Not locking out

Q'center app, Helpdesk app
Post Reply
borg357
Starting out
Posts: 17
Joined: Mon Jun 03, 2013 3:17 pm

Not locking out

Post by borg357 » Wed Oct 14, 2020 12:54 pm

So, I have some guy trying to log into my admin account, every 15mins, for 3 days..

How does someone do this, and not get locked out from the same IP?? I clearly have access protection on to block for 1 day if 5 attempts... but this guy is allowed to pound the door day and night for 3 days?

Are they spoofing or malformed the IP or something?

Thanks
-Richard

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9207
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Not locking out

Post by Moogle Stiltzkin » Wed Oct 14, 2020 1:02 pm

i'm guessing that your nas is exposed online, so people can keep trying their luck with you.

if you need remote access, use vpn



as for your question, if it's the same ip, and you set the access protection to trigger block for failed login attempts, it would block them for time x..

check your settings, it's under qts security, network access protection.

i still recommend you not make your nas exposed simply like that.....

even if they don't figure out your password, they can still attack you using known vulnerabilities (they will assume you don't update qts, which unfortunately a lot of people are guilty of lax management).

Or even worse, they may try a zero day attack (an unknown vulnerability, which was what happened for qsnatch as an example)


anyway report bugs to qnap
https://service.qnap.com/


not 100% sure, but by default it's set to allow access to all. perhaps that needs to switch to blacklist mode. so when they get flagged, their ip might be put into that blacklist. i'm not sure if this will work that way, but it's very likely.
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS (HDN724040ALE640) & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) single disks.
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-228
[^] QNAP TS-128
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Asus AC68U Router|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

borg357
Starting out
Posts: 17
Joined: Mon Jun 03, 2013 3:17 pm

Re: Not locking out

Post by borg357 » Fri Oct 16, 2020 11:37 am

Thanks for the response..

I did and do have access protection on. It's set to 5 times.

So, my question still remains.. How are they able to get by the access protection, and try over and over again?

Thanks

-Richard

Post Reply

Return to “NAS Management”