Latest QNAP security cluster *** have you ditched QNAP?

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Latest QNAP security cluster *** have you ditched QNAP?

Post by jaysona »

Since last weekend (24-APR-2021) I have ditched my TS-269 Pro and TS-253 Pro and replaced it with an Asustor AS6604T. The best part is was actually able to sell my used units for more than what I paid for the Asustor! :DD

Next to go are both of my TS-670 Pro w. i7-3770, 16Gig RAM and my TS-870 Pro w. i7-3770, 16Gig RAM, I will be replacing them with a couple of used Asustor AS7010T. It'll probably be a couple of weeks before the used unit arrive.

Initial thoughts of the AS6604T, omg, it's what a NAS should be and the hard disks actually spin down! I forgot how quiet a NAS can actually be. :D :geek:
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
pbrunnen
Starting out
Posts: 21
Joined: Wed Sep 14, 2011 6:40 am

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by pbrunnen »

Well, I'm no longer going to be selling or recommending them to my clients...
The forced apps have been annoying. The crashing NFS in the firmware last year was aggravating. My argument with their support that started last month regarding drive encryption where it took them a month to just wash their hands of me and say "no we won't support that setup"... Oh, and I'm trying to get their support to fix a spanning tree bug in their switches. Yea, I've lost all confidence in their ability to produce stable, decent, trustworthy gear.

But for what is already deployed... I can't just rip them all out. I am blocking all Internet bound traffic from my qnap units except udp/123 (ntp) since QNap won't come clean on the attack vector.
Where are you selling your units? I've just listed one for sale here... I tried eBay, but selling there is a mess now since they dropped PayPal.

Thanks!
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by jaysona »

I am listing my NASes on a local site - kijiji - no need to deal with credit cards, paypal etc, just instant email money transfer.

I think the only QNAP unit I will keep for a while is the TVS-EC1080.
Last edited by jaysona on Thu Apr 29, 2021 8:22 pm, edited 1 time in total.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

I bought two USB 3 SSDs and I’ll be installing TrueNAS Core or Scale

https://www.amazon.com/dp/B07YD62982/re ... UTF8&psc=1
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

Have a 12-drive rackmount SuperMicro chassis on the way (was already thinking about it as I need more room in the rack) for TrueNas. Will likely keep Ryzen QNAP online, but will offline my smaller ones.


Sent from my iPad using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
User avatar
Toxic17
Ask me anything
Posts: 6468
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Toxic17 »

Trexx wrote: Thu Apr 29, 2021 8:18 pm Have a 12-drive rackmount SuperMicro chassis on the way (was already thinking about it as I need more room in the rack) for TrueNas. Will likely keep Ryzen QNAP online, but will offline my smaller ones.


Sent from my iPad using Tapatalk
yep my next NAS will be a rackmount too. though not entirely sure what it will be. except it wont be a Qnap.
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
Ericnepean
Know my way around
Posts: 132
Joined: Mon Jul 02, 2012 4:35 pm

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Ericnepean »

I now see my QNAP TS251A as the weakest link in my security, even though not exposed to the internet. Rethinking the whole NAS idea as well as backup storage.

I'm not sure if any NAS vendor has significantly better security.

Synology has also been around a while and is also a target. My Netgear NAS's were a joke.

ASUS NAS's are relatively recent, how do we know their security will be that much better than QNAP, once the hacker community starts to focus on them?

As for this whole thick volume, thin volume, snapshot set of features - its like a fancy office building built on sand. Better to stick with the basics.
Eric in Ottawa, Canada
TS-251A with 2x 6TB Seagate IronWolf in RAID 1
TR-004 with 4x 4TB HGST in RAID 5
DS923+ with 4x10GB WD Red in RAID 5
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by jaysona »

Ericnepean wrote: Thu Apr 29, 2021 10:43 pm I now see my QNAP TS251A as the weakest link in my security, even though not exposed to the internet. Rethinking the whole NAS idea as well as backup storage.

I'm not sure if any NAS vendor has significantly better security.
I doubt any can get any worse than QNAP.
Synology has also been around a while and is also a target. My Netgear NAS's were a joke.

ASUS NAS's are relatively recent, how do we know their security will be that much better than QNAP, once the hacker community starts to focus on them?

As for this whole thick volume, thin volume, snapshot set of features - its like a fancy office building built on sand. Better to stick with the basics.
Synology have had a few attacks in the past as well, but no where near as many as QNAP. Also, take a look at the sheer number of CVE entries for QNAP compared to Synology.

Synology and Asustor appear to have taken radically different approaches to their respective software architectures compared to QNAP. I am still putting my Asustor though its paces, and I will not be making the ADM interface accessible from the Internet, but I do plan on making some other services available - after I have subjected them to various levels of OpenVAS and Nexpose testing.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
pbrunnen
Starting out
Posts: 21
Joined: Wed Sep 14, 2011 6:40 am

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by pbrunnen »

Just a word of caution to those wanting to use FreeNAS/TrueNAS on QNap hardware...
I've tried it on a few (and you can see my posts -- same name on the TrueNAS community) but only the older models seem to work. Many of the newer QNap models use a Marvell 88SE1475 SATA interface chip which is not supported in the Linux or BSD mainline kernels. While I've found a copy of the mv14xx kernel module source on the QNap downloads (see the QXP-1600eS card) my attempts to use it have always ended in kernel panics. I'm not a kernel developer, so my ability to debug past this point is limited.
User avatar
Toxic17
Ask me anything
Posts: 6468
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Toxic17 »

jaysona wrote: Thu Apr 29, 2021 11:32 pm Synology and Asustor appear to have taken radically different approaches to their respective software architectures compared to QNAP.
Thats more likely down to who left QNAP years ago to join Synology and Asustor. I heard all the good techies left QNAP years ago. there other thing is most of Synology and Asustor are packaged based and they update accordingly. QNAP on the other hand adds Apache/php and mysql into firmware which makes updating these packages near non existant.

