Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 3 of 3
magento/apache try to connect to 208.69.122.7 in *every page*
 
nileco
Sr. Member
 
Avatar
Total Posts:  79
Joined:  2008-10-29
Virginia
 

Hey guys,
I downloaded the URL Snooper that Frikki mentioned and used it to snoop at one of my Magento sites.  The site in question is a very basic site with only a few modifications to the original Magento Modern theme running on v.1.2.0.2. 

My first results showed a bunch of strange groups, blogs, and junk like that but they were all ‘google related’.

For the second test I took out the Google Analytics code that I had installed on the Magento site and ran URL snooper again.  There was not one single call to a url that is not mine.  My test involved browsing the category pages and product pages.

It is interesting to see all of the places that Google Analytics sends my data.  I may rethink using them in the future but right now it’s a great tool and the price is right.

 
Magento Community Magento Community
Magento Community
Magento Community
 
turbo1
Sr. Member
 
Avatar
Total Posts:  296
Joined:  2008-08-19
Los Angeles, CA
 

@nileco

Awesome information, thank you for posting this. I wonder if this privacy violation is in Google’s TOS.. unbelievable.

 
Magento Community Magento Community
Magento Community
Magento Community
 
nileco
Sr. Member
 
Avatar
Total Posts:  79
Joined:  2008-10-29
Virginia
 

with all of their fine print, they probably do somewhere but who actually reads the terms and conditions?

Another interesting thing: I just went to run it again so that I could post all of the /group, /blog, etc that it was calling but when I ran it again it was not there.  Only a standard looking google-analytics url and some calls to google cache and google safebrowser urls that are probably part of the google ‘web phishing thing’.  I even tried clearing my cache and using another browser but still it did not appear again.

So I’m thinking it’s a once a day thing maybe to measure hits/users.  I’ll keep an eye on it though.  I guess the real important thing was no calls to Magento.

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Mentor
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

I have a default template store without Google Analytics and URL Snooper finds nothing.

I’m slightly confused though. Initially in this thread is seemed as if people thought the software was phoning home on the server side. URL Snooper etc. only check the client side. And from the client end, it seems nothing is unduly sent home, other than perhaps GA, which you can kind of expect anyway.

Has anyone inspected packets on the server end at all?

EDIT…

Turns out Linux comes with tcpdump and with this tutorial I was able to snoop packets in no time - http://openmaniak.com/tcpdump.php

When I run it and browse the front-end, no suspicious http packets are sent or received.

When I run it and log into the back-end, the ones previously mentioned appear:

# tcpdump port http -w tcp.log -c 200
tcpdumplistening on eth0link-type EN10MB (Ethernet), capture size 96 bytes
200 packets captured
400 packets received by filter
0 packets dropped by kernel
# tcpdump -r tcp.log
reading from file tcp2.loglink-type EN10MB (Ethernet)
16:25:58.628866 IP host81-152-24-xxx.range81-152.btcentralplus.com.4893 192.168.162.131.httpS 520527822:520527822(0win 65535 <mss 1380,nop,nop,sackOK>
16:25:58.628875 IP 192.168.162.131.http host81-152-24-xxx.range81-152.btcentralplus.com.4893S 3654533177:3654533177(0ack 520527823 win 5840 <mss 1460,nop,nop,sackOK>
16:25:58.670369 IP host81-152-24-xxx.range81-152.btcentralplus.com.4893 192.168.162.131.http: . ack 1 win 65535
16
:25:58.773991 IP host81-152-24-xxx.range81-152.btcentralplus.com.4893 192.168.162.131.httpP 1:1202(1201ack 1 win 65535
16
:25:58.774016 IP 192.168.162.131.http host81-152-24-xxx.range81-152.btcentralplus.com.4893: . ack 1202 win 7206
16
:25:59.668535 IP 192.168.162.131.http host81-152-24-xxx.range81-152.btcentralplus.com.4893P 1:924(923ack 1202 win 7206
16
:25:59.802860 IP host81-152-24-xxx.range81-152.btcentralplus.com.4893 192.168.162.131.httpP 1202:2231(1029ack 924 win 64612
16
:25:59.802888 IP 192.168.162.131.http host81-152-24-xxx.range81-152.btcentralplus.com.4893: . ack 2231 win 9608
16
:26:01.028011 IP 192.168.162.130.44065 208.69.122.7.httpS 3661344228:3661344228(0win 5840 <mss 1460,sackOK,timestamp 659773250 0,nop,wscale 7>
16:26:01.134935 IP 208.69.122.7.http 192.168.162.130.44065S 4277514204:4277514204(0ack 3661344229 win 5840 <mss 1380,nop,nop,sackOK,nop,wscale 8>
16:26:01.134956 IP 192.168.162.130.44065 208.69.122.7.http: . ack 1 win 46
16
:26:01.135009 IP 192.168.162.130.44065 208.69.122.7.httpP 1:81(80ack 1 win 46
16
:26:01.241326 IP 208.69.122.7.http 192.168.162.130.44065: . ack 81 win 23
16
:26:01.807734 IP 208.69.122.7.http 192.168.162.130.44065: . 1:1381(1380ack 81 win 23
16
:26:01.807750 IP 192.168.162.130.44065 208.69.122.7.http: . ack 1381 win 68
16
:26:01.807906 IP 208.69.122.7.http 192.168.162.130.44065: . 1381:2761(1380ack 81 win 23
16
:26:01.807913 IP 192.168.162.130.44065 208.69.122.7.http: . ack 2761 win 89
16
:26:01.915616 IP 208.69.122.7.http 192.168.162.130.44065P 2761:4141(1380ack 81 win 23
16
:26:01.915632 IP 192.168.162.130.44065 208.69.122.7.http: . ack 4141 win 111
16
:26:01.915721 IP 208.69.122.7.http 192.168.162.130.44065: . 4141:5521(1380ack 81 win 23
16
:26:01.915727 IP 192.168.162.130.44065 208.69.122.7.http: . ack 5521 win 132
16
:26:01.915849 IP 208.69.122.7.http 192.168.162.130.44065: . 5521:6901(1380ack 81 win 23
16
:26:01.915856 IP 192.168.162.130.44065 208.69.122.7.http: . ack 6901 win 154
16
:26:01.915968 IP 208.69.122.7.http 192.168.162.130.44065P 6901:8281(1380ack 81 win 23
16
:26:01.915974 IP 192.168.162.130.44065 208.69.122.7.http: . ack 8281 win 175
16
:26:02.022673 IP 208.69.122.7.http 192.168.162.130.44065P 8281:9368(1087ack 81 win 23
16
:26:02.022680 IP 192.168.162.130.44065 208.69.122.7.http: . ack 9368 win 197
16
:26:02.025303 IP 192.168.162.130.44065 208.69.122.7.httpF 81:81(0ack 9368 win 197
16
:26:02.131924 IP 208.69.122.7.http 192.168.162.130.44065F 9368:9368(0ack 82 win 23
16
:26:02.131952 IP 192.168.162.130.44065 208.69.122.7.http: . ack 9369 win 197
etc
...

