Advanced search

Message boards : Number crunching : GUI RPC request from non-allowed address

Author Message
DGM17
Send message
Joined: 17 Jan 09
Posts: 2
Credit: 175,880,544
RAC: 56,556
Level
Ile
Scientific publications
watwatwatwat
Message 48685 - Posted: 13 Jan 2018 | 5:00:57 UTC

1/12/2018 - I am getting this text in my BOINC Manager Event Log and no new work: "GUI RPC request from non-allowed address".

I am wondering why my IP address is on this list. I have made over 50 million credits with this computer and I do not recall making any changes to my account. Can anyone explain what has happened?
____________

Toni
Volunteer moderator
Project administrator
Project developer
Project scientist
Send message
Joined: 9 Dec 08
Posts: 696
Credit: 4,285,282
RAC: 24
Level
Ala
Scientific publications
watwatwatwat
Message 48686 - Posted: 15 Jan 2018 | 13:10:55 UTC - in response to Message 48685.

Moving to the "Number crunching" thread, perhaps it's more visible there.

mmonnin
Send message
Joined: 2 Jul 16
Posts: 163
Credit: 260,684,139
RAC: 634,657
Level
Asn
Scientific publications
wat
Message 48687 - Posted: 15 Jan 2018 | 14:04:40 UTC
Last modified: 15 Jan 2018 | 14:05:00 UTC

Something is requesting connecting to the GUI (the BOINC Client?) like another BOINC Manager or BOINC tasks. I don't think its anything to do with this or any other project.

I use this to allow BOINCTasks to connect to remote clients:
<allow_remote_gui_rpc>1</allow_remote_gui_rpc>

GUI RPC...

Richard Haselgrove
Send message
Joined: 11 Jul 09
Posts: 847
Credit: 1,686,015,745
RAC: 1,076,218
Level
His
Scientific publications
watwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwat
Message 48688 - Posted: 15 Jan 2018 | 15:11:51 UTC

DON'T allow remote gui rpc until you've understood what is going on and why.

Read Controlling BOINC remotely for the background behind what the terms mean. 'Remote' in this case usually means another computer in your home or workplace: the processes don't work well over wider area networks, and in any event external computers should be blocked by your firewall or router. Of course, in this day and age, close-by computers can possibly hack into your WiFi, but let's assume not for the time being...

In normal usage, the BOINC client and the BOINC Manager both run on your local computer, and communicate with each other over a connection known as 'localhost' or IP address 127.0.0.1

It is possible to manage the BOINC client on one machine from a Manager (or replacement like the BoincTasks that's been mentioned already) on another machine: in that case, you have to authorise the process to use remote gui rpcs. This is usually described in terms of "The remote computer's IP address", but that's not strictly true: IP addresses are assigned separately to each network interface, so it's possible for a single computer to have two or three IP addresses (cable, WiFi, VPN to employer, would all be different). That might confuse things.

Also, I see you have 4 computers attached to this project. Maybe you (or a colleague) have set up remote control already, but a change in the network has moved one of the machines out of the permitted range of IP addresses. You need to have a sniff around your local network (whatever that means in your environment) and find out who's doing what, before you open the doors to every passer-by.

DGM17
Send message
Joined: 17 Jan 09
Posts: 2
Credit: 175,880,544
RAC: 56,556
Level
Ile
Scientific publications
watwatwatwat
Message 48690 - Posted: 16 Jan 2018 | 0:26:17 UTC - in response to Message 48688.

Thank you, Richard Haselgrove.

I do use "Bonic Tasks" and I moved the software to this Windows 10 computer, but I forgot to clear out the old IP address in the "remote_hosts.cfg" file on this Windows 10 Computer. I think it was just coincidence that I could not receive new work units from GPUGRID.net.

Again, thanks for helping me with this!

mmonnin
Send message
Joined: 2 Jul 16
Posts: 163
Credit: 260,684,139
RAC: 634,657
Level
Asn
Scientific publications
wat
Message 48691 - Posted: 16 Jan 2018 | 12:47:19 UTC - in response to Message 48688.

