Closed Bug 1450507 Opened 8 years ago Closed 7 years ago

Remobot Emails Incident 2018-03-31: Event emails to a lot of Reps

Categories

(Mozilla Reps Graveyard :: reps.mozilla.org, task)

Product:
Mozilla Reps Graveyard
Component:
reps.mozilla.org
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mkohler, Assigned: mte90net)

Details

Starting at around 20:30 UTC Remobot started to send out emails to a lot of Reps with emails which contained the following format: Subject: <event name> Body: <event name>\n<event portal link> Known so far: ========================= * Mijanur was CC'ed on mails that we know of so far * Mijanur provides the list of mails he got for debugging * Mijanur appears as "Attending" on the affected events, for example: https://reps.mozilla.org/e/reps-council-weekly-meeting-2017-03-28/ Possibly known (?): ========================= * Currently there are no reports from people getting an email if they were not either the organizer nor marked as attending the event Example email header/content (censored for my and Mijanur's email addresses): ========================= Return-Path: <010001627d9a353d-5d6d8c07-f69c-4be7-9b01-0d3a9d5cba57-000000@amazonses.com> Delivered-To: <my email> Received: from zrh-lb2.core.hostpoint.net ([10.0.0.100]) by popimap008.mail.hostpoint.ch with LMTP id mPuTMvTlv1qxYAAAbN/QWg for <my email>; Sat, 31 Mar 2018 21:48:04 +0200 Received: from mxin016.mail.hostpoint.ch ([10.0.2.43]) by zrh-lb2.core.hostpoint.net with LMTP id UGeEMvTlv1pAogAAVs719w ; Sat, 31 Mar 2018 21:48:04 +0200 Received: from mailnull by mxin016.mail.hostpoint.ch with local_accounts_spamscanned (Exim 4.90_1 (FreeBSD)) (envelope-from <010001627d9a353d-5d6d8c07-f69c-4be7-9b01-0d3a9d5cba57-000000@amazonses.com>) id 1f2MTr-000G40-0U for <my email>; Sat, 31 Mar 2018 21:48:04 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mxin016.mail.hostpoint.ch X-Spam-Level: X-Spam-Status: No, score=-6.2 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HEADER_FROM_DIFFERENT_DOMAINS,HP_VS_LEGIT,RCVD_IN_DNSWL_NONE,SPF_PASS, T_RP_MATCHES_RCVD,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.1 Received: from a8-40.smtp-out.amazonses.com ([54.240.8.40]) by mxin016.mail.hostpoint.ch with esmtps (TLSv1:ECDHE-RSA-AES128-SHA:128) (Exim 4.90_1 (FreeBSD)) (envelope-from <010001627d9a353d-5d6d8c07-f69c-4be7-9b01-0d3a9d5cba57-000000@amazonses.com>) id 1f2MTq-000G2y-Mx for <my email>; Sat, 31 Mar 2018 21:48:02 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=5j4cny5u7geoyd6xzwud7566t4jenevi; d=mozilla.community; t=1522525681; h=MIME-Version:Content-Type:Content-Transfer-Encoding:Subject:From:To:Cc:Date:Message-ID:Reply-To; bh=hkld3ShLCTWI8xIA6LeJnz0/v4qfBs+Ilm7WBQm2pNk=; b=jco1w2jnB/TYOfb9AezgtmXkUEmtnwmGnrgTvk4rJzCEGuZx39Do3JPpKfFXemBQ Uep8OZXLCv+0RyvH74YF5OWgmaQdDN4EQwEDVLNzBPDLEBXT6P2mOw9lGlBMtWx5NJy M+ruBGlGhwhsIuGlkPqiFIaZJ42xsSbAudRgKpto= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1522525681; h=MIME-Version:Content-Type:Content-Transfer-Encoding:Subject:From:To:Cc:Date:Message-ID:Reply-To:Feedback-ID; bh=hkld3ShLCTWI8xIA6LeJnz0/v4qfBs+Ilm7WBQm2pNk=; b=DY0XttwWQPrc/XtJBm9hoOfRyCao/SYBp2MRpXfjnd3RW+CrhL/K1T0aLr6/ncNR zAEqx5VL5/F7q1JR03mlrWskzlAMUkr3u3dfHXGk/3hFaI2a09OBQk9C6GGctIf8VjV OL4ZKqR8Uxd770tMvOqJOgAVbHQ0c+5VUCzSIu9U= MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Subject: Reps Council Weekly Meeting 2017-03-28 From: The ReMoBot <reps@mozilla.community> To: Michael Kohler <<my email>> Cc: Mijanur Rahman Rayhan <mijanurs email> Date: Sat, 31 Mar 2018 19:48:01 +0000 Message-ID: <010001627d9a353d-5d6d8c07-f69c-4be7-9b01-0d3a9d5cba57-000000@email.amazonses.com> Reply-To: Mijanur Rahman Rayhan <mijanurs email> X-SES-Outgoing: 2018.03.31-54.240.8.40 Feedback-ID: 1.us-east-1.MH5uQa1UR0GfaREv9SHYwZsXqzimpg7tb5iP9fdrUpg=:AmazonSES X-Vs-State: LEGIT Reps Council Weekly Meeting 2017-03-28 https://reps.mozilla.org/e/reps-council-weekly-meeting-2017-03-28/
