You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems that on every ssh login, a request is being sent to a host controlled by CloudPanel developers.
This is due to this code in /etc/update-motd.d/10-cloudpanel:
CLOUDPANEL_URL="https://$(curl -sk --connect-timeout 5 --retry 3 --retry-delay 0 https://d3qnd54q8gb3je.cloudfront.net/):8443"
CUSTOM_CLP_DOMAIN=$(/usr/bin/cat /etc/.clp_custom_domain 2>/dev/null)
if [ ! -z "$CUSTOM_CLP_DOMAIN" ]; then
CLOUDPANEL_URL="https://$CUSTOM_CLP_DOMAIN/"
fi
Supposedly, the request is made to determine the IP address of the CloudPanel instance. However, the request is made even when a custom CLP domain is used, and hence there would be no need to determine the IP.
As a result, the developers of CloudPanel learn the IP address of the CloudPanel instance and can track every login to the server.
It would be helpful if the CloudPanel developers would clarify what other "pinging home" mechanisms the software is using, as this is not reflected in the privacy policy (which currently considers only CloudPanel instance run on cloudpanel.io).
Being transparent on what data the software collects from our machines would greatly help to improve the trustworthiness of the CloudPanel software. This is crucial as the great solution that CloudPanel developers have built becomes increasingly popular on the internet.
How to reproduce
See above.
Possible Solution
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered:
CloudPanel version(s) affected
2.5.0
Description
It seems that on every ssh login, a request is being sent to a host controlled by CloudPanel developers.
This is due to this code in
/etc/update-motd.d/10-cloudpanel
:Supposedly, the request is made to determine the IP address of the CloudPanel instance. However, the request is made even when a custom CLP domain is used, and hence there would be no need to determine the IP.
As a result, the developers of CloudPanel learn the IP address of the CloudPanel instance and can track every login to the server.
It would be helpful if the CloudPanel developers would clarify what other "pinging home" mechanisms the software is using, as this is not reflected in the privacy policy (which currently considers only CloudPanel instance run on
cloudpanel.io
).Being transparent on what data the software collects from our machines would greatly help to improve the trustworthiness of the CloudPanel software. This is crucial as the great solution that CloudPanel developers have built becomes increasingly popular on the internet.
How to reproduce
See above.
Possible Solution
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: