Banned IP.

[SinShadowFox]

So i keep getting reports from my avast anti virus program that an IP infected with Botnet:Blacklist keeps trying to connect to my client.
I've blocked the IP but the warning keeps popping up and its the same IP every time udp://172.86.180.122:10515
So how do i deal with this?

[Peter]

Where do you get this "Botnet:Blacklist" alarm/thing?
IP blocklists are 99% false/wrong. Like 99.999999999999%. DO NOT USE IP BLOCKLISTS, they only hurt your speeds, the swarm, p2p itself.

Use a seedbox, VPN (with port forward preferably) if possible if you are worried. An IP list will NOT protect you at all.

[SinShadowFox]

I get the Botnet:Blacklist from Avast anti virus

Avast warning.PNG (28.95 KiB) Viewed 9230 times

As for IP blocklists, I'm using qbittorrents own block list

qBittorrrent Ban.PNG (148.05 KiB) Viewed 9230 times

[Peter]

Oh man, just uninstall Avast.
They were trash in the past few years anyway, and now Norton bought them. Just no... it's poop. It was okay like 10 years ago but it was in a steady decline ever since.

https://www.thetimes.co.uk/article/avas ... -z0lk0q3ww

[SinShadowFox]

No offense, I'm sure you know your stuff but keep in mind that the person that told me to run Avast/Malwarebytes/Spybot:SaD2 altogether on my pc is the guy that has been helping me with pc problems AND the guy who built my current pc while your someone i just met on the internet so i inherently cannot believe you just because you say that. Additionally when an anti virus program falters it's core weakness is it's Not identifying virus'. So the fact that it's identifying this IP as being infected with Botnet:Blacklist means that it is actually infected with Botnet:Blacklist. Also this IP has been reported several times for malicious actions. What i want to know is if it is getting through qBittorrent's ban then how do i deal with it? Avast is currently preventing it from connecting thankfully but the ban isn't working so far.

[Peter]

What you are looking for:
You can simply block the IP and that's it. This is possible on software firewalls most of the time. Why it appears even though you have blocked it in qBT? It could be a tracker. If you block it through a software firewall, it won't even reach qbt.

What is it:
It's probably a random peer from the swarm. Or a tracker.
You just won't seed to a random poor guy, or won't get to download from them. Or, won't get the peers from that tracker.

Why am I saying all this IP stuff:
The problem with these IP bans and IP blacklists is that IPs change. Most people have dynamic IPs, infected routers will change their IPs and stuff. IP blocklists and whatnot are NEVER up to date. They never have been. Imagine you had a threat coming from a router. A nasty malware botnet IP. Block it. And then it restarts the router and gets a new IP. Now you are blocking a poor sod, instead of the actual threat. Seriously IP blocks are not a solution - not even a band aid.

Why Avast is junk?
- Norton is junk. Everyone knows that. They've been doing McAffee levels of scumbaggery for years now. Fea
- They have been selling user data for years.
https://fortune.com/2020/02/12/free-ant ... -histories
https://www.cnet.com/tech/services-and- ... sing-data/
- Norton bought them.
- They pre-installed junkware with their installer and their software is pretty much, like 99% is just upselling/fearmonger junk. Like most AVs out there nowadays tbh. Many years ago, we didn't have any anti-virus besides third-party ones. Back then, they actually detected threats and didn't try to just scare people into buying the most expensive version of their software. Years went by, then Microsoft Defender came. It was junk, couldn't detect anything. So people still used third-party, paid for them, etc. And then Windows 10 came along and Defender is actually now decent. Like really, really good. https://www.av-comparatives.org | https://www.av-test.org/en/?r=1 .
- Today, since Windows 10 comes with Defender, every AV company just tries to upsell. They sell you "Firewalls", and "crypto malware protection". It's all just junk. Worthless. Firewall? Most people are behind NAT, use a router, etc. This in itself is a firewall. "crypto malware protection" Do proper backups and then you are protected. None of this market crap is actually useful.

How to actually stay safe in 2021?!
- Use Common Sense 2021 Ultimate Edition. Basically, use your head. Don't download linkin_park.mp3.exe files and try to run them no matter what.
- Use Microsoft Defender on WIndows 10/11. It works, it's safe, it's nice. Way better than most products nowadays out there.
- Use a safety DNS, such as AdGuard ( https://adguard.com/en/adguard-dns/overview.html ). This will block ads and nasty stuff. If you don't want adblocking, you can use Quad9 ( https://www.quad9.net ). Both do safety blocks.
- Use uBlock Origin adblock in your browser. They not only block ads but also block known malware sites, threats. IF you insist, you can disable the adblock lists.
- Have backups! I cannot stress this enough. External drives, pendrive, NAS is NOT a backup. Use Backblaze (if you are not techy), Onedrive, Google Drive, whatever you drive.

I've been using uBlock (well AdBlock Plus and whatnot before) and never had an infection. Yes, I do scan with offline tools, live USBs, and nothing. It really works and you don't have to pay a single cent. And that's it. You don't need any third-party software, magical IP blocking firewall mumbo-jumbo.


Well, don't ask me why I wrote a book here. Guess I was bored. I know you won't listen but whatever. Enjoy qBittorrent!

[SinShadowFox]

IP
How do you know if the infection is legitimate or just out of date?

Avast
Ouch. I'm going to talk to my tech guy about that because if it's true that's terrifying. (and he's not in right now)
Wasn't Microsoft Defender like a very simplistic rudimentary firewall?
And if it isn't will it run on Window 7?

Connection Safety
And yes uBlock Origin is very good ^_^
But what is a DNS?
As far as back ups i try to back up my computer to an external harddrive at least once a year but it takes like 2 days to do that.

And just because i can't trust what you say at face value (nature of the internet) doesn't mean i can't listen/verify. I do love to learn and i do appreciate the info.

