QNAP is selfreseting HW Problem/SW Bug/Hack?

[huntingtom]

Hello,

last week my Qnap TS673 started by its own a „System Reset“.

I didn’t press the reset button & I didn’t start a reset from the web gui!

I wounderd about it and checked immediately the qnap and noticed the disabled admin account got the default Password and was reenabled.

Some minutes after i disabled the admin account, the system started an „advanced system reset“ by its own.

After that all my users and Applications were lost and the nas got a new Name and ip Adress.

I downloaded the newest Malware remover and helpdesk Software
I disconnected the nas from the Internet.
I shut down the nas.

For security reasons the Nas was never presented to the Internet via ddns, port forwarding or upnp (even the roon software recomends do do it).

My Question is:

1. is this a Hardware Failure (hanging Reset Button)
2. is this a OS Bug (auto update, …)?
3. is this a hacker attack or a malware?
4. has someone had similar problems?

thanks for any help.

best regards,
Thomas

[dolbyman]

If the NAS was never exposed to WAN, then a hacker attack is extremely unlikely (unless you LAN is compromised somehow)

There has been issues in the past with broken reset switches that would "self press' and reset the NAS all the time

[huntingtom]

Hello dolbyman,

thank you for tip with the reset Button, I am very concerned about a potentiell hacker attack, so i try to boot the nas without an LAN Access and check if and how often it resets.

Is there any eventlog entry which clearly says it was the reset button that triggers the reset?

best regards,
Thomas

[dolbyman]

The log should indicate if the NAS was reset due to a button press, yes

[dosborne]

What specifically were the indications that these resets happened?
Was the new NAS name the default, or something specific?
Was the IP address just switched to a DHCP acquired address or a new static address?

Based on your first post, but depending on the answers to the questions, your concern about malware is justified. Are your really sure your network is properly locked down?

It could be non-malware related, as in button issues. How old is the unit?

[huntingtom]

Hello dosborne,

the nas name was set by me 2 1/2 years ago directly after buying/initial setup
now the name automaticly was set to ‚NAS‘ +6 digits from the first mac address.
the ip adress was switched automatically to the dhcp range of the testlan.

Yesterday Night I testet the behavior (boot in isolated lan and after boot i did a disconnect of the isolated lan).

The system performed a unwanted ‚reseting System‘ after 2 Hours so i switched off the nas.

I heard the Message performing System reset and 1 min later (after trying to switch power off) i heard the message ‚performing advanced Systemreset‘ just before the power went down.

I booted again today in the morning to analyse the logs.


I can’t find the source of the reset, only the eventlog Entry that it hapens but not who it initates (Hardware or Software).
But now I know, the reset did not come from the Internet or Lan, so it must be the resetswitch , a malware or a Software Bug.
So I stay concerned.


attached are the logs

best regards
Thomas

PS.: don‘t get confused by the log I changed the isolated Lan from port2 to port1 today and entered the wrong admin password.


