Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Opened 2 ports, and probably not by chance, got ransomeware...

21 Dec 2019   #1
Basil

Win 7 Pro 64 Bit
 
 
Opened 2 ports, and probably not by chance, got ransomeware...

I feel my somewhat Cavalierly opening 2 ports in my networked Win 7 64 bit PC has allowed a hacker to infiltrate it with a nasty ransomeware that the experts say is not decryptable save risking a hefty payment to bandits. Luckily I had a back up of the C: Drive and D: Drive had only a small number of none critical directories encrypted. The E: Drive is a total loss...



I have several questions! I was trying to run a tracker server on my home PC called Traccar. It requires the opening of ports 5055 and 8082 with UDP and TCP. I port forwarded them in my Technicolour TG282n router and allowed them to pass in the Windows firewall. But using a web based port checker they remained closed to the outside world.



I then enabled DMZ in the router and they appeared open then. I am WAY out of my depth but I feel this may have left the PC that the router linked the ports to, vulnerable? I have by chance looked in the router log and see that whilst I was out today something has scanned ports including at least one of those I opened.



I opened them both inbound and outbound but I am now thinking each may only needed to have been opened one way. Again, out of my depth. Thousands of people run this server software and a search of its forum shows no angry cries of it creating a vulnerability, so i guess it's me doing something rash...



It shows:


IDS scan parser : tcp port scan: 192.168.1.70 scanned at least 10 ports at 82.70.254.222. (1 of 2) : 192.168.1.70 82.70.254.222 0052 TCP 5055->53971 [.FA...] seq 1552092604 ack 1315363770 win 258


I have written the back up to C: and now desire to open these ports again, but I need advice please. Without DMZ enabled these ports appear closed. Is there a safe way to open them without enabling DMZ.


I will start a new thread about back ups, I naively stored them on a software RAID1 disk pair on the same machine. By luck or maybe design from Macrium Reflect the image files were not encrypted. I will ask in a more appropriate part of this forum about how to store back ups away from the machine that's being backed up. In hindsight I think I did a stupid thing in doing that!


Many thanks if anyone can advise if the port opening (only done two days ago) may have led to this attack, and how to safely open them without enabling DMZ which I believe may bypass the router firewall?


My System SpecsSystem Spec
.
21 Dec 2019   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

DMZ opens all 65,535 ports to the computer/server. You don't want that.

The ports may appear closed due to ICMP ping requests being denied, or there is port knocking going on to open those ports. I'd try the Traccar server software first without testing the ports and see if it works as it should.

What exactly are you doing with this GPS server software? I may know of a way to do this without port forwarding, but it will require a different router flashed with the third-party firmware ASUS Merlin or DD-WRT.

Since you're running a server to the outside world, you may be interested in a hardware-based firewall like Pfsense put on a Nettop. You can buy a Nettop on eBay for cheap. If this server software runs in Windows, you may be interested in Peerblock and my Peerblock lists here This will help cut down on unsavory IP connection attempts you don't want.
My System SpecsSystem Spec
22 Dec 2019   #3
samuria

win 8 32 bit
 
 

Udp doesn't get a reply there is no connection it just says hello and get no response.. tcip actually makes a connection and a open port may seem to be closed if nothing answer. When you open a port you can't test on the local network you need to be on another network like mobile. You need to be sure the infection was from open ports not something else
My System SpecsSystem Spec
.

4 Weeks Ago   #4
Basil

Win 7 Pro 64 Bit
 
 

OK, thanks, I will address this, I have now got the needed ports open without recourse to using DMZ, many thanks.
My System SpecsSystem Spec
4 Weeks Ago   #5
samuria

win 8 32 bit
 
 

Best practice is to set DMZ to a ip not used on the network so any attack goes nowhere
My System SpecsSystem Spec
Reply

 Opened 2 ports, and probably not by chance, got ransomeware...




Thread Tools




Similar help and support threads
Thread Forum
Reinstall options help after Ransomeware infection...
Hello all, I know clean installs of Windows 7 from an upgrade disk has been discussed to death (everywhere), but I can't seem to find anything about what is needed to do an install if you have to reinstall it either after an infection of replacing a drive. Does the OLD OS HAVE TO INTACT...
Installation & Setup
Front USB ports not working, but rear USB ports work…
This is a brand new custom built PC for web browsing for a motel lobby. Win7 Home Premium AMD A4-3300 Llano MSI A55M-P33 FM1 Rosewill FBM-02 MicroATX Mini Tower Running latest BIOS and latest drivers downloaded directly from manufacturer's website. I tried switching between all 3...
Hardware & Devices
3 Ports Opened!
I went to the site ShieldsUP! and found 3 ports opened! On the other hand, my 2nd computer shows no ports opened, only stealth/closed. How come!? I had just done a clean install of Windows 7 two days ago and I always have my firewall and antivirus on. https://www.grc.com/x/ne.dll?bh0bkyd2 ...
System Security
Is there a chance I am okay?
I have been sick for several weeks. Yesterday I got home & dl'd Chrome Beta 4. @ some point , while wathcing Justin) I was hit with a varation of the 2009 antivirus fake scan. I instantly ctrl/alt/del and hit task manager , then shut it down via explorer. No issue. Just a few hours ago I...
System Security
Any Chance of a little help? =)
Hey people just stuck with 1 little problem. iv got windows 7 profesional on my nice old laptop (Fajitsu Siemens Amilo Pro V2055) laptop, yes i know its about 5 years old, but it runs 7 amazingly but the 1 problem i have is with my graphics card driver, it is saying that it is not updated...
Drivers


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 18:34.
Twitter Facebook