Jump to content

Recommended Posts

Hello,
i got almost 10 blocked messages in 1 minute from this ip http://198.74.56.46/ but whoisdomain says it s some weird linode, looks like geofeed or some weird official ip

NetRange:       198.74.48.0 - 198.74.63.255
CIDR:           198.74.48.0/20
NetName:        LINODE-US
NetHandle:      NET-198-74-48-0-1
Parent:         NET198 (NET-198-0-0-0-0)
NetType:        Direct Allocation

any idea what this is?

4841166ceedac2c49f189b3756d50546.png

Link to post
Share on other sites

@barakobama

The blocks are on addresses that are attempting to make a forced attempt to exploit remote desktop protocol. 

https://www.abuseipdb.com/check/198.74.56.46

The attempts on various ports are tried by bots.   But they are STOPPED  by the Malwarebytes real-time web protection.

Malwarebytes is protecting your system.

See this article  https://support.malwarebytes.com/hc/en-us/articles/360048565893-Receiving-message-Website-blocked-due-to-compromise

 

In most cases, the attempted probes will eventually stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.
If you wish to do so, here is one how-to guide for the Windows software firewall
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

 

Additionally or alternatively, if this is on Windows 10 PRO  and if you do not need or use Remote Desktop,  you can turn that off.
https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

.

Here is how to block a port number in Windows

https://thegeekpage.com/how-to-block-ports-in-windows-10-firewall/

 

Edited by Porthos
Added additional info
Link to post
Share on other sites

Posted (edited)

Yes, but in firewall there is allready rule to block all ip`s except one.
So isn`t the windows firewall doing it`s job, or malwarebytes simply reports the same layer as windows firewall?

Edited by barakobama
Link to post
Share on other sites

Some suggestions for a Router to protect systems on a LAN...

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
  • Document passwords created and store them in a safe but accessible location.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.