SQL on the latest QTS is MariaDB 5.5.x which is eol of life last year. they are aware of it however as I have raised tickets with them this week.
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

i did not get hit by the recent security issues in the past few years (including this recent one). although i am still monitoring the situation as it unfolds, cause you never know. i use my qnap on lan only without port forwarding, and i usually update regularly and have backups for emergencies.

i acknowledge there is more issues for users that require remote access (hence the stories about qsnatch, qlocker etc). but for my own particular usage, it seems i am less affected by these types of things usually : 8)


qnap nas is my daily driver and backups. no did not ditch them haven't yet had a reason to :' The only time where i got very frustrated was random reboot issue that began with qts 4.4.1 but has long since been resolved. that event really tested my patience, but thkfully it was a rare incident that happened after many years of using a qnap (hope to never see that issue again :? )

pbrunnen wrote: Thu Apr 29, 2021 11:53 pm Just a word of caution to those wanting to use FreeNAS/TrueNAS on QNap hardware...
I've tried it on a few (and you can see my posts -- same name on the TrueNAS community) but only the older models seem to work. Many of the newer QNap models use a Marvell 88SE1475 SATA interface chip which is not supported in the Linux or BSD mainline kernels. While I've found a copy of the mv14xx kernel module source on the QNap downloads (see the QXP-1600eS card) my attempts to use it have always ended in kernel panics. I'm not a kernel developer, so my ability to debug past this point is limited.
omg... this is dissapointing to hear. my plans for eol status was to use truenas on the qnap, but now this..... so what now? do i have to resort to unraid if truenas won't work for the newer qnap models, or will that have the same issue? i'm also not a technical expert either on these things :(

for older models, would a ts-509 pro and a ts-653a work using truenas? :'

found ur post, interesting read. i'll probly keep track of it to see how it goes :' thx
https://www.truenas.com/community/threa ... ost-642580
Last edited by Moogle Stiltzkin on Fri Apr 30, 2021 7:05 am, edited 1 time in total.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

pbrunnen wrote: Thu Apr 29, 2021 11:53 pm Just a word of caution to those wanting to use FreeNAS/TrueNAS on QNap hardware...
I've tried it on a few (and you can see my posts -- same name on the TrueNAS community) but only the older models seem to work. Many of the newer QNap models use a Marvell 88SE1475 SATA interface chip which is not supported in the Linux or BSD mainline kernels. While I've found a copy of the mv14xx kernel module source on the QNap downloads (see the QXP-1600eS card) my attempts to use it have always ended in kernel panics. I'm not a kernel developer, so my ability to debug past this point is limited.
Shazbot! Two Marvell and one Intel SATA controller.

Code: Select all

[~] # lspci -k | grep -i 0106
02:00.0 Class 0106: 1b4b:9215 ahci
00:13.0 Class 0106: 8086:22a3 ahci
01:00.0 Class 0106: 1b4b:9215 ahci
https://devicehunt.com/view/type/pci/ve ... evice/9215
88SE9215 PCIe 2.0 x1 4-port SATA 6 Gb/s Controller
https://devicehunt.com/view/type/pci/ve ... evice/22A3
Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series SATA Controller

Some reports on TrueNAS forum indicate support for the 88SE9215
https://www.truenas.com/community/searc ... =relevance
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Trexx »

pbrunnen wrote:Just a word of caution to those wanting to use FreeNAS/TrueNAS on QNap hardware...
I've tried it on a few (and you can see my posts -- same name on the TrueNAS community) but only the older models seem to work. Many of the newer QNap models use a Marvell 88SE1475 SATA interface chip which is not supported in the Linux or BSD mainline kernels. While I've found a copy of the mv14xx kernel module source on the QNap downloads (see the QXP-1600eS card) my attempts to use it have always ended in kernel panics. I'm not a kernel developer, so my ability to debug past this point is limited.
Just out of curiosity, have you tried the latest alpha version of TrueNas Scale which is Debian based to see if they had support?


Sent from my iPad using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
elvisimprsntr

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by elvisimprsntr »

Moogle Stiltzkin wrote: Fri Apr 30, 2021 5:06 am for older models, would a ts-509 pro and a ts-653a work using truenas? :'
TS-653A likely has the same SATA controllers as my TS-453A

Code: Select all

[~] # lspci -k | grep -I 0106 # 0106 = mass storage device
02:00.0 Class 0106: 1b4b:9215 ahci
00:13.0 Class 0106: 8086:22a3 ahci
01:00.0 Class 0106: 1b4b:9215 ahci
Perform the same command on your other NAS and head to https://devicehunt.com and plug in the vendor and device ID to see the details
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Latest QNAP security cluster *** have you ditched QNAP?

Post by Moogle Stiltzkin »

elvisimprsntr wrote: Fri Apr 30, 2021 5:52 pm
Moogle Stiltzkin wrote: Fri Apr 30, 2021 5:06 am for older models, would a ts-509 pro and a ts-653a work using truenas? :'
TS-653A likely has the same SATA controllers as my TS-453A

Code: Select all

[~] # lspci -k | grep -I 0106 # 0106 = mass storage device
02:00.0 Class 0106: 1b4b:9215 ahci
00:13.0 Class 0106: 8086:22a3 ahci
01:00.0 Class 0106: 1b4b:9215 ahci
Perform the same command on your other NAS and head to https://devicehunt.com and plug in the vendor and device ID to see the details
good tip thx :)
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
Post Reply

Return to “Users' Corner”