Nginx.exe connected to an external (potentially malicious) server after Local was shut down. I have verified that nginx.exe continues to run on my system after shutting down Local. The first time GlassWire detected nginx.exe connecting to (18.104.22.168 on Sep. 22 2020, from: China - CHINA UNICOM China169 Backbone). This connection was not blocked for some reason. This happened a few hours after I had used Local, closed the application, did not restart my system and my browser was open and streaming a video. I have not had this type of security trigger before this as far as I can recall.
The bigger security concern is that later, on three separate occasions over a week, my firewall blocked exploit attempts. One of them from the same network in China with a different IP address. I believe this occurred after working with Local and shutting down the application without a system restart or manually closing nginx.exe in the task manager. All of this began the day after installing and using Local. This has not recurred after not running local for a few days.
The following are abbreviated notifications from Bitdefender and the associated attacking IP addresses:
Exploit attempt blocked. An attempt to inject a command towards your system through a dangerous URL was made by (22.214.171.124 on Sep. 23 2020 from: Bengaluru, Karnataka, India - Hathway IP Over Cable Internet,ORG-HCAD1-AP), (126.96.36.199 on Sep. 29 2020 from China - CHINA UNICOM China169 Backbone), (188.8.131.52 on Sep. 30 2020 from: Russian Federation - OOO Network of data-centers Selectel).
1.Does nginx.exe regularly connect to servers by itself for functional reasons?
2.How can I secure Local better from exploits like this?
3.Should I be concerned that what I have been working on in Local could be compromised?
4.What other actions should be taken?
Thank you for making this awesome software and for any help in this matter.
Local Version 5.7.5+4909
Operating System Windows 10 Pro