Hacking Attempt

[snorkel]

I had a hack attempt on my NAS - about 1000 lines like this in the log. They all failed.
259153 Warning 5/1/2017 16:29:56 admin 91.67.185.35 --- HTTP Administration Login Fail

I have port 8080 forwarded on my router to the QNAP NAS.
I have Qsync enabled for devices outside my network to use Qsync

Is the hacking just related to someone scanning port 8080 and seeing it's open?
Should I be setting the Qsync to a secure connection instead or would it not make any difference in terms of ease of hacking.

[dolbyman]

right now lots of people having their NAS systems hacked, so better to not expose your QNAP to the internet and use a VPN instead (preferably done by another device, e.g. router)

[OneCD]

I had a hack attempt on my NAS - about 1000 lines like this in the log. They all failed.
...
I have port 8080 forwarded on my router to the QNAP NAS.
...
Is the hacking just related to someone scanning port 8080 and seeing it's open?

No, they already know it's open - they're trying to brute-force your admin password.

Totally agree with using a VPN. Close port 8080 in your router firewall immediately.

BTW: a whois for '91.67.185.35' shows:

Responsible organisation: Vodafone Kabel Deutschland GmbH
Abuse contact info: abuse@kabeldeutschland.de

You may want to send them an email.

[snorkel]

How am I going to close port 8080 and allow for Qsync to work from the two off-site locations outside of our network? We have three separate offices with their own internet connection. No VPN between them.

Is there a more secure way of doing Qsync?

[OneCD]

We have three separate offices with their own internet connection. No VPN between them.

Maybe create a VPN between them, then?

Is there a more secure way of doing Qsync?

I'm sure QSync is quite secure - as long as you're using HTTPS instead of HTTP to establish the connection.

But that's not the problem. Any port you expose can be hammered with login requests. Given enough time or luck, they will get in. So, suggest you use some form of IP banning. If your router supports this, then use it.

If not, your NAS has a basic IP banning system built-in. This can be found in the QTS Control Panel -> System Settings -> Security -> Network Access Protection tab. Enable it, and tick the checkbox for HTTP(S).

[Don]

Set up a vpn between sites.

[snorkel]

Ok, thanks for the advice about the IP banning setting. I just set that. Should make it less "fun" for anyone wanting to keep cracking at it.

I could set up a VPN from the two sites that have Qsync users to the main office that houses the NAS. However.............
if users took their PCs home they would not be part of the office network any longer where the site to site VPN would allow qsync to work.

It's always security level vs. inconvenience level.

[Don]

Ok, thanks for the advice about the IP banning setting. I just set that. Should make it less "fun" for anyone wanting to keep cracking at it.

I could set up a VPN from the two sites that have Qsync users to the main office that houses the NAS. However.............
if users took their PCs home they would not be part of the office network any longer where the site to site VPN would allow qsync to work.

It's always security level vs. inconvenience level.

They can still set up a VPN from their PC to either the office router or NAS itself.

[snorkel]

Yes, I had thought of this - a VPN from their computer to the other router or the NAS, but.................
They need to periodically connect to another PPTP VPN in order to remotely manage a Windows workstation via RDP that controls a heating/air conditioning system. And I thought that you can't have two VPNs going at the same time.

But, i TOTALLY agree that VPN would allow me to close the hole in the firewall to cut off most of the hacking attempts.

[dolbyman]

PPTP is a bit insecure, so using it from a public wifi might be a bad idea (someone could snoop and cloudcrack your credentials) , I would switch over your VPN to OpenVPN or IPSEC.

But other than that you should be able to connect to your PPTP server with more than one client at a time

[snorkel]

I think for casual use, PPTP is still ok. We're not talking about super secret information. I'll look into being able to run two VPNs at the same time. Thanks for all the replies.

[Sol-Info]

Hi,

I tried to connect two QNAP with VPN PPTP. It work, the QNAP client is connected to the server but I can't communicat with. Which rules I have to add in my firewall to work ?

Thank's in advance.

Sol-Info

[smartwombat]

They need to periodically connect to another PPTP VPN in order to remotely manage a Windows workstation via RDP that controls a heating/air conditioning system.

My solution to that was Oracle VM VirtualBox, setup the second VPN within that VM so that the main system is not affected, and the (infrequently used) VM can be spun up/state saved when needed.
It saves my main machine going all Arabic on me, as the VPN connects via the UAE and my point of presence suddenly moves there and everything "helpfully" gets set to the local language.