DON'T allow remote gui rpc until you've understood what is going on and why.

Read Controlling BOINC remotely for the background behind what the terms mean. 'Remote' in this case usually means another computer in your home or workplace: the processes don't work well over wider area networks, and in any event external computers should be blocked by your firewall or router. Of course, in this day and age, close-by computers can possibly hack into your WiFi, but let's assume not for the time being...

In normal usage, the BOINC client and the BOINC Manager both run on your local computer, and communicate with each other over a connection known as 'localhost' or IP address 127.0.0.1

It is possible to manage the BOINC client on one machine from a Manager (or replacement like the BoincTasks that's been mentioned already) on another machine: in that case, you have to authorise the process to use remote gui rpcs. This is usually described in terms of "The remote computer's IP address", but that's not strictly true: IP addresses are assigned separately to each network interface, so it's possible for a single computer to have two or three IP addresses (cable, WiFi, VPN to employer, would all be different). That might confuse things.

Also, I see you have 4 computers attached to this project. Maybe you (or a colleague) have set up remote control already, but a change in the network has moved one of the machines out of the permitted range of IP addresses. You need to have a sniff around your local network (whatever that means in your environment) and find out who's doing what, before you open the doors to every passer-by.


One thing you should absolutely NOT be doing is installing BOINC on a work computer. Sure way to get your "butt" fired. Unless you are your own employer then BOINC should never, ever be installed at work w/out legal, written permission.

If a hacker has control of a BOINC client via the GUI RPC then I've got bigger issues and BOINC is the last of them. allow_gui_rpc is the easiest way to allow access with BOINCTasks.

Richard Haselgrove
Send message
Joined: 11 Jul 09
Posts: 847
Credit: 1,686,015,745
RAC: 1,076,218
Level
His
Scientific publications
watwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwat
Message 48692 - Posted: 16 Jan 2018 | 14:16:07 UTC - in response to Message 48691.

One thing you should absolutely NOT be doing is installing BOINC on a work computer. Sure way to get your "butt" fired. Unless you are your own employer then BOINC should never, ever be installed at work w/out legal, written permission.

If a hacker has control of a BOINC client via the GUI RPC then I've got bigger issues and BOINC is the last of them. allow_gui_rpc is the easiest way to allow access with BOINCTasks.

Agreed with both parts of that - in the grand scheme of things, letting a hacker grab your BOINC is very low on the risks we all run. But at the time we both replied, it wasn't even clear that the OP wanted to use remote control - hence ask questions first, before assuming you understand what the user is trying to achieve.

Anyway, the post is written now, and DGM17 is happy with the outcome, so it can stand in case someone else finds themselves in a similar position in the future.

Profile BeemerBiker
Avatar
Send message
Joined: 31 Oct 08
Posts: 102
Credit: 1,029,856,253
RAC: 2,196,848
Level
Met
Scientific publications
watwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwatwat
Message 48804 - Posted: 3 Feb 2018 | 16:52:14 UTC - in response to Message 48685.
Last modified: 3 Feb 2018 | 17:04:06 UTC

1/12/2018 - I am getting this text in my BOINC Manager Event Log and no new work: "GUI RPC request from non-allowed address".

I am wondering why my IP address is on this list. I have made over 50 million credits with this computer and I do not recall making any changes to my account. Can anyone explain what has happened?


For what it is worth, also in january, within minutes of setting up a new Ubuntu boinc system, I had 3 requests that were denied. I can only assume they were from a compromised system behind my router or they got through the router somehow.

The first one I got was from 2.0.198.94, a French site. I am in USA. Here are the other two, also from outside USA.


    boinc.log:24-Jan-2018 19:47:52 [---] GUI RPC request from non-allowed address 2.0.199.23
    boinc.log:24-Jan-2018 21:30:43 [---] GUI RPC request from non-allowed address 2.0.199.157



Do you have a record of the IP address of the intruder?

[EDIT] Corrected date as it occurred in January,not December.

Also: Are you using grcpool as an account manager or doing any mining?

Post to thread

Message boards : Number crunching : GUI RPC request from non-allowed address