Hi all, I selfhost private instance of Lemmy for my friends behind Pangolin reverse proxy. I noticed something interesting in the logs; Lemmy specifically gets pinged / tried to access each midnight UTC from what looks like an IP from inside the network. Just out of curiosity, do you have any idea what that could be? I have federation off and private instance on, but maybe it is something from Lemmy network checking if my server is alive? Thank you in advance
You must log in or register to comment.
And when you ping that IP address back, what happens?
Can you trace it?
Maybe setup wireshark and record what happens at that time of night…
I will definitely do that, right now I can’t work with anything because the traffic gets stopped at Pangolin’s level, but I will turn off Pangolin’s auth for one night
An ICMP ping or a web request?
If it’s a web request the first thing that comes to mind is do you have BitWarden?
Yes, I do. It is probably a web request
There was a post a few days ago about someone using it and it pulled a tonne of data. I wonder if it also does polls to check if the link is still valid.
Bitwarden uses the favicon from the first link in the password entry.
For my selfhosted web pages I use the public info page of the selfhosted page (e.g. openMediaVault) and set detection to [none].
This way it won’t match against the 3rd party page but I get the icon :)BUUUT it should only poll if you activate the program/extension.
Don’t know why it should poll at midnightI do not have my Lemmy’s link in the Bitwarden
How could we tell you about an IP inside your own network? Look at the host using that IP and see what’s running on it.
Well it is definitely specific to Lemmy, I selfhost over 20 services and only Lemmy gets pinged on midnight. The only other service I saw doing this was Nextcloud, Nextcloud instance needs to reach itself, but for Lemmy it is a different IP, which is puzzling me
Got the log?
Nothing in Lemmy’s logs, in Pangolin’s logs it’s only the lines about attempted access each midnight
