How to drop malware ip and malicious ip? (update list)

network99 · Fri Aug 06, 2021 1:43 pm

hello guys
good time

I have a VPS-Mikrotik in Hetzner Datacenter, for 3rd Hetzner block my ip and says :

We received multiple reports about malware distribution from your IP-adress

My VPS-Mikrotik is pptp-server and I have 10 ppp-client and 10 users connected from pptp on my server !

What is that I should block and deny on Firewall Filter Rule ?
have you know whats is that ?

Have you know site or platform or list to provide malware IP and malicious IP to drop in Mikrotik ?

rextended · Fri Aug 06, 2021 2:00 pm

First of all, ask which IP on what date / time, which malware etc., asking as many details as possible. If they don't, blacklist their email and don't care.

If you don't, whatever is written by me or someone else after the "period" of this sentence, without knowing exactly what you should worry about,
it counts for absolutely nothing.

network99 · Fri Aug 06, 2021 2:12 pm

yes, I completely agree
i have sent email to Hetzner and I asked detail ...

but I want to know in general what is that I should block in firewall ?

have you seen a list or site that updated and completed ?

thanks for your attention

R1CH · Fri Aug 06, 2021 2:21 pm

You should be blocking *everything* by default and then open only strictly necessary ports. Use VPN or LAN interface for management. You will need to do a clean reinstall if its been hacked already.

Fri Aug 06, 2021 2:26 pm

I don't think the virtual machine is hacked. Most likely one of the VPN users has a virus in their windows computer, and since he is using VPN, Hetzner thinks it's coming from the VPS

rextended · Fri Aug 06, 2021 3:11 pm

As I wrote before, is not an insult for all, but this is too much vague

about malware distribution from your IP-adress

"malware distribution" by email? coming "from your IP-adress"???
can some compromised PC send e-mails, from perfectly valid address to perfectly valid addresses, with malware inside?
Nothing to do with MikroTik and firewall...

Understand why without any usefull details can whe only take useless infinite hypothesis?

network99 · Fri Aug 06, 2021 5:22 pm

You should be blocking *everything* by default and then open only strictly necessary ports. Use VPN or LAN interface for management. You will need to do a clean reinstall if its been hacked already.

thnaks

I don't think the virtual machine is hacked. Most likely one of the VPN users has a virus in their windows computer, and since he is using VPN, Hetzner thinks it's coming from the VPS

yes I think my user's windows are be virus and one of my users sent attack or sent malicious of virus file

network99 · Fri Aug 06, 2021 5:23 pm

As I wrote before, is not an insult for all, but this is too much vague
about malware distribution from your IP-adress
"malware distribution" by email? coming "from your IP-adress"???
can some compromised PC send e-mails, from perfectly valid address to perfectly valid addresses, with malware inside?
Nothing to do with MikroTik and firewall...

Understand why without any usefull details can whe only take useless infinite hypothesis?

yes , I agree

How to drop malware ip and malicious ip? (update list)

How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Re: How to drop malware ip and malicious ip? (update list)

Who is online