I'm using an Asus router, with built-in "AiProtection" by Trend Micro. I have all the functions turned on. I have never seen any warnings through this service, despite using an Asus router for at least 5 years.
Since the 6th. of November, I have had exactly 300 "Protection events" against "Two-Way IPS".
Does this mean that someone has tried to hack me, and this router function has prevented it, 300 times the last three weeks ? What could I have done since there is now 300 attempts at such activity while the last five years there have been none ? I've had a NAS and various open online port-forwarded music servers etc. for the whole period.
Details of "successfully prevented events" are listed like this:
2019-11-23 23:16:08
External Attacks
114.88.241.200
192.168.1.200
WEB Remote Command Execution via Shell Script -1.a
2019-11-23 23:06:41
External Attacks
121.74.232.44
192.168.1.200
WEB Remote Command Execution via Shell Script -1.a
2019-11-23 13:35:52
External Attacks
170.247.255.127
192.168.1.200
WEB Remote Command Execution via Shell Script -1.a
2019-11-22 02:28:56
External Attacks
23.254.227.67
92.221.104.37
EXPLOIT Remote Command Execution via Shell Script -2
The origin IP addresses are different it seems every time.
Almost all attacks are "WEB Remote Command Execution via Shell Script xxxx". What does this mean ? How can I protect against that kind of attack specifically ?
This is what AiProtection says about "Two-way IPS":
"The Two-Way Intrusion Prevention System protects any device connected to the network from spam or DDoS attacks. It also blocks malicious incoming packets to protect your router from network vulnerability attacks, such as Shellshocked, Heartbleed, Bitcoin mining, and ransomware. Additionally, Two-Way IPS detects suspicious outgoing packets from infected devices and avoids botnet attacks."
Am I correct that most of these "web remote command execution via shell script" attacks are nothing more than bots attempting to try different passwords on my website ? How have they found my website ?
Or does also this mean e.g. possible MITM attacks ? I am not able to use even http(s) for most of my music servers.
Thank you very much for your help.
Since the 6th. of November, I have had exactly 300 "Protection events" against "Two-Way IPS".
Does this mean that someone has tried to hack me, and this router function has prevented it, 300 times the last three weeks ? What could I have done since there is now 300 attempts at such activity while the last five years there have been none ? I've had a NAS and various open online port-forwarded music servers etc. for the whole period.
Details of "successfully prevented events" are listed like this:
2019-11-23 23:16:08
External Attacks
114.88.241.200
192.168.1.200
WEB Remote Command Execution via Shell Script -1.a
2019-11-23 23:06:41
External Attacks
121.74.232.44
192.168.1.200
WEB Remote Command Execution via Shell Script -1.a
2019-11-23 13:35:52
External Attacks
170.247.255.127
192.168.1.200
WEB Remote Command Execution via Shell Script -1.a
2019-11-22 02:28:56
External Attacks
23.254.227.67
92.221.104.37
EXPLOIT Remote Command Execution via Shell Script -2
The origin IP addresses are different it seems every time.
Almost all attacks are "WEB Remote Command Execution via Shell Script xxxx". What does this mean ? How can I protect against that kind of attack specifically ?
This is what AiProtection says about "Two-way IPS":
"The Two-Way Intrusion Prevention System protects any device connected to the network from spam or DDoS attacks. It also blocks malicious incoming packets to protect your router from network vulnerability attacks, such as Shellshocked, Heartbleed, Bitcoin mining, and ransomware. Additionally, Two-Way IPS detects suspicious outgoing packets from infected devices and avoids botnet attacks."
Am I correct that most of these "web remote command execution via shell script" attacks are nothing more than bots attempting to try different passwords on my website ? How have they found my website ?
Or does also this mean e.g. possible MITM attacks ? I am not able to use even http(s) for most of my music servers.
Thank you very much for your help.
Last edited: