New
#1
Opened 2 ports, and probably not by chance, got ransomeware...
I feel my somewhat Cavalierly opening 2 ports in my networked Win 7 64 bit PC has allowed a hacker to infiltrate it with a nasty ransomeware that the experts say is not decryptable save risking a hefty payment to bandits. Luckily I had a back up of the C: Drive and D: Drive had only a small number of none critical directories encrypted. The E: Drive is a total loss...
I have several questions! I was trying to run a tracker server on my home PC called Traccar. It requires the opening of ports 5055 and 8082 with UDP and TCP. I port forwarded them in my Technicolour TG282n router and allowed them to pass in the Windows firewall. But using a web based port checker they remained closed to the outside world.
I then enabled DMZ in the router and they appeared open then. I am WAY out of my depth but I feel this may have left the PC that the router linked the ports to, vulnerable? I have by chance looked in the router log and see that whilst I was out today something has scanned ports including at least one of those I opened.
I opened them both inbound and outbound but I am now thinking each may only needed to have been opened one way. Again, out of my depth. Thousands of people run this server software and a search of its forum shows no angry cries of it creating a vulnerability, so i guess it's me doing something rash...
It shows:
IDS scan parser : tcp port scan: 192.168.1.70 scanned at least 10 ports at 82.70.254.222. (1 of 2) : 192.168.1.70 82.70.254.222 0052 TCP 5055->53971 [.FA...] seq 1552092604 ack 1315363770 win 258
I have written the back up to C: and now desire to open these ports again, but I need advice please. Without DMZ enabled these ports appear closed. Is there a safe way to open them without enabling DMZ.
I will start a new thread about back ups, I naively stored them on a software RAID1 disk pair on the same machine. By luck or maybe design from Macrium Reflect the image files were not encrypted. I will ask in a more appropriate part of this forum about how to store back ups away from the machine that's being backed up. In hindsight I think I did a stupid thing in doing that!
Many thanks if anyone can advise if the port opening (only done two days ago) may have led to this attack, and how to safely open them without enabling DMZ which I believe may bypass the router firewall?