Hello my fellow yunohosters!
My YunoHost server
Hardware: Raspberry Pi 3 at home
YunoHost version: 188.8.131.52
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | all above
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I am not sure, this is really a problem. But I would like to err on the side of caution.
Since about a week ago my yunohost started to produce quite a lot of network traffic (ie network LED blinking like crazy all the time) even when no device was actively accessing it.
I looked at the traffic with ‘tcpdump’ and found out that there is a continous traffic exchange between yunohost and IP 184.108.40.206. This IP leads me to https://chipmixer.com/ some kind of bitcoin mixer.
The problem continues even after a fresh install of yunohost. Blocking port 80 but not 443 stops this.
Does anyone understand what is going on here, and why my yunohost connects to this IP?
Many thanks in advance
% Information related to '220.127.116.11 - 18.104.22.168' % Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' inetnum: 188.8.131.52 - 184.108.40.206 netname: DIGITALOCEAN-LON-1 descr: DigitalOcean London country: GB admin-c: PT7353-RIPE tech-c: PT7353-RIPE status: ASSIGNED PA mnt-by: digitalocean mnt-lower: digitalocean mnt-routes: digitalocean created: 2014-04-07T06:16:03Z last-modified: 2015-11-20T14:45:50Z source: RIPE person: Network Operations address: 101 Ave of the Americas, 10th Floor address: New York, NY, 10013 address: United States of America phone: +13478756044 nic-hdl: PT7353-RIPE mnt-by: digitalocean created: 2015-03-11T16:37:07Z last-modified: 2019-04-17T14:37:51Z source: RIPE # Filtered org: ORG-DOI2-RIPE