Hello,
last week my Qnap TS673 started by its own a „System Reset“.
I didn’t press the reset button & I didn’t start a reset from the web gui!
I wounderd about it and checked immediately the qnap and noticed the disabled admin account got the default Password and was reenabled.
Some minutes after i disabled the admin account, the system started an „advanced system reset“ by its own.
After that all my users and Applications were lost and the nas got a new Name and ip Adress.
I downloaded the newest Malware remover and helpdesk Software
I disconnected the nas from the Internet.
I shut down the nas.
For security reasons the Nas was never presented to the Internet via ddns, port forwarding or upnp (even the roon software recomends do do it).
My Question is:
1. is this a Hardware Failure (hanging Reset Button)
2. is this a OS Bug (auto update, …)?
3. is this a hacker attack or a malware?
4. has someone had similar problems?
thanks for any help.
best regards,
Thomas
QNAP is selfreseting HW Problem/SW Bug/Hack?
-
- New here
- Posts: 5
- Joined: Tue Dec 06, 2022 2:12 am
- dolbyman
- Guru
- Posts: 35248
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
If the NAS was never exposed to WAN, then a hacker attack is extremely unlikely (unless you LAN is compromised somehow)
There has been issues in the past with broken reset switches that would "self press' and reset the NAS all the time
There has been issues in the past with broken reset switches that would "self press' and reset the NAS all the time
-
- New here
- Posts: 5
- Joined: Tue Dec 06, 2022 2:12 am
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
Hello dolbyman,
thank you for tip with the reset Button, I am very concerned about a potentiell hacker attack, so i try to boot the nas without an LAN Access and check if and how often it resets.
Is there any eventlog entry which clearly says it was the reset button that triggers the reset?
best regards,
Thomas
thank you for tip with the reset Button, I am very concerned about a potentiell hacker attack, so i try to boot the nas without an LAN Access and check if and how often it resets.
Is there any eventlog entry which clearly says it was the reset button that triggers the reset?
best regards,
Thomas
- dolbyman
- Guru
- Posts: 35248
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
The log should indicate if the NAS was reset due to a button press, yes
-
- Experience counts
- Posts: 1813
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
What specifically were the indications that these resets happened?
Was the new NAS name the default, or something specific?
Was the IP address just switched to a DHCP acquired address or a new static address?
Based on your first post, but depending on the answers to the questions, your concern about malware is justified. Are your really sure your network is properly locked down?
It could be non-malware related, as in button issues. How old is the unit?
Was the new NAS name the default, or something specific?
Was the IP address just switched to a DHCP acquired address or a new static address?
Based on your first post, but depending on the answers to the questions, your concern about malware is justified. Are your really sure your network is properly locked down?
It could be non-malware related, as in button issues. How old is the unit?
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- New here
- Posts: 5
- Joined: Tue Dec 06, 2022 2:12 am
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
Hello dosborne,
the nas name was set by me 2 1/2 years ago directly after buying/initial setup
now the name automaticly was set to ‚NAS‘ +6 digits from the first mac address.
the ip adress was switched automatically to the dhcp range of the testlan.
Yesterday Night I testet the behavior (boot in isolated lan and after boot i did a disconnect of the isolated lan).
The system performed a unwanted ‚reseting System‘ after 2 Hours so i switched off the nas.
I heard the Message performing System reset and 1 min later (after trying to switch power off) i heard the message ‚performing advanced Systemreset‘ just before the power went down.
I booted again today in the morning to analyse the logs.
I can’t find the source of the reset, only the eventlog Entry that it hapens but not who it initates (Hardware or Software).
But now I know, the reset did not come from the Internet or Lan, so it must be the resetswitch , a malware or a Software Bug.
So I stay concerned.
attached are the logs
best regards
Thomas
PS.: don‘t get confused by the log I changed the isolated Lan from port2 to port1 today and entered the wrong admin password.
=========================
the nas name was set by me 2 1/2 years ago directly after buying/initial setup
now the name automaticly was set to ‚NAS‘ +6 digits from the first mac address.
the ip adress was switched automatically to the dhcp range of the testlan.
Yesterday Night I testet the behavior (boot in isolated lan and after boot i did a disconnect of the isolated lan).
