gewilli wrote:
OK thanks. Just wondering why someone was trying to connect from Holland. They would have to use my routers IP address wouldn’t they?
Yes – and your router will be forwarding that to the Cloud.
There are people and “bots” all over the world that are constantly scanning IP addresses looking to see what’s out there. The fact that specific one is Holland really doesn’t mean anything.
My linux server gets “hit” about 200 - 300 times an hour with addresses from all over the world. I’m not “serving” anything; it’s just port scanners.
1 Like
gewilli wrote:
OK thanks. Just wondering why someone was trying to connect from Holland. They would have to use my routers IP address wouldn’t they? BTW it’s still there in my router log (until it times out) but there is nothing showing on the MyCloud.
As the link below shows this obviously is a hacker scanning whatever looks interesting.
http://www.abuseipdb.com/report-history/80.82.78.100
For that reason I would never make MyCloud visible on the www.
Mystery Solved.
gewilli wrote:
Apparently this it related to apache (just a wild assed guess).
Yes, it is. I was able to catch this in fast loop after toggling the NTP switch about 200 times. :smileyvery-happy:
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
tcp 0 1 10.0.0.32:57067 8.8.8.8:53 SYN_SENT 15841/apache2
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57067 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57067 8.8.8.8:53 TIME_WAIT -
tcp 0 0 10.0.0.32:57054 8.8.8.8:53 TIME_WAIT -
From there, it was easy to find.
It’s simply the PHP script which determines whether Internet access is working OK.
The script uses two DNS servers that are well known: Google DNS (8.8.8.8) ad OpenDNS (208.67.222.222) and tries to open a TCP socket to them.
It first tries Google DNS, and if it fails, then tries OpenDNS. If both fail, the UI reports that there’s no working internet access.
I’m guessing it’s done this way so that even if the user specifies an invalid DNS, the connection check will still work.
The script is at
/var/www/rest-api/api/Remote/src/Remote/Controller//InternetAccess.php
1 Like
yeah, then if it finds the network is down and you have email notifications enabled it sends you an email saying the connection is down which, of course, doesm’t go out until the connection is up.
Ok that sounds reasonable, but why does it keep trying every 30 seconds until you log off of the MyCloud Web page? Could there be an error in the script that causes it to loop on the google dns address.
royk109 wrote:
yeah, then if it finds the network is down and you have email notifications enabled it sends you an email saying the connection is down which, of course, doesm’t go out until the connection is up.
That’s what I call “highly sophisticated software” 
Bound to break …
royk109 wrote:
yeah, then if it finds the network is down and you have email notifications enabled it sends you an email saying the connection is down which, of course, doesm’t go out until the connection is up.
Well, sure. You expect it to send the email while it’s still down? :stuck_out_tongue:
But seriously, every single network device I own that does email notifications does this. It’s useful because that e-mail contains the timestamp of when it went down. Useful for troubleshooting.
