How to investigate weird connections from log?

Ivan_Rapekas · August 9, 2022, 2:02pm

Hello,

Suddenly I found some repeatable lines in the log of my forum:

Job exception: SSL_connect returned=1 errno=0 peeraddr=18.9.94.69:443 state=error: dh key too small

I searched meta for similar topics by dh key too small and cannot find relatives because forum is similar to be fine after rebuild this week (emails and auth work).

I’m sure that I don’t use any connections to 18.9.94.69 because this is MIT address located in MA (my forum in Russia). I suspect this address may be hardcoded in some plugin.

Could someone share their experience on how to investigate such incidents? I tried to grep that IP in app directory with no results.

Falco · August 9, 2022, 2:15pm

That’s most likely a onebox attempt that failed because the URL is behind a server with broken TLS configuration.

Ivan_Rapekas · August 9, 2022, 2:21pm

Thanks a lot for the quick reply! Really, some lines in the stacktrace say about onebox. You are right, server is under several proxies). Now the question is clear. Have a nice day

system · September 8, 2022, 2:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Email Notifications Failing after Update Installation email	5	753	July 17, 2023
Mailings do not work anymore due to SSL errors Support	3	1043	September 11, 2019
Internal URL no longer oneboxing Support	27	2710	June 12, 2017
Email to custom address fails: "lost connection after EHLO" Support email	5	354	November 7, 2024
Oneboxing Discourse links Support	4	858	June 8, 2024

How to investigate weird connections from log?

Related topics