Whois this IP ? : 82.98.6.171

Question

Whois this IP ? : 82.98.6.171

Opened this issue 9 years ago · 5 comments

Why are you connecting my owncloud from this IP : 82.98.6.171 (as: OZONE-PARIS1 from Ozone-France).

Why didn't you use my own phone IP address: since you can connect to this server, you can use my own telephone ip. Unfortunately, my "owncloud" is restricted to only a few IP.

I've never seen nor accepted something about proxyfing my caldav traffic through this IP...

If this proxyfication is so well hidden in sources, what are you doing/trying to do with this host ?
This is a very suspicious behaviour.

I'll signal this software as malware to github's staff.

Answer 1 · 2015-06-25T08:38:13.000Z

There is no use of a proxy within the source.

How did you get this ip?
How was your ip?
Are these connections with valid credentials?
Are the connections from the given ip still going on?

Answer 2 · 2015-06-25T20:12:58.000Z

I confirm that there is no proxy un the sources, check caldav/CaldavFacade by yourself...

Where did you get the app ?

Le 25 juin 2015 10:38:14 GMT+02:00, timoberger notifications@github.com a écrit :

There is no use of a proxy within the source.

How did you get this ip?
How was your ip?
Are these connections with valid credentials?
Are the connections from the given ip still going on?

Reply to this email directly or view it on GitHub:
#241 (comment)

Envoyé de mon téléphone. Excusez la brièveté.

Answer 3 · 2015-06-26T08:54:01.000Z

This IP come from my apache's logs : http://txs.io/HO5b
except names which had been replaced by AAA, BBB, CC, ZZ, all is verbatim

As you can read, credentials had not been given (3th column: the '-' before the date field); but all urls are exactly crafted to download my own 5 calendars (pro & familly). Furthermore, the port of this owncloud instance is not usual (8765), so I'm sure this setup is only in my phone.

This app come from [google] PlayStore. My phone is a galaxy-note 3; rooted; I've just installed AF+ as a firewall to observe this IP.

Answer 4 · 2015-06-26T09:01:03.000Z

There are also entries from "CardDAV-Sync (Android) (like iOS/5.0.1 (9A405) dataaccessd/1.0) gzip".

I guess, either your phone or service provider is using this ip.

Answer 5 · 2015-06-26T09:46:49.000Z

It's your mobile network provider that setup a transparent proxy, there is no problem with the app...

Aside of this, there is a feature request about strict https negotiation and removal of some https algorithm to avoid man in the middle attacks...

Please confirm that browsing your web version of OC from your mobile give the same results...

Le 26 juin 2015 11:01:04 GMT+02:00, timoberger notifications@github.com a écrit :

There are also entries from "CardDAV-Sync (Android) (like iOS/5.0.1
(9A405) dataaccessd/1.0) gzip".

I guess, either your phone or service provider is using this ip.

Reply to this email directly or view it on GitHub:
#241 (comment)

Envoyé de mon téléphone. Excusez la brièveté.