Plugin spamming ipv4.icanhazip.com
Issue #136
resolved
Extension: 1.3.1 / VS Code 1.33.1 / Windows 10 1809
It appears the plugin is configured to check if the internet connection is online every 1.5 seconds. It does so using the npm package “is-online”, which retrieves ipv4.icanhazip.com. This appears to be run per VSCode instance. The net result is a lot of requests hitting ipv4.icanhazip.com
Our firewall logs show on my machine started making a lot of requests at 2019-05-10T15:29:33.000Z. The culprit is the “is-online“ package added in commit f07be5252afda526aff6fc2e438e629db94a034b and used in the class “OnlineDetector“. I have not dug through the git log to see if there are any new consumers of the class more recently.
We began investigating these requests after being blacklisted on CloudFlare’s network. They were the only suspicious requests we could see.
Comments (5)
-
-
Account Deactivated
linked to:VSCODE-479
-
Account Deactivated
- changed component to triaged
-
Account Deactivated
- changed status to resolved
Version 1.4.0 of the extension fixes this issue. (Please note that you need to update to VS Code 1.34 to use this version)
-
- removed component
Removing component: triaged (automated comment)
- Log in to comment
Looks like we are affected as well, I would vote for raising the priority as this seems to affect everybody.