Hotspot Shield Premium Account

0 views
Skip to first unread message

Aiko Bartels

unread,
Aug 4, 2024, 6:37:11 PM8/4/24
to downbondriri
itseems it has became vey diffcult to block hotspot shield , even though the application is being idenfied by palo alto , still hot spot finds it way by port 80 . is there any way to block hot spot shield.Also From IPAD/IPHONE it is easily connecting

I'm getting a similar issue, have a user using Hotspot Shield , and even though i've told PA to block the app, its still working. comes across port 80 as "unknown-tcp" and port 990 as "insufficient-data"


Second, I doubt that the port 990 traffic identified as "insufficient-data" would be enough to make the application run in long term (perhaps only as a way to find other nodes) - from the admin guide:


If you are positive that the PA didnt successfully identify hotspot shield even if you were using ssl-termination (as a debug use both "log on session start" and "log on session end" on all rules) you can contact the appid team and submit some pcaps so they can improve the hotspot shield detection: Tools ‹ Palo Alto Networks BlogPalo Alto Networks Blog


thanks. i ended up blocking "unknown-tcp" for now until we find a better resolution. after i did that i started seeing the hotspot-shield app-id start hunting ports trying to get out, but wasnt able too.. now i see him trying to get to ultrasurf and cyberghost vpn, but url filter is catching him. Its fun to watch them squirm


It's a security product. Let me share: I've come to realize that the hotspots (places that offer free WiFi like McDonalds, Hotels, etc) I've had to use provide only UNSECURED connections, even those requiring a provided username/password. Hotspot Shield connects you through their US based VPN server for free from anywhere in the world (do use an adblocker and deselect all the crap you don't want when installing). It will slow things down but it encrypts everything you do online keeping you safe from those with a little know-how from stealing your credit card info, passwords, etc.


Hotspot is just somebody letting you use their internet via a wireless router as opposed to, what I hope you do at home, password protecting your wifi via a key or passcode. that key or passcode becomes the private handshake of encryption that most of these free hopspots aren't using.


I think you might be better off in purchasing something like the cisco valet or other home VPN solutions (I won't go as far as suggesting you build your own, though in time that's what I'm going to do) and connect to your home internet, which in the end would probably be safer and much more secure


MOstly, when I'm on an unencrypted connection, I don't use sites that need passwords (e.g. Banks, Amazon, eBay. sites like this forum are fine because someone gets my password & meh), else I sign into my work's vpn (see my answer for you above).


fwiw, it appears that hotspot shield keeps some processes running even after you shut it off and exit from the little systray icon. Could that be why CCleaner doesn't wipe it completely, because the processes are active?


If just encrypting e-mail is all you're after, I use GPG4Win to encrypt any attahment. Even when home, I don't send anything sensitive via e-mail without first making it an attachment encrypted with GPG4Win. And if websites send me my username/passwords in plain view via e-mail, I immediately change it. E-Mail is generally not secure, as you mentioned yourself, your ISP, the detinations ISP, and all hands involved between the two, can easily see it.


I'm the proud owner of our online Family Tree, it's now nearing 900 individuals, and I make it loud and clear to all who collaborate with me to never send anything unless they also use GPG4Win. Sadly, if it's too confusing for them, I insist on snail mail instead. My Public Key can be found here:


This whole topic of Unsecured Hotspots came about because I happened to take my laptop with me on a recent vacation. I never knew they were most all unsecured. I had to scramble for a solution just so I could check my non-https web based e-mail. And, it appears that OpenVPN is the best solution. Fortunately, it's offered as a free service but, like most all stuff I've used for free, it won't be long before the good ones will start charging. But, hopefully not.


Have you ever thought twice about E-mailing sensitive information because you knew personal E-mail was unsecured? Send it as an encrypted attachment for free in three simple steps but only after completing the below three steps once to install and prepare.


You need an OpenPGP key pair (see Wikipedia about), one is shared (public key) and, the other is kept private (secret key). What I encrypt with your public key can only be decrypted by you with your secret key or, in other words, what you encrypt with my openly shared public key can only be decrypted by me with my secret private key which is never shared. Don't worry, it really is very easy once you get past the install and key pair creation (see below on how to encrypt or decrypt, it's only 3 steps).


