Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Whois this IP ? : 82.98.6.171 #241

Open
grosbert opened this issue Jun 25, 2015 · 5 comments
Open

Whois this IP ? : 82.98.6.171 #241

grosbert opened this issue Jun 25, 2015 · 5 comments

Comments

@grosbert
Copy link

Why are you connecting my owncloud from this IP : 82.98.6.171 (as: OZONE-PARIS1 from Ozone-France).

Why didn't you use my own phone IP address: since you can connect to this server, you can use my own telephone ip. Unfortunately, my "owncloud" is restricted to only a few IP.

I've never seen nor accepted something about proxyfing my caldav traffic through this IP...

If this proxyfication is so well hidden in sources, what are you doing/trying to do with this host ?
This is a very suspicious behaviour.

I'll signal this software as malware to github's staff.

@timoberger
Copy link
Collaborator

There is no use of a proxy within the source.

How did you get this ip?
How was your ip?
Are these connections with valid credentials?
Are the connections from the given ip still going on?

@gggard
Copy link
Owner

gggard commented Jun 25, 2015

I confirm that there is no proxy un the sources, check caldav/CaldavFacade by yourself...

Where did you get the app ?

Le 25 juin 2015 10:38:14 GMT+02:00, timoberger [email protected] a écrit :

There is no use of a proxy within the source.

How did you get this ip?
How was your ip?
Are these connections with valid credentials?
Are the connections from the given ip still going on?


Reply to this email directly or view it on GitHub:
#241 (comment)

Envoyé de mon téléphone. Excusez la brièveté.

@grosbert
Copy link
Author

This IP come from my apache's logs : http://txs.io/HO5b
except names which had been replaced by AAA, BBB, CC, ZZ, all is verbatim

As you can read, credentials had not been given (3th column: the '-' before the date field); but all urls are exactly crafted to download my own 5 calendars (pro & familly). Furthermore, the port of this owncloud instance is not usual (8765), so I'm sure this setup is only in my phone.

This app come from [google] PlayStore. My phone is a galaxy-note 3; rooted; I've just installed AF+ as a firewall to observe this IP.

@timoberger
Copy link
Collaborator

There are also entries from "CardDAV-Sync (Android) (like iOS/5.0.1 (9A405) dataaccessd/1.0) gzip".

I guess, either your phone or service provider is using this ip.

@gggard
Copy link
Owner

gggard commented Jun 26, 2015

It's your mobile network provider that setup a transparent proxy, there is no problem with the app...

Aside of this, there is a feature request about strict https negotiation and removal of some https algorithm to avoid man in the middle attacks...

Please confirm that browsing your web version of OC from your mobile give the same results...

Le 26 juin 2015 11:01:04 GMT+02:00, timoberger [email protected] a écrit :

There are also entries from "CardDAV-Sync (Android) (like iOS/5.0.1
(9A405) dataaccessd/1.0) gzip".

I guess, either your phone or service provider is using this ip.


Reply to this email directly or view it on GitHub:
#241 (comment)

Envoyé de mon téléphone. Excusez la brièveté.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants