Welcome to the Cumulus Support forum.

Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024

Cumulus MX V4 beta test release 4.0.0 (build 4018) - 28 March 2024

Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)

Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki

Cumulus connecting to remote site on the internet?

Discussion and questions about Cumulus weather station software version 1. This section is the main place to get help with Cumulus 1 software developed by Steve Loft that ceased development in November 2014.
Post Reply
spyker

Cumulus connecting to remote site on the internet?

Post by spyker »

I've noticed some strange traffic originating from my server running Cumulus. The Cumulus app tries to connect to some IP addresses with a few on the Amazon AWS cloud on port 80.

54.189.192.189
23.102.25.149
34.214.226.247

Why would Cumulus try and connect to these servers? The only thing I can think of is to update APRS, WOW and Wunderground?
User avatar
steve
Cumulus Author
Posts: 26702
Joined: Mon 02 Jun 2008 6:49 pm
Weather Station: None
Operating System: None
Location: Vienne, France
Contact:

Re: Cumulus connecting to remote site on the internet?

Post by steve »

If you have uploads to those sites configured, then those are the most likely candidates (in particular WU and WOW). Uploads to WU, PWS, and WOW all use port 80. The obvious way to find out is to turn off uploads to those sites one at a time.
Steve
spyker

Re: Cumulus connecting to remote site on the internet?

Post by spyker »

Ok, I can confirm that its WU, PWS, and WOW.

What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
User avatar
ConligWX
Posts: 1571
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis vPro2+ w/DFARS + AirLink
Operating System: Ubuntu 22.04 LTS
Location: Bangor, NI
Contact:

Re: Cumulus connecting to remote site on the internet?

Post by ConligWX »

spyker wrote:Ok, I can confirm that its WU, PWS, and WOW.

What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
might be worth sending the data logs to Unifi, who are pretty good in fixing issues.
Regards Simon

https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •

Image
Post Reply