Group: mozilla-reps-admins
Group: mozilla-reps-admins
I received "RemoBot" Mails only for the Reps Meeting and no.of mails were 6. [3-Mails in 2018; 3- Mails from 2017]
We are currently looking into this. I will post here any updates as soon as possible.
I got several of those as well,m mostly for ReMo Calls in 2017 and 2018 (but also 3 other events, including one I held in 2013), all with Mijanur in CC.
Quick note from my side to make sure it's clear: let's not assume that Mijanur has any active involvement in this. Innocent until charged guilty goes here as well ;)
I'm not saying that Mijanur is guilty. But the similarity I've seen from all the ReMoBot update is that Mijanur attend all of the event (whether I'm the organizer or an attendee). And I got another update from RemoBot which is a comment from Mijanur with the following detail: Hey there Rizki d, This email was generated automatically to inform you that Mijanur Rahman Rayhan added a comment on the report [1] for Attended event &#34;Mozilla 20th Anniversary&#34; on 2018-03-31 19:37. The comment was: 555-555-0199@example.com Cheers! Your lovely ReMo bot. [1] https://reps.mozilla.org/u/kelimuttu/r/2018/March/31/49983/ ==== The comment content indicate that there's a high possibility that it was came from a bot or something. Maybe Mijanur's account was hacked?
I am wondering if we can add an honeypot for spambot in django automatically to avoid this kind of actions. This problem seems very strange for 2 different issues: * the attendee and not only the organizer receive an email of someone was added in an event (so maybe we can disable this kind of emails) * we allow to attendee events also very old and I think that we can block this behaviour, as example after 2 weeks you cannot attendee an event We also have problems with celery (https://bugzilla.mozilla.org/show_bug.cgi?id=1414664) so maybe there is something wrong with that? On the second point I think that we can work on a patch.
I received the following with Minajur in CC: Mozilla All Hands San Francisco 2017 https://reps.mozilla.org/e/mozilla-all-hands-san-francisco-2017/ I didn't organize any session, I even wasn't there due to family issues.
(In reply to Gabriela [:gaby2300] from comment #7) > I received the following with Minajur in CC: > > Mozilla All Hands San Francisco 2017 > https://reps.mozilla.org/e/mozilla-all-hands-san-francisco-2017/ > > I didn't organize any session, I even wasn't there due to family issues. You are still marked as "attending" on the event page. That is no exception then.
I misunderstood then, sorry.
Every event page in the portal has a button "Mail Rep Attendees". This basically sends an email to all the attendees of an event and it is available to logged in users. It has by default as a subject the title of the event and the body starts with the event name and a link to portal. Users can add more text below that. Because this is sent by RemoBot, the sender of this email is added in the cc list and the Reply-To header is also set to the sender. This functionality is not part of any automation. Regarding reports, if a user has the setting to receive emails on add comment set to True, automatically an email is sent when there is a comment to the report. This is a short explanation of why everyone who attended an event got those emails. We are still looking as to why this happened.
Over to Daniele for final discussion in Council.
Assignee: nobody → mte90net
The council discussed and agreed with the team that there is anything we can do right now to improve the understanding of this strange incident. We close it and in case will happen again we will have probably more information to debug it.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Product: Mozilla Reps → Mozilla Reps Graveyard
You need to log in before you can comment on or make changes to this bug.