Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Reported malware on server? (http:/boaform/admin/formLogin?username=user&psd=user)

Featured Replies

my firewall informed me that my server attempted to connect to a malware site:

 

System: Untangle [Verv.Nunya.com]

Event: WebFilterEvent

Event Time: 2021-03-23 01:36:06.975.

Event Summary:
Web Filter blocked http:/boaform/admin/formLogin?username=user&psd=user (Malware Sites)

Event Details:
app name                          = web_filter
blocked                           = true
category                          = Malware Sites
category id                       = 56
flagged                           = true
reason                            = BLOCK_CATEGORY
request line                      = GET http:/boaform/admin/formLogin?username=user&psd=user
rule id                           = 56
session event                    
bypassed                         = false
c client addr                    = 112.72.231.35
c client port                    = 2728
c server addr                    = redacted - my ip
c server port                    = 80
client country                   = KR
client intf                      = 1
client latitude                  = 36.6353
client longitude                 = 127.4678
entitled                         = true
hostname                         = Tower
local addr                       = 192.168.1.253
policy id                        = 1
policy rule id                   = 0
protocol                         = 6
protocol name                    = TCP
remote addr                      = 112.72.231.35
s client addr                    = 112.72.231.35
s client port                    = 2728
s server addr                    = 192.168.1.253
s server port                    = 180
server country                   = XL
server intf                      = 3
session id                       = 105907154162496
tags string                      = 
time stamp                       = 2021-03-23 01:36:05.741
time stamp                        = 2021-03-23 01:36:06.975

This is an automated message sent because this event matched Alerts Rule "Malware Sites website visit blocked".

 

 

Fortunately it appears blocked.  trying to find out more about what's going on though, and if it originated internally or was something like a malformed header sent to the server, which then tried to respond? I'm a bit out of my depth on this. The latitude and longitude logged shows South Korea...where I am defiantly not located.

 

My server is running 6.9.1, and I use the nginx proxy manager for routing to a nextcoud installation.  so only ports 80 and 443 are forwarded through my firewall.  I think I'm going to start running a Clam AV instance but I have about 21 TB it has to go through. I don't download any movies or other files from the internet.

 

Assistance is greatly appreciated!

 

 

Edited by 1812

  • 1812 changed the title to Reported malware on server? (http:/boaform/admin/formLogin?username=user&psd=user)

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.