Hello my fellow yunohosters!
My YunoHost server
Hardware: Raspberry Pi 3 at home
YunoHost version: 4.1.7.2
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | all above
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I am not sure, this is really a problem. But I would like to err on the side of caution.
Since about a week ago my yunohost started to produce quite a lot of network traffic (ie network LED blinking like crazy all the time) even when no device was actively accessing it.
I looked at the traffic with ‘tcpdump’ and found out that there is a continous traffic exchange between yunohost and IP 178.62.38.96. This IP leads me to https://chipmixer.com/ some kind of bitcoin mixer.
The problem continues even after a fresh install of yunohost. Blocking port 80 but not 443 stops this.
Does anyone understand what is going on here, and why my yunohost connects to this IP?
Many thanks in advance
aga
Whois output
% Information related to '178.62.0.0 - 178.62.127.255'
% Abuse contact for '178.62.0.0 - 178.62.127.255' is 'email@digitalocean.com'
inetnum: 178.62.0.0 - 178.62.127.255
netname: DIGITALOCEAN-LON-1
descr: DigitalOcean London
country: GB
admin-c: PT7353-RIPE
tech-c: PT7353-RIPE
status: ASSIGNED PA
mnt-by: digitalocean
mnt-lower: digitalocean
mnt-routes: digitalocean
created: 2014-04-07T06:16:03Z
last-modified: 2015-11-20T14:45:50Z
source: RIPE
person: Network Operations
address: 101 Ave of the Americas, 10th Floor
address: New York, NY, 10013
address: United States of America
phone: +13478756044
nic-hdl: PT7353-RIPE
mnt-by: digitalocean
created: 2015-03-11T16:37:07Z
last-modified: 2019-04-17T14:37:51Z
source: RIPE # Filtered
org: ORG-DOI2-RIPE