gammaburst
Cadet
- Joined
- Jan 3, 2021
- Messages
- 5
Hi all,
I'm installed the official syncthing plugin via truenas gui two days ago.
I was trying to fix an issue with the syncthing management page, when I stumbled upon this.
I did not configure any syncthing clients. I only changed the syncthing webgui from http to https and activated password login.
Please can somebody double check my steps and give me advice what to do now?
If I'm right, all people using this plugin are in danger to copy their data illegal!
Here my steps to reproduce:
- install and start syncthing plugin, open a shell inside the jail and use: netstat -p tcp
as you can see here, there is an ongoing connection to IPv4 85.195.234.18 at port 22067 (dynamic syncthing port)
I connected via browser to the IP and got this
about the provider I got this information
route: 85.195.224.0/19
descr: Init7 (Switzerland) Ltd.
descr: St. Georgen-Strasse 70
descr: CH-8400 Winterthur
origin: AS13030
mnt-by: MNT-INIT7-NOC
member-of: RS-INIT7
created: 2014-12-12T14:49:39Z
last-modified: 2014-12-12T14:49:39Z
I do not know the provider, the NAS behind the IP and did not configure the plugin to do so!
Hopefully I'm completely wrong, but it looks like a backdoor in the official plugin to steal data.
I'm installed the official syncthing plugin via truenas gui two days ago.
I was trying to fix an issue with the syncthing management page, when I stumbled upon this.
I did not configure any syncthing clients. I only changed the syncthing webgui from http to https and activated password login.
Please can somebody double check my steps and give me advice what to do now?
If I'm right, all people using this plugin are in danger to copy their data illegal!
Here my steps to reproduce:
- install and start syncthing plugin, open a shell inside the jail and use: netstat -p tcp
as you can see here, there is an ongoing connection to IPv4 85.195.234.18 at port 22067 (dynamic syncthing port)
I connected via browser to the IP and got this
about the provider I got this information
route: 85.195.224.0/19
descr: Init7 (Switzerland) Ltd.
descr: St. Georgen-Strasse 70
descr: CH-8400 Winterthur
origin: AS13030
mnt-by: MNT-INIT7-NOC
member-of: RS-INIT7
created: 2014-12-12T14:49:39Z
last-modified: 2014-12-12T14:49:39Z
I do not know the provider, the NAS behind the IP and did not configure the plugin to do so!
Hopefully I'm completely wrong, but it looks like a backdoor in the official plugin to steal data.