It's normal to get scans/attempts on any public IP.
That said, malwarebytes is usually run on personal computers, do you have ports forwarded to your PC from the internet?
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-At this time we permit content that is infuriating until an infuriating community is made available.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
It's normal to get scans/attempts on any public IP.
That said, malwarebytes is usually run on personal computers, do you have ports forwarded to your PC from the internet?
No, I don't have any ports forwarded to my PC from the internet as far as I'm aware.
If they are making it past your firewall and hitting your computer then the firewall is open and it shouldn’t be. Or that’s an outbound connection triggering the alert.
Just clarification here, a NAT is NOT a firewall. It will drop packets originating from outside the network if the ports aren't forwarded to an IP simply because the NAT has no idea which device on the network to send the packets to. A forwarded port is you telling the NAT to assume packets coming into a specific port should be forwarded to a specific device. It is acting as a security measure simply by coincidence but not by design. Unlike a firewall it will not inspect any packet payload or attempt to make a security decision on outbound packets. It only routes based on the packet headers.
A firewall on the other hand actively will reject or drop packets because it is an Intrusion Prevention System (IPS). This is why if your router has a built-in firewall, your NAT will still drop the packets -- because it isn't a firewall nor is it what is being referred to if you disable it.
It's more like an inbound connection that is triggering the alert.
Well, I just went through some online instructions to setup an inbound rule in Windows Defender Firewall that is a list of IPs to have it block, hoping that will solve this ongoing problem I was having.
Hmm maybe these are outgoing traffic in that case, does it tell you the src/dst info?
Not that I can tell, this is what shows up in the logs of just one of the hack or scan attempts.
Malwarebytes www.malwarebytes.com
-Log Details- Protection Event Date: 1/2/24 Protection Event Time: 10:48 PM Log File: f150648e-a9ea-11ee-8d8b-04d4c458e8f6.json
-Software Information- Version: 4.6.7.301 Components Version: 1.0.2222 Update Package Version: 1.0.79191 License: Premium
-System Information- OS: Windows 10 (Build 19045.3803) CPU: x64 File System: NTFS User: System
-Blocked Website Details- Malicious Website: 1
-Website Data- Category: Compromised Domain: IP Address: 45.79.168.172 Port: 6667 Type: Inbound
A quick search shows that IP is known for hacking type requests https://www.abuseipdb.com/check/45.79.168.172
I would check how your router is setup, as they should not be hitting your computer at all.
Port 6667 is a typical IRC port. It is sometimes used by remote access backdoors for command and control via a channel (chat room basically) on an IRC server, however, if that port isn't forward OR you don't have your PC set as the DMZ Host (you should never do this), then you probably have malicious software on your system.
If it isn't forwarded, then your NAT would drop the packets and Malwarebytes would never see it because they wouldn't be there. Malicious software can forward ports via uPNP and you should turn that off on your router or router/modem combo. It can also make it through if the connection is starting from inside of your network for TCP, which is the protocol that would be used for 6667 normally.
just drop the traffic and get on with your life
If you don't have any of those ports open, then just ignore it. There are lots of bots out there that are just scanning for easy targets.