NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Unknown IP's accessing sites
Not entirely sure I've selected the correct product but I assume the software on each is similar so hopefully someone can help.
I've blocked an adult site on my router which works as expected but every so often I'll get a stack (100+) emails alerting me the the site was blocked from a source that isn't a local IP. The last couple of days I've had over 1,000 emails with various source IP's. This is clearly some bot that's doing this given the alerts ping out every few seconds.
I could change my log settings to ignore blocked sites so I don't get the constant stream of emails but I'm just confused how a bot can attempt to access sites from my system and wondered if there's a way to automatically block it?
I'm also assuming that it's accessing other sites unless there's some system that will see what sites have been blocked and just target those?
Has anyone else experienced this before and does anyone have any suggestions?
3 Replies
What NG product model # do you have?
What do you mean by unknown IPs accessing sites? Something that is connecting to your system?
Be sure to disable any MAC Address randomizers on phones and pads while at home:
https://community.netgear.com/t5/Orbi-App/NETGEAR-Mobile-Applications-and-Apple-Devices-FAQ/td-p/2220016/jump-to/first-unread-messageHi, thanks for the response.
I have the NETGEAR Orbi RBS850 with two RBR850 satellites.
Yes something is, or seems to be, connecting to my system on a regular basis. When I posted yesterday I had to clear down 3,000 email alerts which had accumulated in about 1 1/5 days. I've since changed the NETGEAR logging to only email when the log is full and now I get a new email every 15 minutes as opposed to 5 or so in a minute, which shows the frequency of these "attacks"
Here's a snippet from the NETGEAR log,
[site blocked: www.xxxxx.com] from source 167.235.228.181 Monday, Oct 14,2024 06:51:25
[site blocked: www.xxxxx.com] from source 109.235.59.58 Monday, Oct 14,2024 06:51:24
[site blocked: www.xxxxx.com] from source 167.235.228.181 Monday, Oct 14,2024 06:51:22
[site blocked: www.xxxxx.com] from source 109.235.59.58 Monday, Oct 14,2024 06:51:21
[site blocked: www.xxxxx.com] from source 167.235.228.181 Monday, Oct 14,2024 06:51:19
[site blocked: www.xxxxx.com] from source 109.235.59.58 Monday, Oct 14,2024 06:51:18
[site blocked: www.xxxxx.com] from source 167.235.228.181 Monday, Oct 14,2024 06:51:16
[site blocked: www.xxxxx.com] from source 185.112.145.205 Monday, Oct 14,2024 06:51:15
[site blocked: www.xxxxx.com] from source 109.235.59.58 Monday, Oct 14,2024 06:51:15
[site blocked: www.xxxxx.com] from source 167.235.228.181 Monday, Oct 14,2024 06:51:13As you can see, it's not one static IP that's attempting to access.
The problem has been going on for some time now but previously there'd be a surge for around half a day then I'd get nothing for several weeks. However, it's recently ramped up so much so that my email limit was reached as it was sending out so many alerts.
I've got the latest firmware on my router and satellite's and am quite sure I'm not allowing external access, so I'm very confused as to how they're getting in.
Networking isn't really part of my I.T. skill set though so it's very possible I've overlooked something. I'm going to take a look at the MAC address randomizers link you sent and make sure our phones/tablets are configured correctly.
Do a lookup search on those IP addresses to see where they are coming from and which devices they are trying to access.
If the log is reportng BLOCKED, then the Firewall is doing it's job and those attemps are being blocked from accessing anything. The router and firewall is doing it's job and the logs are only reflecting the action taken.
