Forums | Mahara Community
Find many DNS query from mahara application
05 March 2021, 19:28
We use mahara 19.10.3 version. networking monitoring realtime scanning is performed in our mahara application. We find many DNS query from our mahara application server to some of public sites everyday. e.g. feedforall.com, prdweather.org. BBC and New York TImes. DNS query is processed at 12:00 am , 3:00 pm and 00:00 am randomly. Would you please advise why there are many dns query to the public sites?
10 March 2021, 8:12
Mahara does not send information out to other websites per default. I suspect that some of the people that use the site embedded content from the sites you mentioned. When you embed third-party content such as YouTube videos etc. they come with requests to other sites.
10 March 2021, 21:54
Thank for your information. As you said, some student may embed third-party contents to their page. On the other hand, the security administrator report us that the dns query is processed at 0:00 or 3:00 pm but not at random time. it seem that the mahara cron job is trigger to run the dns query instead of user access the page to run the dns query.
11 March 2021, 7:32
I think it would be useful if your admin tracked down where in the database those URLs are stored and then had a closer look at that content and determined whether it was OK to keep or to remove. For good measure, you should also run the search over the database to confirm that there is nothing in there that could trigger it. As I don't know your site, customisations etc. I don't know what could be causing the DNS queries.
Best of luck finding the root cause