Please read the posts in the Announcements section about the current status of Cumulus development now that I have retired

Please read this post before posting

Latest Cumulus release v1.9.4 (build 1099) - Nov 28 2014
Latest Cumulus MX release - v3.0.0 build 3043 Jan 20 2017. See this post for download

Cumulus connecting to remote site on the internet?

Discussion and questions about Cumulus weather station software version 1. This section and its subforums are the main place to get help with Cumulus. Anything which is not specific to the type of weather station goes in here; for anything specific to a type of weather station, please use the appropriate subforum. Use the 'website development' section for any questions relating to creating or running a web site for Cumulus data. Discussion of the stations themselves in these sections is fine.
spyker
Posts: 29
Joined: Tue Aug 17, 2010 5:25 am
Weather Station: Davis VP2 with Daytime FARS
Operating System: Windows 7
Location: Randburg, South Africa
Contact:

Cumulus connecting to remote site on the internet?

Postby spyker » Thu Sep 06, 2018 9:39 am

I've noticed some strange traffic originating from my server running Cumulus. The Cumulus app tries to connect to some IP addresses with a few on the Amazon AWS cloud on port 80.

54.189.192.189
23.102.25.149
34.214.226.247

Why would Cumulus try and connect to these servers? The only thing I can think of is to update APRS, WOW and Wunderground?

User avatar
steve
Cumulus Author
Posts: 26654
Joined: Mon Jun 02, 2008 6:49 pm
Weather Station: None
Operating System: None
Location: Vienne, France
Contact:

Re: Cumulus connecting to remote site on the internet?

Postby steve » Thu Sep 06, 2018 5:51 pm

If you have uploads to those sites configured, then those are the most likely candidates (in particular WU and WOW). Uploads to WU, PWS, and WOW all use port 80. The obvious way to find out is to turn off uploads to those sites one at a time.
Steve
-----
Hosting available for Cumulus web sites. See http://sandaysoft.com/forum/viewtopic.php?f=2&t=11876

Please read the posts in the Announcements section about the current status of Cumulus development since I have retired from my day job

spyker
Posts: 29
Joined: Tue Aug 17, 2010 5:25 am
Weather Station: Davis VP2 with Daytime FARS
Operating System: Windows 7
Location: Randburg, South Africa
Contact:

Re: Cumulus connecting to remote site on the internet?

Postby spyker » Mon Sep 10, 2018 11:15 am

Ok, I can confirm that its WU, PWS, and WOW.

What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1

User avatar
Toxic17
Posts: 676
Joined: Mon May 19, 2014 10:45 pm
Weather Station: Davis VPro2 Plus
Operating System: Debian 9.5 Stretch
Location: Bangor, NI
Contact:

Re: Cumulus connecting to remote site on the internet?

Postby Toxic17 » Mon Sep 10, 2018 2:24 pm

spyker wrote:Ok, I can confirm that its WU, PWS, and WOW.

What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1


might be worth sending the data logs to Unifi, who are pretty good in fixing issues.
Regards Simon

https://www.conligwx.org
https://www.conligwx.org/pws/
https://twitter.com/conligwx
Davis Vantage Pro2+ - CumulusMX v3.0.0 (build 3043) + Saratoga/PWS
Image


Return to “Cumulus 1”

Who is online

Users browsing this forum: No registered users and 1 guest