Note the btcentral one is me, I xxx-ed my IP partly.

208.69.122.7 receives packets from my server and even sends packets back too. Type that IP in your browser and you’ll get redirected to the magentocommerce.com site.

So no real surprises here luckily, just seems like it’s phoning home to check on version updates. Considering the blog RRS, it would be nice to disable this somewhere but no big deal for me. If that’s their way to gauge live installs, so be it. From their perspective, it’s handy to know. Don’t think it has anything to do with license enforcement as it’s OOS anyway.

Seems to me the OP had an image in this template loaded from the slow Magento server. Blocking them solves it but makes the image not load. I don’t see any evidence it’s phoning home suspiciously but do please run tcpdump yourself.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial
Enthusiast
 
Avatar
Total Posts:  770
Joined:  2007-11-07
Phoenix, AZ
 
J.T. - 14 February 2009 07:37 AM

So no real surprises here luckily, just seems like it’s phoning home to check on version updates. Considering the blog RRS, it would be nice to disable this somewhere but no big deal for me. If that’s their way to gauge live installs, so be it. From their perspective, it’s handy to know. Don’t think it has anything to do with license enforcement as it’s OOS anyway.

What about disabling Mage_AdminNotification in Disable modules output in the System, Configuration, Advanced section?

 
Magento Community Magento Community
Magento Community
Magento Community
 
balero
Sr. Member
 
Avatar
Total Posts:  170
Joined:  2009-01-29
埼玉県所沢市
 

Diveintomark.org is Mark Pilgrim’s blog. He works at Google (in documentation or the like), and used to work at IBM. But why would the calls be going to his personal blog, even if he were working on Analytics at Google now?

 
Magento Community Magento Community
Magento Community
Magento Community
 
WillSemto
Jr. Member
 
Total Posts:  5
Joined:  2008-12-02
 
turbo1 - 31 January 2009 10:27 AM

Now, based on #1, why the heck should this be happening? Because it’s trying to contact Varien, and timing out. For the life of me, I can’t find the code that causes this.

This would also happen on the front end if you had blocked Variens IP address, basically your server is trying to make a request to varien on the backend to check for updates and the like (probably on a daily cooldown I would assume), if you have blocked the IP that is being called then its going to take a while (2 mins in your case) for PHP to time out and return null for the get call made on the Varien server.

If you had blocked the IP address and they were sending information back and forth on the frontend then you will have seen the same slow affect on the front end. I can only assume it was a coincidence that your website was faster after blocking these IP’s.

Also blocking the IP’s of those third party websites your saw on your local client machine will not have an affect on your server as they are locally called via javascript I believe.....

 
Magento Community Magento Community
Magento Community
Magento Community
 
itchytrig
Sr. Member
 
Avatar
Total Posts:  162
Joined:  2008-10-03
UK
 

Hi,

As we have plans to open 2-3 Magento stores, I would love to hear what Varien have to say about any ‘Big Brother’ tactics going on?

We are all ears…

 
Magento Community Magento Community
Magento Community
Magento Community
 
LloydI
Jr. Member
 
Total Posts:  26
Joined:  2009-09-20
 

If you don’t want the site to call home just disable the Mage_AdminNotification as Crucial said, and why should Varien respond again?

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 3 of 3