Page 1 of 1

Security setup to block host or activity

Posted: Thu Jul 30, 2020 11:30 pm
by bgdem
Hello All,
I'm having an issue with some one constantly trying to get in as Admin user :oops: ,
admin user.jpg
its always a different host so I can't block it, I have Admin account disabled but what else I can do and stop this?
I need to keep NAS running, can't unplug it.

thank you for your input.

Re: Security setup to block host or activity

Posted: Thu Jul 30, 2020 11:35 pm
by dolbyman
remove port forwards from router to NAS and disable uPnP

if you need to access your NAS from WAN use a VPN server (best done on router or firewall appliance)

Re: Security setup to block host or activity

Posted: Thu Jul 30, 2020 11:39 pm
by bgdem
dolbyman wrote:
Thu Jul 30, 2020 11:35 pm
remove port forwards from router to NAS and disable uPnP

if you need to access your NAS from WAN use a VPN server (best done on router or firewall appliance)
I have multiple users accessing NAS with QSync, all other options can be turned off for now.

Just looked and uPnP is turned off on the router.

Re: Security setup to block host or activity

Posted: Thu Jul 30, 2020 11:53 pm
by dolbyman
if you expose your NAS and you are already under attack like this.. be prepared to get hacked (unless you have been already)

https://www.zdnet.com/article/cisa-says ... h-malware/

Only secure way for teleworker access is VPN, with all those people carelessly exposing their NAS (even more so all small businesses without real IT knowlage during covid) I think it's just a matter of time till the next new malware pops up (ransom money and crypto mining is just too lucrative for hackers to leave "on the table")

Re: Security setup to block host or activity

Posted: Fri Jul 31, 2020 3:16 am
by bgdem
dolbyman wrote:
Thu Jul 30, 2020 11:53 pm
if you expose your NAS and you are already under attack like this.. be prepared to get hacked (unless you have been already)

https://www.zdnet.com/article/cisa-says ... h-malware/

Only secure way for teleworker access is VPN, with all those people carelessly exposing their NAS (even more so all small businesses without real IT knowlage during covid) I think it's just a matter of time till the next new malware pops up (ransom money and crypto mining is just too lucrative for hackers to leave "on the table")
thank you for the link, all scans came back clean.
for now web login disabled from outside and log is clean for now.

I'm expecting QSync, GDrive, DropBox clients use the same security level, but I might have high expectations.

Re: Security setup to block host or activity

Posted: Fri Jul 31, 2020 3:32 am
by dolbyman
Qsync clients from external have to reach YOUR NAS from the internet, if you use dropbox or onedrive, users only need to reach the servers from dropbox or microsoft, not your NAS in your own network

Re: Security setup to block host or activity

Posted: Fri Jul 31, 2020 4:47 am
by spile
dolbyman wrote:
Fri Jul 31, 2020 3:32 am
Qsync clients from external have to reach YOUR NAS from the internet, if you use dropbox or onedrive, users only need to reach the servers from dropbox or microsoft, not your NAS in your own network
Which is exactly the same as using MyQnapCloud Link with no port forwarding isn’t it? You are using a third parties servers.

Re: Security setup to block host or activity

Posted: Fri Jul 31, 2020 4:50 am
by dolbyman
With that link service, the data is routed through QNAP servers (and you rely on QNAP to keep it secure and to respect your data privacy), it is certainly better than direct exposing your NAS though.

If you want to stay in control of your data and be secure.. a VPN is still your best option (and is free if you already have the needed hardware in place)

Re: Security setup to block host or activity

Posted: Fri Jul 31, 2020 1:29 pm
by spile
I read some posters advising users not to use MyQnapCloud without asking HOW they are using it. I would argue that without asking at least if they have uPnp enabled or not is rather jumping the gun.

Re: Security setup to block host or activity

Posted: Fri Jul 31, 2020 8:25 pm
by dolbyman
with all the incomming bruteforce attempts it's rather clear that your way was exposing the nas(with manual port forward or upnp), so not sure what that comment was about

*edit* .. oh you're not op .. got confused by random comment

Re: Security setup to block host or activity

Posted: Sat Aug 01, 2020 2:35 pm
by spile
Yes context is everything isn’t it. Hence “jumping the gun”.

Re: Security setup to block host or activity

Posted: Sat Aug 01, 2020 9:07 pm
by dolbyman
you random posted in here....so much for context

how is the usage of myqnap cloud important ?...op is exposing web login to wan ..why he does, doesnt matter..it matters that it is attacked

Re: Security setup to block host or activity

Posted: Sun Aug 02, 2020 5:03 am
by spile
Why is how they are using MyQnapCloud important?
Because it can be used with or without open ports and therefore the appropriate response depends on that doesn’t it?
Perhaps you are saying that the op must have ports open in order for the screen shot in the first post to have happened?

Re: Security setup to block host or activity

Posted: Sun Aug 02, 2020 5:47 am
by dolbyman
screenshot is self explaining ..not sure why u are splitting hairs here

Re: Security setup to block host or activity

Posted: Sun Aug 02, 2020 6:36 pm
by spile
Splitting hairs was not my intention.