The php is a one line'r I found somewhere that just returns the IP:
- Code: Select all
<?php echo $_SERVER['REMOTE_ADDR']; ?>
the dSupportSuite client software hits this for the WAN IP address -- and I have verified that is the exact script that is there. there shouldn't even be any server side logging of any sort (that I intentionally enabled or am aware of) and no client side logging except via the health check/info report/heartbeat functionality sent to the admin/client email address in your dSS config for that Client ID, otherwise this function is used for the main interface of the client software to display the WAN IP, and possibly also to determine internet connectivity during certain operations (before running maintenance perhaps, if custom apps need to be downloaded, during heartbeat perhaps... using this method is far faster than waiting for a ping response!) but I will need to double check if that is used in dSS. If not used there, then using the simple UI (you can see/check this in any Client ID Config or Template via dSSMC) wouldn't check for the WAN IP for the system info, and it shouldn't hit that web address. Might even have a config option to disable it, uncertain.
I'm not sure why that is being targeted, it still is what it is... The naked domain does redirect to http://foolishit.com/d7/
in a browser, I wonder if you are seeing this due to the "suspicious" or "pup" or whatever status it may categorize the original d7 in... though there isn't even a download for d7 on the site..
Please assist with false positive submissions!! I have links for most A/V companies here: http://www.foolishit.com/bad-av/
though this may or may not be appropriate for a web filter/URL submission, but perhaps they can direct the message to the appropriate parties or refer you to them.
A config option for an upcoming edition could be to host your own PHP or other script that returns the WAN IP.