Welcome to the new home of the Cumulus Support forum.

Latest Cumulus release v1.9.4 (build 1099) - Nov 28 2014
Latest Cumulus MX release - v3.0.0 build 3044 7 December 2018. See the Wiki for download

Cumulus connecting to remote site on the internet?

Discussion and questions about Cumulus weather station software version 1. This section and its subforums are the main place to get help with Cumulus. Anything which is not specific to the type of weather station goes in here; for anything specific to a type of weather station, please use the appropriate subforum. Use the 'website development' section for any questions relating to creating or running a web site for Cumulus data. Discussion of the stations themselves in these sections is fine.
Post Reply
spyker
Posts: 29
Joined: Tue 17 Aug 2010 5:25 am
Weather Station: Davis VP2 with Daytime FARS
Operating System: Windows 7
Location: Randburg, South Africa
Contact:

Cumulus connecting to remote site on the internet?

Post by spyker » Thu 06 Sep 2018 9:39 am

I've noticed some strange traffic originating from my server running Cumulus. The Cumulus app tries to connect to some IP addresses with a few on the Amazon AWS cloud on port 80.

54.189.192.189
23.102.25.149
34.214.226.247

Why would Cumulus try and connect to these servers? The only thing I can think of is to update APRS, WOW and Wunderground?

User avatar
steve
Cumulus Author
Posts: 26714
Joined: Mon 02 Jun 2008 6:49 pm
Weather Station: None
Operating System: None
Location: Vienne, France
Contact:

Re: Cumulus connecting to remote site on the internet?

Post by steve » Thu 06 Sep 2018 5:51 pm

If you have uploads to those sites configured, then those are the most likely candidates (in particular WU and WOW). Uploads to WU, PWS, and WOW all use port 80. The obvious way to find out is to turn off uploads to those sites one at a time.
Steve

spyker
Posts: 29
Joined: Tue 17 Aug 2010 5:25 am
Weather Station: Davis VP2 with Daytime FARS
Operating System: Windows 7
Location: Randburg, South Africa
Contact:

Re: Cumulus connecting to remote site on the internet?

Post by spyker » Mon 10 Sep 2018 11:15 am

Ok, I can confirm that its WU, PWS, and WOW.

What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1

User avatar
ConligWX
Posts: 734
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis Vantage Pro2 Plus
Operating System: Debian 9.5 Stretch
Location: Bangor, NI
Contact:

Re: Cumulus connecting to remote site on the internet?

Post by ConligWX » Mon 10 Sep 2018 2:24 pm

spyker wrote:Ok, I can confirm that its WU, PWS, and WOW.

What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
might be worth sending the data logs to Unifi, who are pretty good in fixing issues.
Regards Simon

https://www.conligwx.org
https://twitter.com/conligwx
Davis Vantage Pro2 Plus - Meteobrige Nano SD + Saratoga/PWS Templates

Post Reply