My 470 has developed a multiple personality disorder

Post your questions about myQNAPcloud service here.
Post Reply
Mike_Ti22
New here
Posts: 3
Joined: Fri Feb 05, 2016 2:28 am

My 470 has developed a multiple personality disorder

Post by Mike_Ti22 »

late yesterday I got a message from iCloud saying that my NAS was being removed! so the following morning I went to log into the device to see what was going on. Imagine my surprise when I browsed to the ip and the welcome page was entirely different to the one I had set up and then there was a ripple of fear shot through me when I couldn't login using my admin credentials. At this point my first concern was the data on my raid array which was mainly set up for access via iSCSI. On waking my MacBook 2 of the 4 iSCSCI targets had initiated but the network host name that was now being used was a combination of the Mac address and again there was not access via smb using my admin credentials. AnywayI spent a day backing all of the data onto another DAS raid that I have just to secure it so I can unpick what went on with the NAS. The first thing I went to do was to re-register it on QNAP Cloud, but of course I can't because the Q Cloud still has the details of the original device, even though its not making the record available to me. Has anyone come across this scenario before? and is there a way to delete the old record from Q Cloud so that I can reregister the device again?

PS as an aside and its something I'm going to raise in a security forum, the NAS reset the admin credentials to the QNAP Admin/Admin default, so had it not been in a secure location, my personal data would have been available to the world!! That is such a big FCUK UP there is no way that that should ever happen
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: My 470 has developed a multiple personality disorder

Post by dolbyman »

1. NEVER EVER EVER expose your NAS to WAN (look at the millions of bucks lost in deabolt ransomware payments this year alone)

2. ALWAYS have external backups..a RAID is never a backup!


≈========
If your NAS was reset to admin/admin, it must run a very old firmware as current firmwares reset to admin/FIRSTMAC ..exposing a severely outdated NAS is even more insane than an updated one.

I just checked...the 470Pro is so old that it is stuck on 4.3.6 and The FIRSTMAC change was done starting 4.4.2.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: My 470 has developed a multiple personality disorder

Post by Moogle Stiltzkin »

Mike_Ti22 wrote: Sat Dec 10, 2022 9:18 am late yesterday I got a message from iCloud saying that my NAS was being removed!

so the following morning I went to log into the device to see what was going on. Imagine my surprise when I browsed to the ip and the welcome page was entirely different to the one I had set up and then there was a ripple of fear shot through me when I couldn't login using my admin credentials.


At this point my first concern was the data on my raid array which was mainly set up for access via iSCSI. On waking my MacBook 2 of the 4 iSCSCI targets had initiated but the network host name that was now being used was a combination of the Mac address and again there was not access via smb using my admin credentials.

AnywayI spent a day backing all of the data onto another DAS raid that I have just to secure it so I can unpick what went on with the NAS.

The first thing I went to do was to re-register it on QNAP Cloud, but of course I can't because the Q Cloud still has the details of the original device, even though its not making the record available to me.

Has anyone come across this scenario before? and is there a way to delete the old record from Q Cloud so that I can reregister the device again?

PS as an aside and its something I'm going to raise in a security forum, the NAS reset the admin credentials to the QNAP Admin/Admin default, so had it not been in a secure location, my personal data would have been available to the world!! That is such a big FCUK UP there is no way that that should ever happen
few things that others pointed out.

you need to have backups ready BEFORE any tragedy happens. You wouldn't be as panicked as long as u had those backups handy
https://www.reddit.com/r/qnap/comments/ ... _a_backup/

the 2nd issue, is you are exposing your nas inappropriately online. So if your nas does get compromised, thats your own fault for doing that.

If you MUST have remote, setup a vpn for that type of usage.

https://www.youtube.com/watch?v=PgielyUFGeQ



remote usage users need to be much more diligent in maintenance compared to lan only no remote users :D so make sure you update your routers, your client devices, apps etc.... to connect to nas you use vpn client to connect to vpn server setup on your router/firewall e.g. pfsense like in the youtube example.



fyi if you opt for offsite backup, it's highly recommended that the backup you do is encrypted. especially if it's on a cloud service provider for a server u don't control yourself. Also enable ssl for encrypted traffic while you are at it.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
Mike_Ti22
New here
Posts: 3
Joined: Fri Feb 05, 2016 2:28 am

Re: My 470 has developed a multiple personality disorder

Post by Mike_Ti22 »

Thanks for the advice etc. on backups, the reason I didn’t have all my ISCSI data backed up was that the RAID 1 DAS I normally back up to unexpectedly spat a disk out and dispite being hot p&p it shafted the raid a couple of days before hand all of the other data volumes are actually backed up to another NAS that is only ever connected for that purpose and then removed to another location so the recovery data is pretty dispersed and also covered by the security footprint of the server the DAS is connected to. However there is no evidence of the network perimeter having been breached or any unauthorised access to the NAS itself or data transfer it just appears as if the NAS initiated a partial reset! I’m not overly familiar with the architecture for the QNAP but I would presume that had it reloaded from a NVRAM it would have lost all info relating to the ISCSI targets and the LUNS I guess any the RAID config would have been read back from the RAID set itself. So I guess the exam question is “is it possible for the NAS to partially reset its configuration in this manner?”
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: My 470 has developed a multiple personality disorder

Post by dolbyman »

The danger of NAS exposure is not data breaches but ransomware

viewtopic.php?f=45&t=164797

There has been freak occurrences of the reset button acting up (resetting the NAS by itself)

viewtopic.php?t=168746
viewtopic.php?t=131272
Post Reply

Return to “myQNAPcloud service”