Malicious OGNL Expression Upload from BI?

artworksmetal

artworksmetal

n3wb
Aug 22, 2016
26
2
My Norton AV just stopped a "Malicious Attack" coming from BI. Maybe it was a legitimate packet upload, I don't know squat about it. Here's the message:
BI_ATTACK.jpg

The Attacker URL is my IP.
Anyone else see this? Maybe it was some kind of anomaly. Thanks!
 
180.97.220 . 35 is the ip of a server in china that's found it's way onto a couple spam blacklists. Are you forwarding ports to your Blue Iris server?
 
Are you port-forwarding traffic to Blue Iris? If 208.76.202.112 is your IP then it sounds like 80.97.220.35 was probing your machine for vulnerabilities, which Norton AV blocked. From the description here, it appears to be a vulnerability in Apache Struts, not something Blue Iris would be vulnerable to.
 
Yeah, I am Port forwarding to BI so I can access it remotely. Am I confused because "Attacker URL" really means "Attackee?" Also it used the term "Upload."

I guess I'm also confused by the the intransitive verb resulted preceded by third person singular past tense of be (was) instead of "had.:wtf:" It's not clear from this who did what.
 
artworksmetal said:
Yeah, I am Port forwarding to BI so I can access it remotely. Am I confused because "Attacker URL" really means "Attackee?" Also it used the term "Upload."

I guess I'm also confused by the the intransitive verb resulted preceded by third person singular past tense of be (was) instead of "had.:wtf:" It's not clear from this who did what.
Click to expand...

Bottom line, don't forward ports.
Turn off UPNP in all devices.
Block cams from contacting the internet.
Use VPN: VPN Primer for Noobs
 
  • Like
Reactions: cb8 and awsum140
You must log in or register to reply here.
Top Bottom