What is an Open Proxy alert?

You may have recently received a letter and/or email from Virgin Media explaining that we have been notified of an Open Proxy server running on your Internet connection. This can allow malicious third parties to use your Broadband connection in order to mask their own online identity when committing abusive acts, such as sending spam email or participating in hacking activity.

If you have received such a communication from us, please follow the advice given on this page to resolve the issue.

Overview

It would appear there is an Open Proxy server running on your Internet connection. You're probably not aware that your Internet connection is allowing external traffic to pass through it, which means a device on your home network may be infected with malware or you may have misconfigured remote access software installed.

It is therefore important that you follow the advice in this article*.

How can the issue be fixed?

Please follow the advice listed in the option below that is most applicable to your situation:

1 - Check your devices for malware

A device on your network may have been configured by a malicious third party as a result of a malware infection on the affected device.

The easiest way to do this is by using an online virus scanner; some suggested sites are;

If you are using an Android or iOS device, you can find a variety of virus scanners on the Google Play Store or App Store.

If an infection has been identified, use your internet security package to remove it.

If you have an existing security package installed, please consult the instructions on how to remove infections from your device.

If you don't have an existing security package, F-Secure SAFE** is included free of charge for 12 months with your Virgin Broadband and can be used on PC, Mac and Android devices to remove infections.

You can register for F-Secure SAFE by going to f-secure.com/virginmedia and creating an account. Once downloaded and installed it will immediately run a scan of your device.

If you already use F-Secure SAFE, make sure "Viruses and spyware scanning" is turned on.

2 – Remove any unwanted applications

Check the applications installed on all of your devices, if there are any programs that are no longer required or have been installed without your knowledge, uninstall it. Pay close attention to any ‘Remote Access’ or ‘Proxy’ applications, if you don’t need it, it would be wise to remove it.

The method for listing the applications installed on your device as well as removing it varies between devices and operating systems, for details on how to do this refer to your device’s manual.

3 – Seek advice from a computer engineer if the issue has not been identified

If you have been unable to identify any unwanted applications or malware infections responsible for running an open proxy server on your device without your knowledge, we recommend you consult an IT professional such as a computer engineer for further support. This is because more drastic action may be required – such as restoring your device to factory defaults.

If you have knowingly configured a proxy server in your home, it is important you follow the below steps to ensure the service is not vulnerable.

1 – Setup authentication on your proxy server

If you require access to your proxy server from devices outside of your home network, it is essential that your server is configured to require authentication from anyone who attempts to connect to it. This will mean only users with the correct login credentials for your proxy server will be able to use it.

Most proxy servers programs will allow authentication to be configured in the software’s control panel or configuration file. For instructions specific to the proxy software running on your server, please refer the application’s official user documentation.

2 – Block external proxy access if you do not require it

If you do not require access to your proxy server from outside your home network, we recommend you block the ports your proxy server software uses in your router’s firewall.

Common ports used by proxy servers include TCP & UDP ports 8080904090503128.

If you are unsure what port(s) your proxy server is configured to use, please refer to your server’s proxy configuration file or the server software’s manual.

To configure port blocking on a Virgin Media provided Hub:

Hub 3.0

To close the vulnerable ports on the Hub 3.0:

  • Access your Hub's configuration page - default web address: 192.168.0.1
  • Login with your username and password, default will be shown on the Hub itself
  • Select Security on the left side of the page
  • Select the Port Forwarding option
  • Remove any rules that will keep ports you do not require open
  • Select the Port Triggering option
  • Remove any rules that will keep ports you do not require open
Super Hub or Super Hub 2

To close the vulnerable ports on the Super Hub 2:

  • Access your Hub's configuration page - default web address: 192.168.0.1
  • Login with your username and password, default will be shown on the Hub itself
  • Select Advanced Settings and accept the prompt
  • Scroll down to the Security section
  • Select the Port Forwarding option
  • Tick the Delete box next to any rules that will keep any not required ports open
  • Click the Apply option
  • Select the Port Triggering option
  • Tick the Delete box next to any rules that will keep any not required ports open
  • Click the Apply option

It is important to check all your devices sit behind a firewall. In most cases your firewall is configured as a part of your router, this is the case with the Virgin Media Super Hub and Hub 3.0. If you have specifically disabled the Firewall in your router, it is crucial that you configure your devices to sit behind a firewall that blocks ports 8080, 9040, 9050 & 3128. If this does not apply to you, please proceed to the next step.

Modem Mode - If you are using your Virgin Media Super Hub or Hub 3.0 in Modem Only mode, it is essential that you are using a firewall on any device or router that is plugged directly into the Hub. When in Modem Only mode, your Hub does not operate with a firewall. If this does not apply to you, please proceed to the next step.

DMZ - Most firewalls, including the one provided with the Virgin Media Super Hub and Hub 3.0 include a DMZ option. This feature allows for a device using a specific local IP address on your home network (e.g. 192.168.0.2) to bypass your Firewall settings. This is occasionally necessary if you are using a device that has its own firewall configured. If you have a device configured in your firewall's DMZ that does not use its own firewall, it is crucial that you disable this option immediately. Computers operating without a firewall are extremely vulnerable to attack as all ports are essentially exposed to the wider Internet.

To check if a device is configured in the DMZ on your Virgin Media Hub 3.0:

  • Access your Hub's configuration page - default web address: 192.168.0.1
  • Login with your username and password, default will be shown on the Hub itself
  • Select the DMZ option
  • To remove a device from the DMZ, tick the Disable box

To check if a device is configured in the DMZ on your Virgin Media Super Hub 1 or 2:

  • Access your Hub's configuration page - default web address: 192.168.0.1
  • Login with your username and password, default will be shown on the Hub itself
  • To remove a device from the DMZ, uncheck the tick box at the top of the page

 

Where can I find further information and advice?

If you’d like further advice then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.

You can find general security advice and articles on other vulnerabilities by checking Security Hub at virginmedia.com/securityhub


* Note: This article is intended to provide advice. Virgin Media is not responsible for any issues encountered in the course of resolving the issue and is not able to provide any technical support for such problems.

** Links to external sites are provided as a courtesy and virgin media is not responsible for the content of these sites or any issues encountered as a result of applying information from these sites. Virgin media are not able to provide any technical support for such problems.

*** F-Secure SAFE Virgin Media Customer Offer: Registration and installation required. The 12 months free period is only available once per Virgin Media customer. Not available on BlackBerry Operating System. Current retail price £79.99. Up to 5 devices. 

 


Need more help


    Ask our community

  • Helpful, friendly forums
  • Packed with tips and advice
  • Staffed by Virgin Media

   


    Contact us

  • Get in touch with our friendly team
  • Waiting times may vary
  • Free from Virgin Media phones or mobile