IP Attack

Q'center app, Helpdesk app
Chalky11
Starting out
Posts: 10
Joined: Wed Feb 24, 2021 5:55 pm

IP Attack

Post by Chalky11 »

This morning, having had my TS-251D for about 3 weeks, I am now inundated with numerous failed IP logon attempts to the admin account. I have the necessary auto block IP's in force but wondered should I create a new admin user and disable the default admin account?
rpfleging
Starting out
Posts: 37
Joined: Wed Aug 03, 2016 7:43 am

Re: IP Attack

Post by rpfleging »

I have the same issue starting late yesterday 3/22. 99% of the IP addresses are used once then they move on to another one. The same percentage all originated from China. Is there a way to force a delay in the logon attempt is the admin fails to logon?
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: IP Attack

Post by dolbyman »

get your nas out of the web, if expoits are used, you will never get a message
User avatar
spile
Been there, done that
Posts: 637
Joined: Tue May 24, 2016 12:13 am

Re: IP Attack

Post by spile »

Have you followed the steps in Security Counsellor?
Chalky11
Starting out
Posts: 10
Joined: Wed Feb 24, 2021 5:55 pm

Re: IP Attack

Post by Chalky11 »

I have indeed however coincidently all these attempts have now stopped?
User avatar
GTunney
Been there, done that
Posts: 737
Joined: Tue Oct 14, 2014 4:16 pm

Re: IP Attack

Post by GTunney »

I've just had another spout of them right now.
Model: TS-653B 8GB
Disks: 3 x 4TB Western Digital WD40EFRX - RAID 5
Total Storage: 7.2TB
Applications: Plex MS | Watcher3 | QSabnzbd+ | QSickrage | Home Assistant | Kodi v18.4 MySQL
Other Devices: Netgear D7000 AC1900 VDSL Router | FTTC - 80/20 | Netgear GS108 Gigabit Switch
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: IP Attack

Post by Moogle Stiltzkin »

do not expose your nas to the world wide web. then these attacks SHOULD stop. because your nas should be on your lan behind a router (with firewall) to protect you from people on internet. then they can't talk to your nas IF you do not expose your nas or your internal network and the devices in them to the internet :'

not sure what router you are using, but pfsense by default is already considered secure. e.g. firewall enabled, upnp not enabled, no port forwardings at all,

this is pfsense update frequency
https://www.reddit.com/r/PFSENSE/commen ... e/feknvjf/

some other brands like asus tend to be slow on that, to the point that third parties like merlin had to step in and offer third party firmware with more frequently updated security patches.


dlink and asus lack of security updates were so bad that at one point they were both hit by the fcc requiring security audits on their router security patching policy
https://www.zdnet.com/article/asus-hit- ... -security/
https://www.theverge.com/2019/7/4/20682 ... ty-hacking



myqnapcloud and cloudlink disable and uninstall that for starters. you don't need it :' these apps are the ones that tend to try and make your nas available remotely. something you don't want to do normally.

i would instead recommend using vpn on router, if remote access is a requirement. and even that has further requirements for further reducing risk of attacks, like ensuring you update qts and client devices regularly etc
https://www.youtube.com/watch?v=PgielyUFGeQ
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: IP Attack

Post by jaysona »

Moogle Stiltzkin wrote: Wed Mar 24, 2021 6:02 pm ...

dlink and asus lack of security updates were so bad that at one point they were both hit by the fcc requiring security audits on their router security patching policy
https://www.zdnet.com/article/asus-hit- ... -security/
https://www.theverge.com/2019/7/4/20682 ... ty-hacking
If you're going to refer to article, you might as well make sure the references are accurate. ;)

The FCC (Federal Communications Commission) has no oversight or authority for security of consumer devices, that falls (partly) under the purview of the FTC - Federal Trade Commission.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
User avatar
antik
Know my way around
Posts: 241
Joined: Mon May 18, 2015 2:51 pm

Re: IP Attack

Post by antik »

TVS-h1288X-W1250-128G (850W) + T3 card + QXG-10G1T + GIGABYTE RTX 4070 Ti Super Gaming OC 16G (Silent FW) + 2x 2TB M.2 NVMe Kingston KC3000 (RAID0 - apps, Qsync, VM's) + 12x 2,5“ 3,84TB SATA SSD Kingston DC600M (RAID5 - VM's, data).

TVS-1282T3-i7-48G (450W) + QXG-10G1T + PALiT GeForce GTX 1660 Super GP OC + 2x 1TB M.2 NVMe ADATA SX8200PNP (RAID0 - apps) + 4x 2,5“ 3,84TB SATA SSD Samsung PM883 (RAID5 - data backup) + 8x 8TB Seagate IronWolf Pro (RAID6 - data backup).
TS-677-16GB + 1x 256GB SSD Samsung EVO (apps) + 3x 8TB Seagate Exos (RAID0 - QVR Pro cameras recording)
Network stuff (priority use of 10GbE): QHora-301W, QSW-804-4C, ASUS XG-U2008 and TP-Link TL-SG1008MP. Protected by 2x APC CYBERFORT II 700VA.
Chalky11
Starting out
Posts: 10
Joined: Wed Feb 24, 2021 5:55 pm

Re: IP Attack

Post by Chalky11 »

Antik

Those links were very insightful and useful, many thanks
User avatar
Xmantium
Been there, done that
Posts: 579
Joined: Fri Sep 03, 2010 3:55 am
Location: Manchester, England

Re: IP Attack

Post by Xmantium »

Its now happed to me. Surely qnap can stop this kind of attack

Looks like a bot trying use different IP address every few minutes

Heres a few guides you can follow - https://www.qnap.com/en/how-to/faq/arti ... ount-admin
You do not have the required permissions to view the files attached to this post.
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: IP Attack

Post by jaysona »

Xmantium wrote: Fri Apr 09, 2021 9:58 pm Its now happed to me. Surely qnap can stop this kind of attack
...
Lol! There are very few people in the world that can stop a bot attack, least of all QNAP.

Just do not make ports 8080 & 443 accessible to the Internet, and there will be no attack to your NAS.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: IP Attack

Post by dolbyman »

@jaysona

see here how well he listens

viewtopic.php?f=345&t=160407
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: IP Attack

Post by jaysona »

:roll: :roll:
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
syncthing
Know my way around
Posts: 136
Joined: Mon Aug 13, 2018 4:58 pm

Re: IP Attack

Post by syncthing »

dolbyman wrote: Tue Apr 13, 2021 9:55 pm @jaysona

see here how well he listens

viewtopic.php?f=345&t=160407
made my day :lol:
Post Reply

Return to “NAS Management”