IP Attack
-
- Starting out
- Posts: 10
- Joined: Wed Feb 24, 2021 5:55 pm
IP Attack
This morning, having had my TS-251D for about 3 weeks, I am now inundated with numerous failed IP logon attempts to the admin account. I have the necessary auto block IP's in force but wondered should I create a new admin user and disable the default admin account?
-
- Starting out
- Posts: 37
- Joined: Wed Aug 03, 2016 7:43 am
Re: IP Attack
I have the same issue starting late yesterday 3/22. 99% of the IP addresses are used once then they move on to another one. The same percentage all originated from China. Is there a way to force a delay in the logon attempt is the admin fails to logon?
- dolbyman
- Guru
- Posts: 35253
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: IP Attack
get your nas out of the web, if expoits are used, you will never get a message
- spile
- Been there, done that
- Posts: 641
- Joined: Tue May 24, 2016 12:13 am
Re: IP Attack
Have you followed the steps in Security Counsellor?
-
- Starting out
- Posts: 10
- Joined: Wed Feb 24, 2021 5:55 pm
Re: IP Attack
I have indeed however coincidently all these attempts have now stopped?
- GTunney
- Been there, done that
- Posts: 739
- Joined: Tue Oct 14, 2014 4:16 pm
Re: IP Attack
I've just had another spout of them right now.
Model: TS-453D 8GB
Disks: 3 x 4TB Western Digital WD40EFRX - RAID 5
Total Storage: 7.2TB
Applications: Plex | Sonarr | QSabnzbd+ | Radarr | Home Assistant | MQTT/Z2M
Other Devices: Netgear D7000 AC1900 VDSL Router | FTTP - 1014/104 | Netgear GS108 Gigabit Switch
Disks: 3 x 4TB Western Digital WD40EFRX - RAID 5
Total Storage: 7.2TB
Applications: Plex | Sonarr | QSabnzbd+ | Radarr | Home Assistant | MQTT/Z2M
Other Devices: Netgear D7000 AC1900 VDSL Router | FTTP - 1014/104 | Netgear GS108 Gigabit Switch
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: IP Attack
do not expose your nas to the world wide web. then these attacks SHOULD stop. because your nas should be on your lan behind a router (with firewall) to protect you from people on internet. then they can't talk to your nas IF you do not expose your nas or your internal network and the devices in them to the internet
not sure what router you are using, but pfsense by default is already considered secure. e.g. firewall enabled, upnp not enabled, no port forwardings at all,
this is pfsense update frequency
https://www.reddit.com/r/PFSENSE/commen ... e/feknvjf/
some other brands like asus tend to be slow on that, to the point that third parties like merlin had to step in and offer third party firmware with more frequently updated security patches.
dlink and asus lack of security updates were so bad that at one point they were both hit by the fcc requiring security audits on their router security patching policy
https://www.zdnet.com/article/asus-hit- ... -security/
https://www.theverge.com/2019/7/4/20682 ... ty-hacking
myqnapcloud and cloudlink disable and uninstall that for starters. you don't need it these apps are the ones that tend to try and make your nas available remotely. something you don't want to do normally.
i would instead recommend using vpn on router, if remote access is a requirement. and even that has further requirements for further reducing risk of attacks, like ensuring you update qts and client devices regularly etc
https://www.youtube.com/watch?v=PgielyUFGeQ
not sure what router you are using, but pfsense by default is already considered secure. e.g. firewall enabled, upnp not enabled, no port forwardings at all,
this is pfsense update frequency
https://www.reddit.com/r/PFSENSE/commen ... e/feknvjf/
some other brands like asus tend to be slow on that, to the point that third parties like merlin had to step in and offer third party firmware with more frequently updated security patches.
dlink and asus lack of security updates were so bad that at one point they were both hit by the fcc requiring security audits on their router security patching policy
https://www.zdnet.com/article/asus-hit- ... -security/
https://www.theverge.com/2019/7/4/20682 ... ty-hacking
myqnapcloud and cloudlink disable and uninstall that for starters. you don't need it these apps are the ones that tend to try and make your nas available remotely. something you don't want to do normally.