The system performed a unwanted ‚reseting System‘ after 2 Hours so i switched off the nas.
I heard the Message performing System reset and 1 min later (after trying to switch power off) i heard the message ‚performing advanced Systemreset‘ just before the power went down.
I booted again today in the morning to analyse the logs.
I can’t find the source of the reset, only the eventlog Entry that it hapens but not who it initates (Hardware or Software).
But now I know, the reset did not come from the Internet or Lan, so it must be the resetswitch , a malware or a Software Bug.
So I stay concerned.
attached are the logs
best regards
Thomas
PS.: don‘t get confused by the log I changed the isolated Lan from port2 to port1 today and entered the wrong admin password.
=========================
Code: Select all
Informationen 2022-12-06 00:09:02 --- --- localhost --- --- Reset admin password and network configuration to factory default settings.
Warnung 2022-12-06 08:03:07 --- --- localhost App Center App Installation [App Center] Unable to obtain the latest app update information online. Please check the network connection or try again later.
Informationen 2022-12-06 08:02:01 --- --- Web Desktop Storage & Snapshots Disk [Storage & Snapshots] Stopped sharing disk analysis data with QNAP.
Informationen 2022-12-06 08:00:07 --- --- localhost Users General [Users] Changed the password of user "admin".
Informationen 2022-12-06 08:00:00 --- --- localhost External Device UPS [External Device] USB UPS plugged in.
Fehler 2022-12-06 07:59:06 admin 192.168.1.101 Web Desktop Users Login [Users] Failed to log in via user account "admin". Source IP address: 192.168.1.101.
Informationen 2022-12-06 07:57:27 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Interface "Adapter 1" connected.
Warnung 2022-12-06 07:57:22 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Interface "Adapter 2" disconnected.
Warnung 2022-12-06 07:57:02 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Failed to connect to the internet. System default gateway "Adapter 2" and all adapters failed to connect to the internet after checking NCSI.
Informationen 2022-12-06 07:56:25 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Set "Adapter 2" as the system default gateway.
Informationen 2022-12-06 07:55:13 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen 2022-12-06 07:54:54 --- --- localhost Power NAS Power Status [Power] The system has started.
Informationen 2022-12-06 07:51:37 --- --- localhost Power NAS Power Status [Power] The system shut down on Tue Dec 6 07:51:37 GMT 2022.
Informationen 2022-12-06 07:50:45 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen 2022-12-06 07:50:38 --- --- localhost External Device UPS [External Device] USB UPS plugged in.
Informationen 2022-12-06 07:49:56 --- --- localhost --- --- Reset admin password and network configuration to factory default settings.
Informationen 2022-12-06 07:49:48 --- --- localhost --- --- [System Administration] RAID scrubbing has been automatically scheduled to run at the beginning of each month, 02:15. Running this check regularly is recommended for data integrity. You can modify the schedule at "Storage Manager" > "Global Settings" > "RAID Scrubbing".
Informationen 2022-12-06 07:49:39 --- --- localhost --- --- [Volume DataVol1, Pool 1] Restore system default shares.
Informationen 2022-12-06 07:49:30 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen 2022-12-06 07:49:27 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen 2022-12-06 07:49:04 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Reset all network settings
Fehler 2022-12-06 07:48:58 --- --- localhost App Center App Installation [App Center] Failed to download MalwareRemover. The installation package is unavailable.
Warnung 2022-12-06 07:47:26 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Failed to connect to the internet. System default gateway "Adapter 2" and all adapters failed to connect to the internet after checking NCSI.
Informationen 2022-12-06 07:46:49 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Set "Adapter 2" as the system default gateway.
Informationen 2022-12-06 07:44:56 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen 2022-12-06 07:44:36 --- --- localhost Power NAS Power Status [Power] The system has started.
Warnung 2022-12-06 07:43:21 --- --- localhost Storage & Snapshots Volume [Storage & Snapshots] File system not clean. Volume: DataVol1, Storage pool: 1. Run a file system check.
Informationen 2022-12-06 07:44:49 --- --- localhost --- --- Reset system configuration to default settings.