=========================

Code: Select all

Informationen	2022-12-06	00:09:02	---	---	localhost	---	---	Reset admin password and network configuration to factory default settings.
Warnung	2022-12-06	08:03:07	---	---	localhost	App Center	App Installation	[App Center] Unable to obtain the latest app update information online. Please check the network connection or try again later.
Informationen	2022-12-06	08:02:01	---	---	Web Desktop	Storage & Snapshots	Disk	[Storage & Snapshots] Stopped sharing disk analysis data with QNAP.
Informationen	2022-12-06	08:00:07	---	---	localhost	Users	General	[Users] Changed the password of user "admin".
Informationen	2022-12-06	08:00:00	---	---	localhost	External Device	UPS	[External Device] USB UPS plugged in.
Fehler	2022-12-06	07:59:06	admin	192.168.1.101	Web Desktop	Users	Login	[Users] Failed to log in via user account "admin". Source IP address: 192.168.1.101.
Informationen	2022-12-06	07:57:27	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Interface "Adapter 1" connected.
Warnung	2022-12-06	07:57:22	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Interface "Adapter 2" disconnected.
Warnung	2022-12-06	07:57:02	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Failed to connect to the internet. System default gateway "Adapter 2" and all adapters failed to connect to the internet after checking NCSI.
Informationen	2022-12-06	07:56:25	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Set "Adapter 2" as the system default gateway.
Informationen	2022-12-06	07:55:13	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen	2022-12-06	07:54:54	---	---	localhost	Power	NAS Power Status	[Power] The system has started.
Informationen	2022-12-06	07:51:37	---	---	localhost	Power	NAS Power Status	[Power] The system shut down on Tue Dec  6 07:51:37 GMT 2022.
Informationen	2022-12-06	07:50:45	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen	2022-12-06	07:50:38	---	---	localhost	External Device	UPS	[External Device] USB UPS plugged in.
Informationen	2022-12-06	07:49:56	---	---	localhost	---	---	Reset admin password and network configuration to factory default settings.
Informationen	2022-12-06	07:49:48	---	---	localhost	---	---	[System Administration] RAID scrubbing has been automatically scheduled to run at the beginning of each month, 02:15. Running this check regularly is recommended for data integrity. You can modify the schedule at "Storage Manager" > "Global Settings" > "RAID Scrubbing".
Informationen	2022-12-06	07:49:39	---	---	localhost	---	---	[Volume DataVol1, Pool 1] Restore system default shares.
Informationen	2022-12-06	07:49:30	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen	2022-12-06	07:49:27	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen	2022-12-06	07:49:04	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Reset all network settings
Fehler	2022-12-06	07:48:58	---	---	localhost	App Center	App Installation	[App Center] Failed to download MalwareRemover. The installation package is unavailable.
Warnung	2022-12-06	07:47:26	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Failed to connect to the internet. System default gateway "Adapter 2" and all adapters failed to connect to the internet after checking NCSI.
Informationen	2022-12-06	07:46:49	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Set "Adapter 2" as the system default gateway.
Informationen	2022-12-06	07:44:56	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen	2022-12-06	07:44:36	---	---	localhost	Power	NAS Power Status	[Power] The system has started.
Warnung	2022-12-06	07:43:21	---	---	localhost	Storage & Snapshots	Volume	[Storage & Snapshots] File system not clean. Volume: DataVol1, Storage pool: 1. Run a file system check.
Informationen	2022-12-06	07:44:49	---	---	localhost	---	---	Reset system configuration to default settings.
Informationen	2022-12-06	00:09:07	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen	2022-12-06	00:08:30	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen	2022-12-06	00:08:27	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Stopped Network & Virtual Switch.
Informationen	2022-12-06	00:08:04	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Reset all network settings
Warnung	2022-12-05	23:00:00	---	---	localhost	App Center	App Installation	[App Center] Unable to obtain the latest app update information online. Please check the network connection or try again later.
Warnung	2022-12-05	22:25:12	---	---	localhost	General Settings	Date & Time	[General Settings] Failed to synchronize time with the NTP server "pool.ntp.org".
Warnung	2022-12-05	22:23:20	---	---	localhost	App Center	App Installation	[App Center] Unable to obtain the latest app update information online. Please check the network connection or try again later.
Informationen	2022-12-05	22:20:41	---	---	localhost	External Device	UPS	[External Device] USB UPS plugged in.
Warnung	2022-12-05	22:19:53	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Interface "Adapter 2" disconnected.
Warnung	2022-12-05	22:17:37	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Failed to connect to the internet. System default gateway "Adapter 2" and all adapters failed to connect to the internet after checking NCSI.
Informationen	2022-12-05	22:15:47	---	---	localhost	Network & Virtual Switch	---	[Network & Virtual Switch] Initialized Network & Virtual Switch.
Informationen	2022-12-05	22:16:59	---	---	localhost	Network & Virtual Switch	Infrastructure	[Network & Virtual Switch] Set "Adapter 2" as the system default gateway.
Informationen	2022-12-05	22:15:29	---	---	localhost	Power	NAS Power Status	[Power] The system has started.

[huntingtom]

Hello,
here is a Statusupdate to my Problem:

QNAP Support confirmed a Mainboard Reset Switch Problem.
Suggested Solution: new Mainboard / Special Price: 350$

I found and tested following Solution without Mainboard swapping:

[~] # getcfg Misc "Reset Password Switch"
[~] # setcfg Misc "Reset Password Switch" FALSE
[~] # getcfg Misc "Reset Password Switch"
FALSE
[~] #

Additionally I cleaned the inside of the Nas from Dust.

Until now I had no Problems with the reset Switch, it seems to work

Thank you for the hint with the reset switch.

best regards
Thomas

[diwiwi]

So it seems that you have only disabled the reset switch, correct?
i.e. if you enable it again, the issue will reappear

[huntingtom]

Hello,
yes I think it would happen again if I reenable the reset switch which seems for me to be mechanically ok but not electronically.
- except the case the solution was the dust cleaning.

I don’t need the resetswitch - I know my Passwords and I take Backups with robocopy on Windows.

best regards,
Thomas

[diwiwi]

It may need repair, as what QNAP support suggested (if you want to use it again).
Unfortunately, the repair costs are now based on "levels" rather than the specific components... https://www.qnap.com/en/rma-service

Anyway, good to know a workaround~