Magento

i’m running Magento on a local machine,
and the2 Firewall tells me that Apache connects to 208.69.122.7 on every page, and every “refresh”.

<b>how can i disable that?</b>

1) that’s a big <b>security issue</b> !
2) that poses a performance issue
3) i don’t like this “big brother” kinda behavior.

i wouldn’t like my site connect to anyone in the world without my explicit permission.

thanks

The IP comes back to the Magento site, so it must be some kind of reporting feature for Magento… Telling them how many stores are using Magento or something like that? Dont see why it needs to be sent on every page though.

Alex

Well this answers my question that Varien never responded to (http://www.magentocommerce.com/boards/viewthread/18880/)

TYVM.  I can now block my server from accessing that IP. 

edit: I’ve now blocked my server from accessing their entire subnet.  My site is literally twice as fast now, I’m elated.  If you’re on a dedicated server, I can tell you how I did it (just PM me)

Thanks turbo1 for the PM.

Just throwing some thoughts on the table.

Will blocking their IP’s affect magento connect and/or future upgrades?

And some countries are pretty strict on what information goes out… aka privacy laws. What information does Magento phone home with?

I believe this needs to be addressed asap.

Hi all,

I also have been following this. However, I am not sure what is really going on so it would be great if Varien would like to comment.

I know already that the store connects to the Magento website in the admin - to check for updates etc. Also - the default footer in the default theme has a link to the Magento website - but I have removed that. Not sure if there was anything else in that code that phoned home.

Now - if it’s only phoning home in the admin - fine. HOWEVER - do give us an option of switching it off.

It it’s phoning home in the frontend - NOT FINE. Let us know what to remove and definitely make it optional and transparent.

Thanks!

Yes - if you block Magento from your server, Magento Connect will likely break.  I do my upgrades manually (don’t use MC), so it’s no big deal for me.  But if you’re at all unsure, don’t implement what I suggested

Any ideas on what to search for in the code? It might be buried in the library code in something very basic.
But would it be a read or a write? Can you tell?

What’s the trick to blocking the IP? I don’t see any obvious way to do that in my site control panel…

I have searched for all kinds of code but came up with nothing. It would be great to know exactly where from this connection is generated so we can remove that part of the code.

Haven’t had the time to test this but, is this happening on every page loads like even on the front page?

Or are we just talking about on the admin? If so, then that should be perfectly fine.....we shouldn’t worry too much about it.

Has anybody found out what this is yet?

I have looked at the code, but have found nothing. Varien - care to comment?

here are most of the places in the code where calls of some kind are being made. Most for connect, but some like for Google Checkout seem a bit strange.

\pear
\app\code\core\mage\adminhtml\block\notification\window.php
\app\code\core\mage\adminhtml\helper\data.php
\app\code\core\mage\adminhtml\model\extension.php
\app\code\core\mage\googlecheckout\etc\system.xml
\app\code\core\mage\install\model\installer\pear.php
\pearlib\download\mage_core_modules-1.1.6\mage\googlecheckout\etc\system.xml
\pearlib\download\mage_core_modules-1.1.6\mage\install\model\installer\pear.php

@skippybosco - thanks for the investigative work, much appreciated. So it looks like most of the calls being made are from the admin and for Google Checkout, right? Is there anything there to indicate that there is a call being made to Varien from every page loaded in the frontend?

Many thanks!

Neither stock 1.6 source code or traffic monitoring suggests that every front end page is calling home to Magento.

If folks are seeing this behavior, perhaps it is the result of an additional addon or even a theme with a graphic that is has a hard coded path?

Someone seeing Mageto being called on every front end page load, can you grep your magento directory and see where the call is originating from?

Sorry I’ve been gone so long Yes, I also think it’s ridiculous that it’s being so invasive.  When blocking the IPs in question, the site itself loads much faster. The Admin page however, takes much longer to come up. I believe this is because it’s trying like crazy to ‘phone home’.  To me, the benefits outweigh the slow admin page

hard to believe that after a month they wouldn’t comment on this