Discourse local instance trying to connect to Wordpress


(Guillaume EB) #1

Hi everyone,

I’ve installed a discourse forum on a private data center (VMWare based). It works fine, no problem with it, but my IT department is telling me that there are a lot of connection tries between my discourse VM and wordpress.com on 443 port, is this normal?


(Joshua Rosenfeld) #2

First question - do you have a wordpress site?

Some additional questions: Is this a brand new install, or did you restore a backup from a previous install? Have you installed GitHub - discourse/wp-discourse: WordPress plugin that lets you use Discourse as the community engine for a WordPress blog and linked it to your site? Are you using wordpress for login via another plugin?


(Guillaume EB) #3

No wordpress site, it is not a brand new install (installed since about 6 months). No plugin for wordpress. Here are my extension installed:


(Joshua Rosenfeld) #4

Well that’s … odd. Anything else running in the VM (or the system that runs the VM) that could connect to WordPress? Have you configured any SSO settings?


(Steve Combs) #5

Could it be related to Akismet spam check feature of Discourse?


(Joshua Rosenfeld) #6

Akismet is a plugin (installed on our hosting by default, but not on self-installs), and I don’t see it on the plugin list.


(Guillaume EB) #7

Nothing else installed on the VM that would want to connect to wordpress. It’s a plain CentOS 7 VM, on which I just installed Discourse.

I have plugged the Discourse to internal LDAP, and may have played with SSO at the beginning, could it be something to dig?


#8

One thing to be aware of is that the onebox functionality that tries to generate link previews is a serverside process. If someone’s been linking to wordpress in private messages for instance?

It shouldn’t generate lots of requests though, are they able to see any pattern to the activity?


(Guillaume EB) #9

There is a link to wordpress.com in the defaults terms of service from the Staff category, could it come from there?
Can we disable the onebox functionnality?


#10

Yes, search the admin settings for “onebox” … I find both a blacklist and a whitelist setting on my test instance. I think maybe everything is whitelisted until you put something in that field. I haven’t played around with it much.

If the clients reading the Discourse forum have internet access it might be worth trying to get onebox working for commonly linked pages like wikipedia, stackechange, github and so on. I am thinking of moving our own internal Discourse to a DMZ so it could have a more relaxed outgoing firewall policy.


(Guillaume EB) #11

I put a whitelisted internal domain, I will wait return from my IT.

Thanks everyone.