qbittorrent setting off malware and malicsious site alarm constantly

Comments

5 comments

  • Avatar
    Firewalla

    Paste a few alarms and see. False positives does happen, but unlikely to be happy as often as you described. (my guess is your bittorrent is running and likely it is contacting questionable sites)

    0
    Comment actions Permalink
  • Avatar
    Fr

    So I think I narrowed this down to the "Enable DHT (decentralized network) to find more peers" and "Enable Peer Exchange (Pex) to find more peers" settings in qbittorrent. Disabling these causes the alarms to stop. I know this isn't a firewalla issue, was hoping you could look at the alarms. 

    I wanted to copy the alarms from the firewalla into this thread, but I am having an issue where anytime I want to save changed settings, view alarm details, or approve a web sign-in it just hangs until it times out. Never had this issue before, I'm sure a quick reset will fix it but I can't reset the box until later tonight.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @fr, I created a ticket for you, please do not reset. We can look at the "access" issue via that ticket. 

    0
    Comment actions Permalink
  • Avatar
    Fr

    This issue resolved itself about an hour ago when i tried again. I can once again save settings, access alarm details, and approve the web login. I exported all the alarms I got over the night from leaving DHT/PeX settings on:

    Time Alarm Message
    5/23/2022 2:24 Device is accessing [ site 212.178.135.62.
    5/23/2022 2:03 Device is accessing [ site 212.178.135.62.
    5/23/2022 1:37 Device is accessing [ site 212.178.135.62.
    5/23/2022 1:10 Device is accessing [ site 212.178.135.62.
    5/23/2022 0:36 Device is accessing [ site 212.178.135.62.
    5/23/2022 0:10 Device is accessing [ site 212.178.135.62.
    5/22/2022 23:43 Device is accessing [ site 212.178.135.62.
    5/22/2022 23:24 Device is accessing [ site 212.178.135.62.
    5/22/2022 23:09 Device is accessing [ site 212.178.135.62.
    5/22/2022 22:49 Device is accessing [ site 212.178.135.62.

    I deleted the other alarms but they were from various other IPs I think.

    0
    Comment actions Permalink
  • Avatar
    Daniel

    I have the same "issue".

    I think it's because Firewalla thinks basically all IPs that are in AbuseIPDB are malicious.

    0
    Comment actions Permalink

Please sign in to leave a comment.