i would instead recommend using vpn on router, if remote access is a requirement. and even that has further requirements for further reducing risk of attacks, like ensuring you update qts and client devices regularly etc
https://www.youtube.com/watch?v=PgielyUFGeQ
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: IP Attack
If you're going to refer to article, you might as well make sure the references are accurate.Moogle Stiltzkin wrote: ↑Wed Mar 24, 2021 6:02 pm ...
dlink and asus lack of security updates were so bad that at one point they were both hit by the fcc requiring security audits on their router security patching policy
https://www.zdnet.com/article/asus-hit- ... -security/
https://www.theverge.com/2019/7/4/20682 ... ty-hacking
The FCC (Federal Communications Commission) has no oversight or authority for security of consumer devices, that falls (partly) under the purview of the FTC - Federal Trade Commission.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
- antik
- Know my way around
- Posts: 245
- Joined: Mon May 18, 2015 2:51 pm
Re: IP Attack
TVS-h1288X-W1250-128G (850W) + T3 card + QXG-10G1T + GIGABYTE RTX 4080 Super Gaming OC 16G (Silent FW) + 2x 2TB M.2 NVMe Kingston KC3000 (RAID0 - apps, Qsync, VM's) + 12x 2,5“ 3,84TB SATA SSD Kingston DC600M (RAID5 - VM's, data).
TVS-1282T3-i7-48G (450W) + QXG-10G1T + PALiT GeForce GTX 1660 Super GP OC + 2x 1TB M.2 NVMe ADATA SX8200PNP (RAID0 - apps) + 4x 2,5“ 3,84TB SATA SSD Samsung PM883 (RAID5 - data backup) + 8x 8TB Seagate IronWolf Pro (RAID6 - data backup).
TS-677-16GB + 1x 256GB SSD Samsung EVO (apps) + 3x 8TB Seagate Exos (RAID0 - QVR Pro cameras recording)
Network stuff (priority use of 10GbE): QHora-301W, QSW-804-4C, ASUS XG-U2008 and TP-Link TL-SG1008MP. Protected by 2x APC CYBERFORT II 700VA.
TVS-1282T3-i7-48G (450W) + QXG-10G1T + PALiT GeForce GTX 1660 Super GP OC + 2x 1TB M.2 NVMe ADATA SX8200PNP (RAID0 - apps) + 4x 2,5“ 3,84TB SATA SSD Samsung PM883 (RAID5 - data backup) + 8x 8TB Seagate IronWolf Pro (RAID6 - data backup).
TS-677-16GB + 1x 256GB SSD Samsung EVO (apps) + 3x 8TB Seagate Exos (RAID0 - QVR Pro cameras recording)
Network stuff (priority use of 10GbE): QHora-301W, QSW-804-4C, ASUS XG-U2008 and TP-Link TL-SG1008MP. Protected by 2x APC CYBERFORT II 700VA.
-
- Starting out
- Posts: 10
- Joined: Wed Feb 24, 2021 5:55 pm
Re: IP Attack
Antik
Those links were very insightful and useful, many thanks
Those links were very insightful and useful, many thanks
- Xmantium
- Been there, done that
- Posts: 579
- Joined: Fri Sep 03, 2010 3:55 am
- Location: Manchester, England
Re: IP Attack
Its now happed to me. Surely qnap can stop this kind of attack
Looks like a bot trying use different IP address every few minutes
Heres a few guides you can follow - https://www.qnap.com/en/how-to/faq/arti ... ount-admin
Looks like a bot trying use different IP address every few minutes
Heres a few guides you can follow - https://www.qnap.com/en/how-to/faq/arti ... ount-admin
You do not have the required permissions to view the files attached to this post.
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: IP Attack
Lol! There are very few people in the world that can stop a bot attack, least of all QNAP.
Just do not make ports 8080 & 443 accessible to the Internet, and there will be no attack to your NAS.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
- dolbyman
- Guru
- Posts: 35253
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: IP Attack
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- Know my way around
- Posts: 136
- Joined: Mon Aug 13, 2018 4:58 pm
Re: IP Attack
made my daydolbyman wrote: ↑Tue Apr 13, 2021 9:55 pm @jaysona
see here how well he listens
viewtopic.php?f=345&t=160407