Recovering system from hack attack procedure??
-
- Starting out
- Posts: 34
- Joined: Thu Dec 20, 2007 1:26 am
Recovering system from hack attack procedure??
Hi,
My RAID1 2hdd nas was attacked and installed a kind of soft which delete/encrypted my data inside. Fortunately I realized very soon and unplug the power. What I need is a procedure to startup the nas avoiding the autoload of the several startup programs or demons, one o many of them are the hacking programs, and install a new fresh firm from the Finder, obviously maintaining my data.
I've search this subject in the forum but without success on how to proceed.
Regards
My RAID1 2hdd nas was attacked and installed a kind of soft which delete/encrypted my data inside. Fortunately I realized very soon and unplug the power. What I need is a procedure to startup the nas avoiding the autoload of the several startup programs or demons, one o many of them are the hacking programs, and install a new fresh firm from the Finder, obviously maintaining my data.
I've search this subject in the forum but without success on how to proceed.
Regards
Model: HS-210
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
Re: Recovering system from hack attack procedure??
I recommend to start from scratch.Deckart wrote:Hi,
My RAID1 2hdd nas was attacked and installed a kind of soft which delete/encrypted my data inside. Fortunately I realized very soon and unplug the power. What I need is a procedure to startup the nas avoiding the autoload of the several startup programs or demons, one o many of them are the hacking programs, and install a new fresh firm from the Finder, obviously maintaining my data.
I've search this subject in the forum but without success on how to proceed.
Regards
Meaning remove everything . Are you willing to do that?
You should have a backup of all your sensitive data.
-
- Starting out
- Posts: 34
- Joined: Thu Dec 20, 2007 1:26 am
Re: Recovering system from hack attack procedure??
Obviously I try to avoid it
Model: HS-210
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
Re: Recovering system from hack attack procedure??
What do you want to accomplish?
Your NAS is hacked, and therefore no more reliable to use it, and to be exposed on the internet.
Your NAS is hacked, and therefore no more reliable to use it, and to be exposed on the internet.
-
- Starting out
- Posts: 34
- Joined: Thu Dec 20, 2007 1:26 am
Re: Recovering system from hack attack procedure??
Well, as I described I want to preserve my data (encrypted or not) in /Share/MD0_DATA , and start with a fresh installation of firm
Model: HS-210
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
Re: Recovering system from hack attack procedure??
Allright, i understand it.Deckart wrote:Well, as I described I want to preserve my data (encrypted or not) in /Share/MD0_DATA , and start with a fresh installation of firm
However, do you trust your NAS after the hack?
So i recommend to make a backup of your important data, start all over from scratch, and install FW 4.3.2B20170203
I recommend as well to use a strong password for user admin.
You may install FW 4.3.3B0095
The goal is to retain the trustworthy of the NAS.
-
- Starting out
- Posts: 34
- Joined: Thu Dec 20, 2007 1:26 am
Re: Recovering system from hack attack procedure??
Yes, this is what i want to do, but how?
Since the disks are part of RAID1, I cannot mount them individually as any other hdd on other host with the typical recovery/backup utilities, can I?
If I could recover all my /share/md0_data on other hdd I will format both disks of raid1 and start a new fresh installataion
Since the disks are part of RAID1, I cannot mount them individually as any other hdd on other host with the typical recovery/backup utilities, can I?
If I could recover all my /share/md0_data on other hdd I will format both disks of raid1 and start a new fresh installataion
Model: HS-210
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
Re: Recovering system from hack attack procedure??
Can you mount a USb disk to the NAS, and move your data to that disk?Deckart wrote:Yes, this is what i want to do, but how?
Since the disks are part of RAID1, I cannot mount them individually as any other hdd on other host with the typical recovery/backup utilities, can I?
If I could recover all my /share/md0_data on other hdd I will format both disks of raid1 and start a new fresh installataion
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: Recovering system from hack attack procedure??
Since HS-210 is a cat1 model I think you can mount the disk in just about any Linux machine. Your data should be in the largest partition.Deckart wrote:Since the disks are part of RAID1, I cannot mount them individually as any other hdd on other host with the typical recovery/backup utilities, can I?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: Recovering system from hack attack procedure??
QTS 4.3 is still in beta testing and therefore not recommended for general use.CylonCenturion wrote:You may install FW 4.3.3B0095
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Re: Recovering system from hack attack procedure??
Clear, ThanksP3R wrote:QTS 4.3 is still in beta testing and therefore not recommended for general use.CylonCenturion wrote:You may install FW 4.3.3B0095
-
- Starting out
- Posts: 34
- Joined: Thu Dec 20, 2007 1:26 am
Re: Recovering system from hack attack procedure??
I already tried to mount on another host, but since each raid1 disk is part of the raid, is not possible to mount it individually, at least with RedoBackup, which inform properly that the disk is part of a raid1, and therefore in not possible to mount it as any classic spare disk.
Model: HS-210
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
-
- Guru
- Posts: 13192
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: Recovering system from hack attack procedure??
I know nothing of that program.Deckart wrote:...at least with RedoBackup...
It's been a very long time since I did it and may remember wrong but I'm pretty sure I did it with a single RAID 1 disk on Linux....which inform properly that the disk is part of a raid1, and therefore in not possible to mount it as any classic spare disk.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
- Beemer2
- Easy as a breeze
- Posts: 331
- Joined: Sat Oct 17, 2015 12:22 am
- Location: Scotland
Re: Recovering system from hack attack procedure??
Deckart,
Two weeks ago I had exactly the same type of malware. It was the kind that places a file called Photo.scr in every MultiMedia folder. There also was numerous instances of "Info.zip".
Because of syncing I had many of these files in my Windows computer.
I spent many hours searching and deleting all these. I also use regedit to seek out any reference to these names. They kept returning but after manually updating the QNAP antivirus and my desktop AVG I was able to stop them returning.
I believe the problem was a type called a zero day virus where it is able to infect before the AV programs are updated especially as my QNAP runs continuously.
The only port I had opened was 443 to allow SSL.
Perhaps the one thing that saved me from real pain was that I never did open any of the Photo.scr or zip files.
Hope this helps a little,
Ian
Two weeks ago I had exactly the same type of malware. It was the kind that places a file called Photo.scr in every MultiMedia folder. There also was numerous instances of "Info.zip".
Because of syncing I had many of these files in my Windows computer.
I spent many hours searching and deleting all these. I also use regedit to seek out any reference to these names. They kept returning but after manually updating the QNAP antivirus and my desktop AVG I was able to stop them returning.
I believe the problem was a type called a zero day virus where it is able to infect before the AV programs are updated especially as my QNAP runs continuously.
The only port I had opened was 443 to allow SSL.
Perhaps the one thing that saved me from real pain was that I never did open any of the Photo.scr or zip files.
Hope this helps a little,
Ian
TS-473A, 32GB, 4x4TB, Raid5, 12GB Red Plus backup
-
- Starting out
- Posts: 34
- Joined: Thu Dec 20, 2007 1:26 am
Re: Recovering system from hack attack procedure??
I'll try with another programs, thanksP3R wrote:I know nothing of that program.Deckart wrote:...at least with RedoBackup...It's been a very long time since I did it and may remember wrong but I'm pretty sure I did it with a single RAID 1 disk on Linux....which inform properly that the disk is part of a raid1, and therefore in not possible to mount it as any classic spare disk.
Model: HS-210
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.
FW Version 4.2.4
HDD Model: WD RED
HDD Capacity: 6TB in RAID 1 conf.