I've found, to me, the easiest way to stop Hotspot Shield from starting, short of uninstalling it, is to use WinPatrol to disable the four Hotspot Shield services seen in the image below. It stops it dead, 100%, on startup, and I'm a regular user of WinPatrol anyway.


I wouldn't agree with that. A VPN is not about hiding an IP address. This may be an side-effect, but normally one would use a VPN to (securely) connect to another network from the "outside", e.g. the Internet.


First of all I don't think it makes any sense to compare a technology as a whole against a specific product. Secondly without you telling us what you mean with "secure" we can't evaluate it for you. Personally I don't like the proprietary nature of "hotspot shield" and I think there are better solutions (one of which is Tor, if all you want is anonymity).


TOR has been shown to no longer be secure. It was at one time, but since the Edward Snowden revelations, we now know that it has been compromised by the NSA. For that reason, I would never use it in a situation where my life -- or my most sensitive data -- depended upon its' level of security.


The proprietary product "Hotspot Shield" claims to protect both the IP address AND the apps on a phone or internet device, preventing them from surreptitiously accessing the internet without your knowledge or consent, when operating in insecure locations such as a public wifi hotspot. However, as the company is based in Germany, and as we already know that Germany cooperates fully with the NSA in turning over any user data they have, I am currently looking for a better option.


The same company offers a plain VPN, with no app protection, but the same caveat applies. Although their apps are free, and they claim that they do not collect user data, we have only their word, and we know that any information they have, they will turn over if requested.


I installed both this and the test one on my arch linux. whenever i run "hotspotshield account signin" on my machine i get '"root FS device can't be found'. I don't even understand what does this mean. how can i solve this?


This is the only documentation that i can find, i cant find anything on the arch wiki or just generally on the internet the comments said their was missing dependinces however i have no idea what those are and so do the rest of the commentors, so i put that as a reason why it is out of date maybe im just a noob lol.


Also the actual out of date part was my bad. And you dont need to make a new package unless you want to. I would like my hotspotsheild VPN to work on arch linux (I kind of found a temporary fix which is installing the browser extension) and i didnt want other pepole to have issues also and it seemed like it was out of date on my part so thats why i marked it out of date.


Hi, after a long time having problems with my vpn connection, today I found out that Eset was blocking it all the time. I turned the vpn on then I went to troubleshooting wizard & saw 3 entries showed up there:


When Eset Network protection senses a VPN connection, it should have either auto setup a VPN network adapter connection, or prompted you that one was detected and do you want to trust this network connection.


It does install a TAP network adapter and Eset should be picking up that network adapter . You might want to perform Step 9). in the above linked article and see if Eset alerts on a new network connection afterwards and the alert is for the HotspotShield adapter.


If the above doesn't resolve the VPN issue, you might want to open an Eset support ticket with whatever source you purchased Eset from. Of note is Eset is not sold or officially supported in Iran. It may very well be that HotspotShield VPN is incompatiable with Eset.


Since the VPN subnet is not automatically added to ESET's "Known networks", what is the best approach to allowing VPN connections as if they were just another PC on the same subnet as the PC on which ESET is installed? Is that a bad idea? What are the differences between adding 10.1.1.0/24 to the Trusted zone versus manually adding 10.1.1.0/24 to the Known networks?


I did what another user suggested ( -endpoint-security-homework-network-not-being-treated-as-trusted-zone/?tab=comments#comment-43989) and added the VPN subnet to the already existing Known network and it seems to work just fine.


Thanks alot itman, I went through step 9 & also afew steps more, but it seems a long story, since when executing "netsh int ip reset logfile.txt" got "failed to reset" message & have to go through that too. Meanwhile I want you to know that this problem goes & comes, maybe for 1-2 weeks I have this vpn problem & it solves itself & again. Regarding Upnp, I noticed that "Enable UPnP protocol" is unchecked in my router settings, & I remember that ISP suggested to disable it to increase security(?).


I also post a post about it, but this was misunderstood by Marcos and he was only of the opinion that it was due to OpenVPN, which is complete nonsense. Yes Eset has a VPN problem with enabling the NetBios request, and this is an Eset problem! And the VPN connection has never been recognized by Eset as it should be as a new network.

3a8082e126
Reply all
Reply to author
Forward
0 new messages