank">60-251-35-90.hinet-ip.hinet.net</a> [60.251.35.90])
(Authenticated sender: root)
by <a href="http://weblate.sugarlabs.org" target="_blank">weblate.sugarlabs.org</a> (Postfix) with ESMTPSA id 879DA68732
for <a href="mailto:johnl@iecc.com" target="_blank"><johnl@iecc.com></a>; Sun, 22 Oct 2023 22:50:32 -0700 (PDT)
Reply-To: <a href="mailto:olivera4good@gmail.com" target="_blank">olivera4good@gmail.com</a>
From: Info <a href="mailto:root@weblate.sugarlabs.org" target="_blank"><root@weblate.sugarlabs.org></a>
To: <a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>
Subject: Good Day
Date: 23 Oct 2023 13:50:34 +0800
Message-ID: <a href="mailto:20231023135034.F8EDC8E49D7FE2C7@weblate.sugarlabs.org" target="_blank"><20231023135034.F8EDC8E49D7FE2C7@weblate.sugarlabs.org></a>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-DCC-iecc-Metrics: <a href="http://gal.iecc.com" target="_blank">gal.iecc.com</a> 1107; Body=1 Fuz1=1 Fuz2=1
X-Tag: tagged by spamassassin
Logan P.
<a href="mailto:support@sonic.net" target="_blank">support@sonic.net</a> Sonic LLC
Sonic.net Support 2260 Apollo Way
1.855.394.0100 (Tech Support) Santa Rosa, CA 95407
1.707.547.2199 (FAX) <a href="http://sonic.com/support" target="_blank">http://sonic.com/support</a>
</pre>
</div></blockquote></div>
<div dir="auto"><div>-- <br>Sent with K-9
Mail.</div></div>
</blockquote>
<br>
</blockquote></div><div dir="auto"><div>-- <br>Sent with K-9 Mail.</div></div></div>
_______________________________________________<br>
Systems mailing list<br>
<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
<a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
</blockquote></div>
</blockquote></div>