authorunknown

Do the new updates deal with this threat? See: https://www.zdnet.com/article/this-malware-is-harvesting-saved-credentials-in-chrome-firefox-browsers/?ftag=TRE-03-10aaa6b&bhid=21977969419277629210563629293254

Resolved issue so please archive this if someone asks.... I did some checking and apparently something had changed in either the host or eset that caused a setting I had in Dreamweaver CS6 for the sites with issues to no longer be an acceptable setting for FTP. I switched on the "Use passive FTP" connection method on the sites that had issues and no more port scans.

<FYI> This issue just started 4/23/2014. Before that I was not having any issue with the same FTP procedure (using Dreamweaver CS6 and no updates to this program for a long time) on the same domain with the same IP. It was then that I started testing other domains and IPs.

Alright.... You are saying that I should disregard somthing that looks like it is probing my system from a remote location when I use FTP to change files on verious websites from mutiple IP addresses? What is the point of having that feature if we should all just disable it? Current Log: ------------------ 5/2/2014 12:03:35 PM Detected Port Scanning attack 192.185.146.34:28356 192.168.2.103:57862 TCP 5/2/2014 10:31:22 AM Detected Port Scanning attack 192.185.146.37:36410 192.168.2.103:56662 TCP 5/1/2014 9:44:50 AM Detected Port Scanning attack 192.185.146.37:12284 192.168.2.103:52348 TCP 4/30/2014 10:20:30 PM Detected Port Scanning attack 192.185.146.250:20765 192.168.2.103:49208 TCP 4/30/2014 10:02:05 PM Detected Port Scanning attack 192.185.146.250:31634 192.168.2.103:53119 TCP 4/30/2014 11:50:51 AM Detected Port Scanning attack 192.185.146.37:31971 192.168.2.103:52207 TCP 4/30/2014 10:45:38 AM Detected Port Scanning attack 192.185.146.37:47539 192.168.2.103:52123 TCP 4/30/2014 10:19:41 AM Detected Port Scanning attack 192.185.146.37:17832 192.168.2.103:51788 TCP 4/29/2014 8:38:08 AM Detected Port Scanning attack 192.185.146.37:27141 192.168.2.106:57090 TCP 4/29/2014 8:26:44 AM Detected Port Scanning attack 192.185.146.37:32343 192.168.2.106:56761 TCP 4/28/2014 9:26:35 AM Detected Port Scanning attack 192.185.146.37:23036 192.168.2.106:54923 TCP 4/24/2014 3:58:32 PM Detected Port Scanning attack 192.185.146.37:42653 192.168.2.108:59961 TCP 4/24/2014 3:47:41 PM Detected Port Scanning attack 192.185.146.37:32246 192.168.2.108:59787 TCP 4/23/2014 8:23:00 PM Detected Port Scanning attack 192.185.146.37:37167 192.168.2.108:57372 TCP 4/23/2014 8:03:47 PM Detected Port Scanning attack 192.185.146.37:22773 192.168.2.108:57104 TCP ------------------

I am currently experiancing Port Scanning attacks from some of my domains about 5 minutes after establishing an FTP connection. My hosting provider is shifting the blame (of course) to a Eset misconfiguration. This is not the issue as I have other hosting providers with almost identical configurations and no issue. I have other domains on other IP's with this host and similar configuration and no issue. I am now documenting which specific ones have the issues and which ones do not. So far all attacks originate from domains that are using WordPress from veried versions and veried configurations with 2 seporate IP addresses. Has anybody heard of anything like this. Is there a way to scan for the origin of this issue on a shared hosting envirnment?