Malwarebytes (v 5.2.7.167, latest as of 3/11/2025) warns/blocks unknown Inbound attempts on UVNC port from various IP addresses. Recent IP addresses were 147.185.132.161, 147.185.133.8, 157.173.195.245, 103.146.22.81, 45.137.192.232. I have not added an exception to allow it and functionality does not seem impacted as I use UVNC for both internal-to-my-network an external device remote control.
I was receiving similar warnings using TightVNC, so I removed it and moved to UNVC. The warning frequency seems to have increased now.
Do I have a problem?
UVNC version: 1.4.3.6 Build: Oct 21 2023 21:46:41
Windows 10 (recently updated)
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC 1.5.0.X: https://forum.uvnc.com/viewtopic.php?t=38037
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC 1.5.0.X: https://forum.uvnc.com/viewtopic.php?t=38037
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Malwarebytes warns/blocks unknown Inbound Attempts
-
Rudi De Vos
- Admin & Developer
- Posts: 6923
- Joined: 2004-04-23 10:21
- Contact:
Re: Malwarebytes warns/blocks unknown Inbound Attempts
Seem someone is trying to access port 5900.
Everybody can try to connect to your ip on port the vnc port
*use encryption
*use another port instead of the default 5900, usual they only scan for ports 5900
Everybody can try to connect to your ip on port the vnc port
*use encryption
*use another port instead of the default 5900, usual they only scan for ports 5900
Re: Malwarebytes warns/blocks unknown Inbound Attempts
Thanks for the reply. I actually don't use port 5900, but another higher unused port # for this very reason. I am concerned as to how an outsider could discover my open/forwarded port. I will give encryption another try. I did try it before and ran into failures to connect and gave up... after a short effort. Clearly this makes me nervous and I'm curious as to why Malwarbytes is blocking these attempts yet lets me connect remotely just fine.
Re: Malwarebytes warns/blocks unknown Inbound Attempts
Just using another higher port doesn't hide that port for port scanners. There are port scanners just scanning the entire internet on all ports for certain services.
You can also use a tool like censys to search for those.
For example you can search for all VNC services which are not on port 55xx and 59xx range.
Direct link: https://search.censys.io/search?resourc ... TO+5999%5Dservices.service_name: "VNC" AND NOT services.port:[5500 TO 5599] AND NOT services.port:[5900 TO 5999]
You'll see a lot of servers on higher ports.
You can also put in your own IP adres to see what censys has discovered for your IP address
