First I checked traffic from the PC itself and found nothing. Then I turned on the wi-fi hotspot and tested the tablet in safe mode; nothing appeared in the Wireshark window. However, on switching to normal mode there were signs of outgoing traffic. I conducted several scans. Detections mostly started after 5-10 minutes of scanning, but on one occasion it took over 90 minutes for any traffic to show up.
Given that the tablet running in safe mode appeared to be “clean” the most likely cause was a downloaded app. The question was: which one?
My partner installed the Hola Free VPN app 2-3 years ago, so she could watch geo-restricted content on Spanish TV. I’d never really given it any thought until our recent problems started, but given that this app “does stuff” with IP addresses and “some stuff” was causing our IP address to be listed on the SBLCSS, this made Hola Free VPN the prime suspect.
If you search for reviews of Hola Free VPN you will find some pretty scary reading, especially if you are in any way concerned about security or the integrity of your public IP address. Here are a couple of links to recent articles:
When Hola Free VPN was uninstalled and the tablet restarted, Wireshark showed no traces of traffic on Port 25 TCP over a 14 hour period. My partner then uninstalled the app from her Android phone. I used Wireshark to check her phone (and the tablet again) over a period of 18 hours and neither showed any activity on Port 25 TCP.
I’ll continue to keep an eye on our IP address listing, but I’m confident I’ve found the cause of our problems and eliminated it.
My conclusion is that this widely used and popular app facilitated the distribution of spam through our public IP address, even though it’s not a spambot itself and is a legitimate app available on Google Play Store. The way in which it works means that your network resources are shared with others on this peer-to-peer service. If somebody’s sending spam (intentionally or not) or conducting any other nefarious activity, it can pass through your IP address.
I believe that Hola Free VPN is also available as an extension for the Firefox and Chrome browsers, so I guess this won’t just affect Android devices. However, I’ve never used these extensions, so I haven’t tested them.
Perhaps the Community’s VIPs can comment on the use of Hola Free VPN in its various forms? I’d also be interested to hear if anyone else has had the same experience.
The words barge pole, wouldn't touch with a long one, come mind for this particular piece of software, but the VIPs have no special status on this Forum in terms of recommending or commenting on software from third parties. Indeed I would always hesitate to recommend one way or the other. Users of this Forum must always draw their own conclusions based on the evidence. That is the most reliable guide on what software to use or avoid. .
But your post is a useful contribution to the debate on this issue. Fingers crossed you have it sorted.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
Re: IP Address Blocked (VM305): Caused by Hola Free VPN?
I'd like to echo @HowardML and also thank you for taking the time to come back and post your findings, more commonly, users fix their immediate issue and then never bother to return and share their experiences with others.
As for Hola Free VPN - just say no!
Think of it this way, the product has been developed and then apparently just given away for free, now ask yourself why, surely they didn't just do it out of the goodness of their hearts? Software development and running websites costs real money so where are they getting it from? It has the set some alarm bell ringing surely!
To paraphrase something that Apple's Tim Cook was once quoted as saying, "if you are not paying for the product, then you are the product"!