Wrong credentials but i never changed it.

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Wrong credentials but i never changed it.

Post by bighugesumo »

Hey folks, need help over here. My Qnap ts 451 wont let me go past the admin page, it says "Wrong credentials or non valid account", i didnt change anything and im the only user. I tried the reset button on the back but it doesnt work. What the hell happened?
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Wrong credentials but i never changed it.

Post by dolbyman »

what firmeare is running?

was the password left to admin/admin ?

was any part web facing ?(then you might have been hacked)

you have backups of your data?
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Re: Wrong credentials but i never changed it.

Post by bighugesumo »

i cant remember the fw, it was updated to the last one. Yeah the password was still admin. I could never access it from the web actually, never needed, i used to login only thru my home lan. Most of the stuff yeah is backup but isnt there anything i could try?Thanks a lot.
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Wrong credentials but i never changed it.

Post by dolbyman »

you could never access it from the web... or you never tried ?

did you hold the reset button for 3 sec ?
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Re: Wrong credentials but i never changed it.

Post by bighugesumo »

I did try to access it from outside my lan but i never succeded, yeah i tried the 3 seconds reset but nothing happens and no beep after 3 or 10 seconds.
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Wrong credentials but i never changed it.

Post by dolbyman »

so if the webfrontend (and other services) were exposed to the outside with a default password, I fear the worst

maybe the attacker also disabled the reset button, then you are basically SOL

start the NAS without hard drives and see if it lets you connect to it


also a thing to try would be SSH access
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Re: Wrong credentials but i never changed it.

Post by bighugesumo »

I removed the hdds and yeah i can see it thru the qfinder but if i put the hdd back in i think it'll erase every data on the drives.
Edit: ok i did the following:
1-Turned off the nas
2-unplug hd's
3-turn it on
4-Detect the nas via Qfinder
5-Now the reset button worked! (3seconds)
6-Put the hdd's back in (without turning it off first)
7-Login in the web interface and select "Restore Factory Settings", this leaves your data intact.
8-CHANGED MY PASSWORD LOL

Thanks a lot dolbyman, lifesaver!
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Re: Wrong credentials but i never changed it.

Post by bighugesumo »

Actually most of the data is gone, only a few files are still there. I did not reinitialize the hdd and the fact that some data is still there is weird, was some data stolen?It was pretty much only music and movies though.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Wrong credentials but i never changed it.

Post by Moogle Stiltzkin »

did you find out how you got compromised?

check your router. update... (yes routers need to be updated too). If your port forwarding, try avoid that if possible. You can test your router port forwarding security here (GRC shield up)
https://www.grc.com/x/ne.dll?rh1dkyd2


desktop/laptop (connected to network, consider doing a fresh clean install, and run anti malware/anti virus). Yes desktop (i'm assuming your using windows 10) should also be regularly updated. This year especially has had quite a few major exploits that got patched.) This is just in case any of your connected devices has rootkits, malware, virus, keylogger or whatever junk.

QNAP QTS should mandatory be updated whenever security bulletin mentions a exploit got patched especially a critical one. Do not skip security updates or anything that jeopardizes your data (few months back there was that raid5/6 issue that got fixed as well)

In QNAP QTS make sure you restrict login attempts. This way people cannot just spam your QNAP with many attempts until a password works using brute force attack.

review your password policy. don't use easy passwords to avoid getting easily hacked into. May want to consider using 2 step authentication via email or google authenticator run via your smartphone.

[youtube=]3NjQ9b3pgIg[/youtube]


And also consider back up your NAS. So if another situation likes this happens, you can do a reformat factory reset, reinitialize; followed by a recover from the backup using hybrid backup sync :)
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Re: Wrong credentials but i never changed it.

Post by bighugesumo »

Well, its weird, i think most of the data is still there, folders are gone but the amount of space left let me think that the files are still on the drives, also videostation shows most of my movies, it must be something related to the media catalogue, i dont know what happened, maybe some permissions bug, thanks for the advice, i already changed password and i know ill take care of my nas way better than i used to. Where could i get a log of what happened?
Last edited by bighugesumo on Wed Oct 04, 2017 12:11 am, edited 1 time in total.
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Wrong credentials but i never changed it.

Post by dolbyman »

if you held the button for longer than 3 seconds you might have deleted the shares your created, just go to share management and recreate them (pointing to the correct folder on the drives) and you should have your data again
bighugesumo
Starting out
Posts: 42
Joined: Thu Apr 16, 2015 2:03 am

Re: Wrong credentials but i never changed it.

Post by bighugesumo »

Yes indeed, share management fixed it, all folder are visible thru that menu!

By the way:
Log :
Tipo Data Ora Utente IP origine Nome del computer Contenuto
Informazione 2017/09/27 20:43:06 System 127.0.0.1 localhost System started.
Avvertimento 2017/09/27 20:43:05 System 127.0.0.1 localhost The system was not shut down properly last time.
Informazione 2017/09/25 10:56:24 admin 213.152.162.149 --- [Users] User [admin] password changed.
Informazione 2017/09/25 10:56:00 admin 213.152.162.149 --- [Hardware] Configuration reset switch disabled.
Avvertimento 2017/09/25 10:40:11 System 127.0.0.1 localhost [Container Station] An unexpected system shutdown occurred. You must manually re-start the containers.
Informazione 2017/09/25 10:39:30 admin 213.152.162.149 --- [Share Folders] New share folder [Container] created.
Informazione 2017/09/22 22:48:12 System 127.0.0.1 localhost [App Center] Virtualization Station 3.0.2817 has been installed in /share/CACHEDEV2_DATA/.qpkg/QKVM.

What can you tell from this log?Looks like since i updated the virtualization station something went wrong, i never disabled the configuration reset switch or changed user and password at 10:56!!
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Wrong credentials but i never changed it.

Post by dolbyman »

apparently someone from holland disabled the switch and changed your admin password
MarvW
First post
Posts: 1
Joined: Wed Jan 13, 2016 10:07 am

Re: Wrong credentials but i never changed it.

Post by MarvW »

Three years later ... I had this same problem. I switched to another browser (Edge), entered some "old" credentials, and was able to sign-in. Apparently the "reset" does not remove prior credentials. I created a new user with admin privleges and now am able to sign-in at will. The reset did not enable admin/admin as advertised, even with powering down and resets everywhere. I feel fortunate to have been able to recover. My "admin" id still does not work and I have no idea of the password (except is is not "admin"); and one cannot delete the admin login. Pity.
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Wrong credentials but i never changed it.

Post by dolbyman »

admin/admin does not work anymore starting 4.4.2

it's now the first nic mac
Post Reply

Return to “Users' Corner”