I have just migrated roundup to a new server, for the first time
properly activating roundup-admin email, which is potentially why I see
this the first time:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/roundup/cgi/client.py",
line 437, in inner_main
    self.determine_charset()
  File "/usr/local/lib/python2.7/dist-packages/roundup/cgi/client.py",
line 604, in determine_charset
    if '@charset' in self.form:
  File "/usr/lib/python2.7/cgi.py", line 595, in __contains__
    raise TypeError, "not indexable"
TypeError: not indexable

I am getting these very often.

127.0.0.1 - - [06/Jul/2014 11:26:13] "POST /nuitka/xmlrpc.php HTTP/1.1"
500 -

I believe I have no XMLRPC interface activated. I didn't find any
configuration for that topic, is this enabled by default?

Since I am going through an Apache, I added this rule:

RewriteRule ^/xmlrpc.php$ - [F,L]

That turns it into 503.

This is on Debian Wheezy, with pip installed roundup. Configured to be
behind an Apache like this:

RewriteRule ^/(.*)$ http://localhost:8088/nuitka/$1 [P,L]

It looks like something is scanning your server trying various
attacks against:

  /nuitka/xmlrpc.php

Note that nothing in roundup is php. My guess is that
the scanner/attacker is trying to post gibberish used to
exploit xmlrpc.php.

The error is odd, but without seeing what is being posted
I don't have any ideas. I assume the tracebacks stopped once
you 503'ed the url?

-- rouilj

Closing as abandoned. Not surprising after all this time.