Informationen 2022-12-06 00:09:07 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen 2022-12-06 00:08:30 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen 2022-12-06 00:08:27 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen 2022-12-06 00:08:04 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Reset all network settings
Warnung 2022-12-05 23:00:00 --- --- localhost App Center App Installation [App Center] Unable to obtain the latest app update information online. Please check the network connection or try again later.
Warnung 2022-12-05 22:25:12 --- --- localhost General Settings Date & Time [General Settings] Failed to synchronize time with the NTP server "pool.ntp.org".
Warnung 2022-12-05 22:23:20 --- --- localhost App Center App Installation [App Center] Unable to obtain the latest app update information online. Please check the network connection or try again later.
Informationen 2022-12-05 22:20:41 --- --- localhost External Device UPS [External Device] USB UPS plugged in.
Warnung 2022-12-05 22:19:53 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Interface "Adapter 2" disconnected.
Warnung 2022-12-05 22:17:37 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Failed to connect to the internet. System default gateway "Adapter 2" and all adapters failed to connect to the internet after checking NCSI.
Informationen 2022-12-05 22:15:47 --- --- localhost Network & Virtual Switch --- [Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen 2022-12-05 22:16:59 --- --- localhost Network & Virtual Switch Infrastructure [Network & Virtual Switch] Set "Adapter 2" as the system default gateway.
Informationen 2022-12-05 22:15:29 --- --- localhost Power NAS Power Status [Power] The system has started.
Last edited by dolbyman on Tue Dec 06, 2022 10:16 pm, edited 1 time in total.
Reason: added code tags
Reason: added code tags
-
- New here
- Posts: 5
- Joined: Tue Dec 06, 2022 2:12 am
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
Hello,
here is a Statusupdate to my Problem:
QNAP Support confirmed a Mainboard Reset Switch Problem.
Suggested Solution: new Mainboard / Special Price: 350$
I found and tested following Solution without Mainboard swapping:
[~] # getcfg Misc "Reset Password Switch"
[~] # setcfg Misc "Reset Password Switch" FALSE
[~] # getcfg Misc "Reset Password Switch"
FALSE
[~] #
Additionally I cleaned the inside of the Nas from Dust.
Until now I had no Problems with the reset Switch, it seems to work
Thank you for the hint with the reset switch.
best regards
Thomas
here is a Statusupdate to my Problem:
QNAP Support confirmed a Mainboard Reset Switch Problem.
Suggested Solution: new Mainboard / Special Price: 350$
I found and tested following Solution without Mainboard swapping:
[~] # getcfg Misc "Reset Password Switch"
[~] # setcfg Misc "Reset Password Switch" FALSE
[~] # getcfg Misc "Reset Password Switch"
FALSE
[~] #
Additionally I cleaned the inside of the Nas from Dust.
Until now I had no Problems with the reset Switch, it seems to work
Thank you for the hint with the reset switch.
best regards
Thomas
-
- Easy as a breeze
- Posts: 400
- Joined: Mon Apr 29, 2019 3:21 pm
- Location: Paris, France
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
So it seems that you have only disabled the reset switch, correct?
i.e. if you enable it again, the issue will reappear
i.e. if you enable it again, the issue will reappear
-
- New here
- Posts: 5
- Joined: Tue Dec 06, 2022 2:12 am
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
Hello,
yes I think it would happen again if I reenable the reset switch which seems for me to be mechanically ok but not electronically.
- except the case the solution was the dust cleaning.
I don’t need the resetswitch - I know my Passwords and I take Backups with robocopy on Windows.
best regards,
Thomas
yes I think it would happen again if I reenable the reset switch which seems for me to be mechanically ok but not electronically.
- except the case the solution was the dust cleaning.
I don’t need the resetswitch - I know my Passwords and I take Backups with robocopy on Windows.
best regards,
Thomas
-
- Easy as a breeze
- Posts: 400
- Joined: Mon Apr 29, 2019 3:21 pm
- Location: Paris, France
Re: QNAP is selfreseting HW Problem/SW Bug/Hack?
It may need repair, as what QNAP support suggested (if you want to use it again).
Unfortunately, the repair costs are now based on "levels" rather than the specific components... https://www.qnap.com/en/rma-service
Anyway, good to know a workaround~
Unfortunately, the repair costs are now based on "levels" rather than the specific components... https://www.qnap.com/en/rma-service
Anyway, good to know a workaround~