Nextcloud Owncloud Calling Home

I did a deeper firewall test on my fresh installed OpenWRT Router and activated a “Ads Blacklist” after this my owncloud Share Login loops!


  • Seems that some IP’s of the “Update Check Tool” Servers, which is installed inside the PHP-Kit is blacklisted.
  • So it seems the Code calls home!  With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions!
  • I didn’t check deeper, but the behavior was clear without viewing the codes.

After publish this Info via Twitter:


nextcloud owncloud calling home


  • No Company / Developer works for “free”
  • After Setup of PHP-Kits do a IP Firewall Traffic checkout
  • If you don’t need the PHP Kit reachable via Internet block the IP Device at your Router from Internet Access!
  • Prefer Standard Tools like SFTP/SCP with Key Auth to transfer Files, less unsecure cause only one application active!!
  • PHP Kits Logins can often be scanned by Search Indexes by “Search by Title” of the Login Webinterface!!

For me i decided to purge the package and use System Standard Tool “SFTP with SSH Key Auth” and on my Phone a Totalcommander with SFTP Plugin!



Nextcloud Owncloud Opensource Risk’s

If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks:

Based on this Article

You must know:

  • Details of Security about your current used PHP Versions (7.X)
  • Details of your used Database Version (MySQL..)
  • Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter)
  • See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS)
  • You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy)
  • Use the SSH Tunnels on unknown Ports and Login via Key Files which must be unlocked by LONG PASSWORDS
  • Public ACCESS is ALWAYS a RISK if YOU didn’t have the KNOWLEDGE of the SOURCE CODE!

Howto read here

Amazon: Cloud Drive Sharing with NFS on Local Network as Photo Uploader Backup

Current the acd_cli tool for amazon drive mount offers no “fsid” (device /dev) point, that you cant export and share the amazon drive at your home local network.

On the latest raspberry pi OS (jessie) you can use a small workaround to get a NFS Shared Amazon Cloud Backup Uploader (needs python3.4 !)

  • install acd_cli tools, create the auth file (read) and  run $ sudo acd_cli mount /amazoncloud
  • now create a second Folder /sendtoamazon
  • install nfs-kernel-Server and share this Folder with NFS exports to your LAN
  • on the raspberrypi you can use a cron “move” Job running every 10 Minutes:
    #crontab -e
    */10 * * * * mv /sendtoamazon/* /amazoncloud

If you now put files on the /sendtoamazon nfs share from a PC,  the raspberry pi will grab and push it into the cloud via the “acd_cli mount” a python3 script, remark 10 minutes is ok for small files! on bigger files use over “40” minutes between pushes. If acd_cli fails check for correct python version! and last python modules!!! (python3-appdirs python3-dateutil python3-requests python3-sqlalchemy python3-pip pip3)

If you have a SMALL BANDWITH for upload you can use “rsync -avz” instead mv (move) with “throttle” option to upload files slowly!!


Howto acd_cli for amazon mount on git

Owncloud: Howto harden owncloud access with a ssh tunnel and squid

If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay.

  • Install apache2, php5, mysql-Server, openssh, squid3
  • config Apache2 to listen on https://localhost:443
  • setup squid3  and config the Proxy to listen only on localhost:3128
  • install owncloud to /var/WWW with forced “https” settings at the config.php
  • create ssh-keys to auth with password protected key to the SSH Server

If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options

  1. $ssh -L 3128:localhost:3128 username@owncloudserver.home
  2. Open your Browser on your Client/PC with enabled Proxy usage = localhost 3128
  3. Connect the WebDAV by the URL https://localhost/ the owncloud Login should be displayed! Same with the WebDAV URL possible!

Advantage? You have a two factor protected Owncloud Access, with encryption inside a encrypted SSH Tunnel! Nobody should see files which are transmitted! Thats a tube inside a tube ..


Oneye: Cloud Office Solution

If you are looking for a Cloud based Office Solution you should take a closer look on the Open Source Software “oneye” (commercial version of eyeos)

All you need is a cloud served or home hosted LAP Webserver (Linux/Unix, Apache, PHP5 Server) NO Database required!

oneye Web based Desktop



+ Weboffice with Word, Excel, Mail Client POP+IMAP, Spreadsheet
+ Internal Message System for User Chat INTERNAL ONLY
+ Desktop on Server Hardware possible with Raid, and full Backups! (possible nightly cron job folder to tar)
+ Reachable Office over Internet without any Apps installed! Every Browser Supported!
+ If home served under YOUR Controll!!
+ https let you get Safety!
+ Reachable by IP and Domainname from internal and external Network!
+ easy to Setup and easy to BACKUP!
+ can replace a Google Office or other commercial Product
+ can be integrated into GROUPOFFICE !!!
+ can be protected by SSH TUNNEL! needs a localhost listening squid Proxyserver!

More Safety you wont find on the internet…

Do you need help to setup? then mail me..

Dont forget to donate the oneye developer… thats hard work for freedom

oneye Web based Desktop