Suspicious Activity Blocked

Tanya21045 · February 2, 2024, 1:04pm

I recently changed to a new Internet Service Provider and am now getting daily notifications from them about suspicious activity being blocked. “Blocked potentially dangerous IP address in (Hong Kong, Russia, Netherlands, United States, etc.) from connecting to Western Digital My Cloud”. I’ve gotten seven notifications in the last 24 hours. Any idea why this is happening or how to prevent it? I’ve disconnected the device for now. Previous ISP was Xfinity; new ISP is Armstrong which I believe is only a regional provider.

NoPlex · February 2, 2024, 3:43pm

Do you even have a My Cloud Home (white top half, silver bottom)? This is the subforum for My Cloud Home, a device completely different from the once hacked OS3 My Cloud. In 15 years of My Cloud Home use (5 devices x 3 years), I have never seen one instance of suspicious activity from the units.

Tanya21045 · February 2, 2024, 3:51pm

My device is a My Cloud Home device (the white top with silver bottom).

cat0w · February 2, 2024, 6:57pm

@Tanya21045
Have you contacted your Internet Service Provider and asked them about the notifications you are getting? What type of protection do they provide?

Where are you located? I’ve never heard of Armstrong. I’m in the United States and have Spectrum as my ISP.

Tanya21045 · February 2, 2024, 7:53pm

I have not contacted Armstrong. They are local to PA and service the surrounding states as well. They use Plume HomePass which is supposed to continuously monitor all your connected devices for suspicious activity. The only notifications I’m getting are about the My Cloud Home device.

NoPlex · February 3, 2024, 12:11am

Do you have anything to show this activity? Do you have a screenshot of the messages and warnings from Armstrong?
What kind of router are you using and does it show a port open warning at your end from Armstrong?
Did you open ports on your router for the the My Cloud Home or Plex Media Server?
Do you have UPnP running on your router?

I would suggest you do

Download a debug_logs.tar.zip from your My Cloud Home.
Take screenshots and other messages from Armstrong
Open a support ticket with Western Digital Technical support

NoPlex · February 3, 2024, 1:50am

Reading this over, it would appeared that you have not set up the My Cloud Home (MCH) with the new ISP and any new router you may have.

If that is the case, it is possible that the My Cloud Home is not fully functional and is unable to contact the local Western Digital servers around your part of Pennsylvania, USA which there should be a few since it is in the US. In that case, it is possible that the MCH is still trying different relay servers around the world to get a proper connection and that is why you are seeing “Blocked potentially dangerous IP address in …" around the world.

In order to avoid that, it may be easier to turn on UPnP on your new router and let the MCH establish a proper connection. If you have had the MCH for a while, you may remember having done this previously with your former ISP such as Xfinity with their router. After MCH is settled, you should not see it trying different servers around the world. If you don’t know how to turn on UPnP on your new router, contact Armstrongonewire support for more information.

Good luck, not all routers are UPnP compatible or capable or the ISP may not want to enable it.

NoPlex · February 3, 2024, 4:42pm

The network alerts you described has been documented by Western Digital Tech in this Knowledge Base article. I would suggest turning UPnP on and compare it to turning it off and see if it makes a difference.

Description

Network Router and ISP sending connection attempt alerts to a network attached storage device.

Some WD network storage products are designed to allow you to access your files, photos, and videos remotely. To support this feature, network technologies such as UPnP or NAT-PMP are used to allow you to have authenticated access to this data, or to share content with others.

Because these technologies configure your router to allow incoming connection attempts to your WD network storage product, some connection attempts may be from anyone around the world that are looking to access unprotected devices. WD network storage products are designed to ignore or drop these unauthenticated attempts. Some router or ISPs implement additional security services that may show alerts and/or blocked connection attempts based on the reputation of incoming connection attempts (e.g., from outside your country or known malicious actors).

Resolution

It may be possible to prevent alerts like these by disabling router features such as UPnP or NAT-PMP; however, this may cause slower speeds when accessing content remotely or potentially affect other devices within the household that depend on these features being enabled. As always, we recommend that you keep your WD products and other devices updated with the latest firmware and that you use strong credentials.

IMPORTANT:

Western Digital Technical Support does not provide information on router UPnP support or instructions on how to disable UPnP on 3rd party routers. Please consult the router’s user manual or contact the router manufacturer to determine if UPnP is supported and instructions on how to disable UPnP.

Tanya21045 · February 7, 2024, 1:34pm

Thank you for your help. I did not set up the MCH with the new ISP so that may be the problem. I’ve had it for quite a while so I honestly don’t remember how I set it up originally. I will look into turning the UPnP on and off and see if there is a difference and report back.