[SinShadowFox]

Also what is a software firewall?

[Peter]

Hey, I wrote a book... :<

Also what is a software firewall?

Computer security is a very tough subject and is a cat and mouse game.
This whole time I will be talking about security/firewall on Windows. Linux/BSD is a whole different game.

Let's start with the software firewall.
I sure will do a worse job than Wikipedia, but basically, it's a firewall that YOU run on your own computer. It's software that you install, that sits on the network adapter and lets you filter traffic, block IPs, apps from the internet, and so on. One major problem with Microsoft's firewall is that it's very permissive by default. Which makes sense, because millions would get digitally crippled if it was otherwise. But then.. why does it even exist? Exactly. It's useless.

There is a "default deny" firewall, like Comodo, ZoneAlarm, and so on. They will make your life hell until you learn how to configure them up. But, they will make sure no unknown traffic goes through. But. We are running Windows here, and (I am 99% sure) you run applications with admin rights. Thus, any application could just bypass these.

So, in my book, both are pointless. Software firewalls barely ever have any use. Most people used them back in the day so cracks would keep working, lol.

But wait, if you don't have a firewall, will the evil hacker take your selfie while you... no. That doesn't happen, this ain't Hollywood. First and foremost, most people have routers/modems. Even the most basic router/modem nowadays is a router itself. Meaning it will act as a NAT device and thus act as a firewall by itself. So just random things cannot come into your PC directly. (Yes, if there is a very good evil software that will do nat traversal and whatnot - but if that's the case, you are doomed either way.)

So all firewalls are junk? NO.
You CAN buy or rent very expensive (but also good, useful) enterprise firewalls. These block known threats, get frequent, good updates. These can protect a whole university/company from attacks. Very useful if they don't run the latest and greatest (they never do).

Unfortunately, the human factor is always there. And employees/people will open stupid links, files all the time. Regardless, these firewalls do offer good protection.

IP
How do you know if the infection is legitimate or just out of date?

Because IPs, especially attackers will vary, change. Who'd be so stupid to keep using the same IP continuously? Like renting a server, or buying a static IP and assigning a domain like "i.am.the.hacker.com" lol. No one. Attackers use infected routers, computers, servers, and whatnot. These IPs change so often, it's super pointless to even add them to any kind of definition.

Wasn't Microsoft Defender like a very simplistic rudimentary firewall?

- Defender: No, it was always an anti-virus. Windows received a firewall in XP, though it never made much sense. See the top part of my post. Defender sucked big time. It sucked from XP to 8. But in 10, it became actually useful, good.

And if it isn't will it run on Windows 7?

Windows 7 should not be used anymore, period. If you don’t like the fast updates of Windows 10, you can always pick up the LTSC version/key at stores, it’s what I run. It’s a less often updated version. But it’s still supported and it’s still safe.

But what is a DNS?

https://en.wikipedia.org/wiki/Domain_Name_System
Basically, when you type “google.com” in your browser, your PC has to figure that one out. Google.com by itself is just a name. But who says what is Google.com? The DNS tells you that. Think of it like an address book - for the internet.

There are a few of them out there. By default, most people use their ISPs provided servers. But, companies also provide free ones as alternative. These can give you extra speed and even protection.

(adblock&protection) AdGuard DNS: https://adguard.com/en/adguard-dns/overview.html
(speed&protection): Quad9: https://www.quad9.net
(speed) Google’s DNS: https://developers.google.com/speed/public-dns
(speed) Cloudflare DNS: https://www.cloudflare.com/learning/dns ... s-1.1.1.1/

You can even build your own, but honestly, there is really not much need to do that.
https://pi-hole.net

As far as backups I try to back up my computer to an external hard drive at least once a year but it takes like 2 days to do that.

Remember, hard drives, SSDs are mechanical, electrical devices. They can fail at any point, without any warning. Using “RAID” where you use multiple drives in parallel to offer protection - again - is no backup. You may get a power outage, overcurrent, lightning strike, flash flood, fire, whatever. You will probably survive but your data may not.

That’s why most of us use cloud providers or a service like Backblaze.
Cloud providers: Like Onedrive, Google Drive, Dropbox - they most often just give you a folder on your PC where things are synced with the cloud. Backblaze - they simply save ALL your files including your external drives (if they are connected) to their cloud and you can retrieve your files in a pinch.

At first, it may take a bit of time to get used to having a simple folder where you store all your important stuff. But after a while you realize, your actually important stuff does not take up all that much space. And this way, you remain organized, etc.

Myself, I use Onedrive, because I use their family package which offers like 5 accounts - all with 1TB storage space. But I also use Backblaze at people who are not experts. It worked great in the past and never had a problem with them.

[SinShadowFox]

Honestly i think all this firewall stuff is just going over my head.

While i understand what your saying about IPs and it makes sense it still doesn't help me know if a connection to my pc is safe or not or tell me how to defend against "nat traversal".

I use Win 7 because it has greater stability and compatibility and is more user friendly than windows 10 (though I've heard win 11 is in the works even though they said 10 would be the last) So i am unfortunately stuck with the sucky version of defender . . . for now.

I use uBlock origin like you do for adblocking and browser Security so which dns should i use? And how do i use it?

I have a expensive/powerful Surge Protedcted Battery backup for my tower and monitor so most incidents shouldn't be a problem and i store several terabytes of data on my computer from over 30 years of collecting things (which is why copying all my data to another separate HDD takes so much time)

[SinShadowFox]

So i just checked with my teck guy and he says norton didn't buy avast. He did however say norton bout avg. Is that what you were thinking about?

[Gripweed107]

Tell you "teck" guy to start reading the Wall Street Journal.

https://www.wsj.com/articles/nortonlife ... 1628632237