mdimport accessing strange IP

Discussion in 'macOS' started by ScottR, May 11, 2007.

  1. ScottR macrumors member

    May 11, 2007
    Hello. Netbarrier X4 keeps telling me that process "mdimport" (which seems to be associated with Spotlight) keeps wanting to access at Port 80. This domain seems to be associated with "hospitality" consulting firm.

    Unfortunately, if I hit Deny the dialog just comes back seconds later. I don't see this process in the Anti-Spyware tab, which, I believe, happens with NetBarrier and Java applications or programs written in other "compile on the fly" languages, like Python (i.e., the setting doesn't "stick").

    What the heck is happening???
  2. Eraserhead macrumors G4


    Nov 3, 2005
    the IP address is something to do with this (I typed it into Camino)

    Puzzling that mdimporter is accessing it, sounds like it's either a false alarm, or you've been hacked.
    Try and see what LittleSnitch comes up with, once it's activated disable NetBarrier as it may interfere.
  3. ScottR thread starter macrumors member

    May 11, 2007
    I seem to have semi-solved the problem.

    The last thing I'd done before the message appeared was to run the current version of Google Earth. This didn't happen WHILE I was running GE--I'd quit it shortly before. As a test, I ran it again for about 30 seconds, quit, and NetBarrier popped up the same alert (actually, DOZENS of times).

    I guess that GE places some reference to this web site in its files and Spotlight indexes the reference (I didn't find any occurrence searching via Spotlight, ironically enough).

    Why, though, is Spotlight trying to access the site--via a Citrix login at that??
  4. ScottR thread starter macrumors member

    May 11, 2007
    OK, more stuff.

    It's not just Google Earth. I'd downloaded POIs for GE from, a subscriber service. That seems to be associated with roadfood (or at least with people there).

    This doesn't seem to be anything malevolent--at least I don't think so. For some reason, Spotlight is finding references to that IP within the kml file and seems compelled to try to access the links. Is it supposed to make Internet calls like this?
  5. SC68Cal macrumors 68000

    Feb 23, 2006
    Are you using Firefox?

    Firefox caches weblinks while your reading a page
  6. ScottR thread starter macrumors member

    May 11, 2007
    No, like I said, it's related to the Google Earth application, not a browser issue at all.
  7. robbieduncan Moderator emeritus


    Jul 24, 2002
    mdimport is basically a container. It doesn't know how to index files itself, it relies on plugins to index them. GoogleEarth has probably installed an mdimport plugin for kml files. What the plugin does is up to the plugin writer. It could quite easily be written to access an IP address if one is found in the file and include some of the text in the indexed entry.

Share This Page