Norton 360 2021: An Intrusion Attempt by electrum.hodlister.co Was Blocked

[notinthematrix]

Hey Everyone,

Sorry to ask this, but I already searched this forum and Google and I cannot find an answer, so I'm hoping someone can help.

I am VERY new to bitcoin.  In fact, I signed up and created an Electrum 4.0.9 wallet only today.  Before I added any of money to my wallet, I wanted to see if I could earn some online.   I found a website called www.faucet.bet that pays you satoshis for watching ads, taking surveys, etc.  I earned a whopping BTC 0.00000028 from that website.  I guess I shouldn't be sarcastic because BTC0.00000028 is A LOT more than I had yesterday or even this morning!!  

I'm pretty certain I have my Electrum wallet set up correctly and that I provided the correct info to faucet.bet.  However, I've recently begun receiving "High Risk" alerts from Norton 360 (2021) that indicate that "An intrusion attempt by electrum.hodlister.co was blocked."  The attacking computer/URL/source address is "electrum.hodlister.co 58.89.2.21, 50002."  The IPS Alert Name is "System Infected: Coinminer Activity 16" and the Traffic Description is listed as "TCP, Port 50002".  I also get the following message:  "Network traffic from https://electrum.hodlister.co matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME5\PROGRAM FILES (X86)\ELECTRUM\ELECTRUM-4.0.9.EXE.  To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me. "

My question is this:  Am I correct in continuing to block this "intrusion attempt" or is the intrusion attempt actually Faucet.bet trying to deposit the satoshis I earned on its website into my wallet?

And thank you SO MUCH for taking the time to answer my question!

notinthematrix

[1714277278]

1714277278

[1714277278]

1714277278

[1714277278]

1714277278

[1714277278]

1714277278

[NotATether]

faucet.bet has no access to your electrum wallet and doesn't even know it exists since it's created on your local computer.

Anti-viruses are known to falsely tag electrum binaries as malicious "mining malware" because they connect to SPV servers such as electrum.hodlister.co for retrieving blockchain data and they don't seem to like that. You are safe to ignore the warning and you should whitelist the electrum binary.

[notinthematrix]

Thank you very much for your response!

So just to be clear, you are saying that it's OK for me to whitelist the warning from Norton and allow "electrum.hodlister.co 58.89.2.21, 50002" to bypass Norton?

Thanks again for your response.  I really appreciate it and wish health and happiness to you and your family.

[ranochigo]

So just to be clear, you are saying that it's OK for me to whitelist the warning from Norton and allow "electrum.hodlister.co 58.89.2.21, 50002" to bypass Norton?

Yes. It's not uncommon for antiviruses to have a bunch of false positives. If you've ever downloaded CGminer, you'll realise that it'll be automatically quarantined because it matches some signatures of botnets.

It looks like a legitimate server to me. I would recommend for everyone to validate the installation[1] before using it. You will reduce any chances of the program being malicious and installed from a phishing website, there are plenty of them.

[1] https://bitcointalk.org/index.php?topic=5240594.0

[notinthematrix]

Awesome!  Thanks again for your help and words of wisdom!  I really appreciate it!

Enjoy your  holiday and have a Happy, Healthy 2021!

[Abdussamad]

lots of electrum servers get blocked like this because crypto mining malware uses them to access the blockchain and antivirus software can't tell the difference between legit software and malware. so you have to whitelist port 50002 or you'll keep facing this problem.

[bob123]

My question is this:  Am I correct in continuing to block this "intrusion attempt" or is the intrusion attempt actually Faucet.bet trying to deposit the satoshis I earned on its website into my wallet?

As others have mentioned already, if you have downloaded and installed the original electrum (verify the signature), you are fine and there is no "intrustion attempt" going on.
If you didn't download the original electrum but a malware, your system would already be compromised and there also wouldn't be any "intrustion attempt".

Assuming you have not downloaded a malicious version, everything is fine and you can allow electrum to communicate with the server.


Note that this connection is completely irrelevant from someone sending you coins. They do not "try to deposit" satoshis into your wallet this way.
This is electrum contacting the electrum servers to get new data/information about your addresse and transactions.

[notinthematrix]

Thank you, bob123!   While I was researching which wallet to download and install, I had read about people who had downloaded a "fake" Electrum and getting stuck with malware, so I made certain that I downloaded from https://electrum.org/#download.  I also used the DigiCert tool to check the signature.

And thank you for explaining to me that people do not try to "deposit" satoshis into a wallet in the traditional way that someone would deposit money into a bank account.

And thank you Abdussamad for telling me that I must also whitelist Port 50002!  If you hadn't pointed that out, I would have whitelisted only the "attacking" computer and URL, and I would have been back on this forum asking for help figuring out why Norton was still blocking the "attacking" computer/URL.

After years of contemplating bitcoin, yesterday was the first time I ever set up a wallet.  I remember about 10 years ago that I was hearing about this new decentralized and anonymous way to "bank" and manage "money".  I was going to purchase $100 worth of bitcoin just for the heck of it, but I couldn't really devote enough time to figure out how to do it.  And I kick myself now for not MAKING enough time to figure out how to purchase or earn bitcoin because I would have had just over $9 million!  My "timing" on many things has always been "off", so I wouldn't be surprised if the exchange value of bitcoin tanked the day after I actually made a purchase!  Oh well, that's life!