I'm being attacked ...

Post your questions about myQNAPcloud service here.
Post Reply
mikeeedwards
First post
Posts: 1
Joined: Wed Jul 17, 2013 5:20 am

I'm being attacked ...

Post by mikeeedwards »

Recently, I noticed an extreme number of events in the QUFirewall in which external addresses are trying to get into my NAS. What tipped me onto something happening is my personal account on the NAS was disabled due to the number of failed attempts to login (my account is not the 'admin' account).

So, before anyone asks ...
- yes, I know the firewall is doing it's thing by keeping the bad guys out of my server
- yes, my password is complex (24 chars with a mix of every type)
- yes, my router is secured and I've been trying to block them there
- no, they haven't attacked anything else on my network

What bothers me most is how much external traffic is making it into my network. Not cool. Which is why I'm troubling shooting.

What stopped the attacks is to turn off myQnapCloud access on my NAS. Given the pandemic, I'm not using it anyways. However ... to me it appears there's a security problem on the outside of myqnapcloud ... not cool!

any thoughts?

Thanks!
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: I'm being attacked ...

Post by dolbyman »

you must have missed all of these

https://www.bleepingcomputer.com/news/s ... s-devices/
https://www.bleepingcomputer.com/news/s ... p-devices/
viewtopic.php?f=45&t=160849

Never ever expose your NAS directly to WAN, no long password or crappy firewall is helping you here. (exploits)
Sometimes even QNAP even realizes this
https://blog.qnap.com/nas-internet-connect-en/

But then they forget about it again
https://www.qnap.com/en-us/news/2021/qn ... sd-support
“Secure remote access and comprehensive file management also make the TVS-x72X series ideal for a remote working file center to improve teamwork and productivity.”
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: I'm being attacked ...

Post by Moogle Stiltzkin »

these are the only remote access usages i recommend

- plex port forwarding only (most people say no problem with this to date)
- vpn remote access (you run a vpn server on your router ideally, and a remote user uses a vpn client to connect to you safely over the internet. Not any vpn protocol will do, use openvpn which is the safest vpn to date. wireguard MAY be ok :' )

https://www.youtube.com/watch?v=PgielyUFGeQ

https://www.youtube.com/watch?v=rtUl7BfCNMY



if what you are doing is exposing your nas by making your qts accessible online just like that, your telling the hackers to scan your available ports, they will detect your qnap (by detecting the common ports), then they will test if you are running an outdated QTS by using known vulnerabilities, and thats when you get hit. OR even if you do update your qts, you could still get hit by a zero day vulnerability. strong password don't save you from that and 2fa don't save you from vulnerabilities.

tbh instead of QUFirewall, i rather rely on pfsense router firewall and pfblocker running on router for such thing. i'd use it in conjunction with a VPN if the intent is remote access.

here is an example of QNAP qts searchable and accessible from the internet for the qts web access default 8080
https://www.shodan.io/search?query=qnap

DO NOT DO THIS! this is what we meant when not to expose your qnap online in such a manner o-O;

Use a vpn if you need remote access to the QNAP.

and also NEVER use UPNP on your router or any of your devices (although it will all require that your router upnp feature be enabled for them to work to begin with). It automates port forwarding which is a huge risk. Any port forwarding needed e.g. plex and vpn, should be set manually.

better yet, if you do not need remote access, then don't port forward at all to begin with. By default router firewalls such as pfsense are safe at default settings. However you are still required to update your router for the security patches :' (some people don't realize this)

and other reminders, make sure to regularly UPDATE your router, your qnaps, your client devices on your network e.g. pcs, smart tv, smartphones, wireless access points etc

also keep backups (this protects you from many case scenarios)
https://www.reddit.com/r/qnap/comments/ ... _a_backup/
Last edited by Moogle Stiltzkin on Thu Jun 10, 2021 2:28 pm, edited 2 times in total.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
tim320
New here
Posts: 4
Joined: Thu Jun 10, 2021 11:56 am

Re: I'm being attacked ...

Post by tim320 »

I noticed something similar on my NAS, I put a stop to it by configuring the option under security "Allow connections from the list only" and specifying the client IPs that are allowed to connect to it.

Don't need any enternal IPs to have access to it and if I need to admin the NAS I do it from my LAN not from outside (wan)
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: I'm being attacked ...

Post by dolbyman »

disable upnp and remove port forwards(both on router)...why expose your nas if you are not accessing it ?
Post Reply

Return to “myQNAPcloud service”