Not sure if this is an issue or just a quirk/bug, but my firewall showed an inbound request on port 21 for ftpupd. I’ve never seen the request before and it was blocked but I’m wondering if that is a point of concern. Version is 10.37s127.
Anyone else seen that?
How do you know it was bound for ftpupd? I’d suspect that it was probably just a random hacker hitting port 21 to see if it was open and hackable rather than anything attacking ftpupd.
This is what my firewall software kicked up:
Access attempt Application: C:\wdisplay\ftpupd.exe(Local IP address: 18.104.22.168, Local port: 21, Remote IP address: 192.168.0.11, Remote port: 55057, Protocol: TCP, Direction: Incoming) 4/2/2022 6:10 AM Blocked
This is PC software, not a router so it reads as an incoming attempt to me. It’s not one that has come up previously.
That log entry looks weird. It’s suggesting that your PC has an routable Internet address (local - 22.214.171.124) and the device ‘attacking’ your PC has a non-Internet routable address (remote - 192.168.0.11).
I’m guessing that your local network is 192.168.0.*? In which case what device is 192.168.0.11?
The ‘attacking’ IP address belongs to InMotion Hosting in California. Does that mean anything to you? Do you perhaps host your web site with them?
It rattled me some since this computer never really kicks up those warnings.
This computer is .11 and the site the WD upload goes to is a sister company of InMotion; which I had forgotten was the case. The website pings at .8, not 148, but I’m not sure that’s unusual for a shared host.
My best guess is that something went wrong with a file transfer and the firewall is somehow seeing it backwards. Either that or a pretty advanced hack that grabbed the random response port in the middle of an FTP. I’m just going to keep an eye open and see if it happens again. The AV/firewall on this PC has been running for 4 months with no issues with WD.
Thanks for your reply!