What is this and best practices for security.
For now i have disabled ssh.
Sent from my Nexus 6P using Tapatalk
SSH: dozens of unauthorized access attempts failed
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
SSH: dozens of unauthorized access attempts failed
Hi guys, just noticed several dozens of qnap access attempts failed via SSH.
What is this and best practices for security.
For now i have disabled ssh.
Sent from my Nexus 6P using Tapatalk
What is this and best practices for security.
For now i have disabled ssh.
Sent from my Nexus 6P using Tapatalk
-
dolbyman
- Guru
- Posts: 35220
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: SSH: dozens of unauthorized access attempts failed
get your nas out of the open web (port forwarding)
why expose ssh ? of course bots will try to hack you
why expose ssh ? of course bots will try to hack you
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: SSH: dozens of unauthorized access attempts failed
For educational propode only, i was trying to ssh my qnap from the wlan.dolbyman wrote:get your nas out of the open web (port forwarding)
why expose ssh ? of course bots will try to hack you
Sent from my Nexus 6P using Tapatalk
-
P3R
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: RE: Re: SSH: dozens of unauthorized access attempts failed
There is nothing wrong with having ssh enabled. In fact it's dangerous not to have ssh enabled as you have now. In a failure situation ssh may be your only way to access and save the NAS.babuja wrote:For educational propode only...
The problem here is that you have ssh open from the internet.
There's no need to open ssh towards the internet for that. Disable all port forwarding in the router to the NAS unless absolutely necessary.i was trying to ssh my qnap from the wlan.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
ssh enabled and port 22 closedP3R wrote:There is nothing wrong with having ssh enabled. In fact it's dangerous not to have ssh enabled as you have now. In a failure situation ssh may be your only way to access and save the NAS..babuja wrote:For educational propode only...
All ports closed except 443 for https access, 465 for gmail notificationsP3R wrote: The problem here is that you have ssh open from the internet.There's no need to open ssh towards the internet for that. Disable all port forwarding in the router to the NAS unless absolutely necessary.i was trying to ssh my qnap from the wlan.
Sent from my Nexus 6P using Tapatalk
-
P3R
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
Then I would guess you have bad neighbours accessing your wlan or a compromised system within your network being remotely controlled by someone on the outside. Check the System Connection Logs and see what ip address it is that's trying to gain ssh access to the NAS. If you haven't enabled ssh logging under Options you need to do that first.babuja wrote:All ports closed except 443 for https access, 465 for gmail notifications
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
Initially i had 22 opened and ssh enabled...when i noticed access attempts i disabled ssh and closed port 22. All blocked access came from ssh connection attempts by port 22 (at that time opened). Now i have ssh enabled but port 22 closed.P3R wrote:Then I would guess you have bad neighbours accessing your wlan or a compromised system within your network being remotely controlled by someone on the outside. Check the System Connection Logs and see what ip address it is that's trying to gain ssh access to the NAS. If you haven't enabled ssh logging under Options you need to do that first.babuja wrote:All ports closed except 443 for https access, 465 for gmail notifications
Sent from my Nexus 6P using Tapatalk
-
P3R
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: SSH: dozens of unauthorized access attempts failed
Okay, then you should be good with ssh.
But you probably have logon attempts on 443 as well. Do you really need to have that open? If it's only a cool thing, then I would close it as well. Having a compromised NAS is very uncool.
But you probably have logon attempts on 443 as well. Do you really need to have that open? If it's only a cool thing, then I would close it as well. Having a compromised NAS is very uncool.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: SSH: dozens of unauthorized access attempts failed
I use 443 to https access qnap from wlan. Never had any 443 port access attempt. I guess i clould close it and access qnap from myqnapcloud, right?P3R wrote:Okay, then you should be good with ssh.
But you probably have logon attempts on 443 as well. Do you really need to have that open? If it's only a cool thing, then I would close it as well. Having a compromised NAS is very uncool.
Thanks P3R
Sent from my Nexus 6P using Tapatalk
-
P3R
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: RE: Re: SSH: dozens of unauthorized access attempts failed
Again, accessing services from your wlan shouldn't require any port forwarding at all.babuja wrote:I use 443 to https access qnap from wlan.
If it does your wlan must be on the outside of the firewall/router. If so why?
465 is an SMTP port so why are you port forwarding that? Or are you talking about outgoing ports?465 for gmail notifications
If you want advice you need to clarify what router/firewall you have, what port forwarding or firewall rules you have in place and where this wlan is in relation to your lan.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
Sorry P3R, i meant outside de wlan, my mistake.P3R wrote:Again, accessing services from your wlan shouldn't require any port forwarding at all.babuja wrote:I use 443 to https access qnap from wlan.
If it does your wlan must be on the outside of the firewall/router. If so why?465 is an SMTP port so why are you port forwarding that? Or are you talking about outgoing ports?465 for gmail notifications
If you want advice you need to clarify what router/firewall you have, what port forwarding or firewall rules you have in place and where this wlan is in relation to your lan.
Not required port forward on wlan or lan, only to access qnap when outside the lan/wlan.
That why 443 is port forward for https access qnap.
Regarding
Port 465 also port forwarded on my router...i used to have no gmail notifications and after some testing I've tried port forward port 465 and it worked.
Ip that tried to ssh access my qnap is from china...a big Hiiii for you from Angola
Sent from my Nexus 6P using Tapatalk
Last edited by babuja on Mon Nov 20, 2017 3:49 am, edited 1 time in total.
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
My router port 465 port forwarding settings
Sent from my Nexus 6P using Tapatalk
Sent from my Nexus 6P using Tapatalk
-
P3R
- Guru
- Posts: 13190
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
That makes absolutely no sense to me. As far as I know Gmail is an email client that regularly polls the server. No incoming ports should be required. Notifications should be a local issue on the client.babuja wrote:Port 465 also port forwarded on my router...i used to have no gmail notifications and after some testing I've tried port forward port 465 and it worked.
What is 192.168.1.4 on your network?
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
-
babuja
- Know my way around
- Posts: 224
- Joined: Fri May 13, 2016 1:02 am
Re: RE: Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
192.168.1.4 is qnapP3R wrote:That makes absolutely no sense to me. As far as I know Gmail is an email client that regularly polls the server. No incoming ports should be required. Notifications should be a local issue on the client.babuja wrote:Port 465 also port forwarded on my router...i used to have no gmail notifications and after some testing I've tried port forward port 465 and it worked.
What is 192.168.1.4 on your network?
If i disable port forward 465 qnap gmail notifications are dead, zero...not sure why.
Sent from my Nexus 6P using Tapatalk
-
OneCD
- Guru
- Posts: 12137
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: RE: Re: RE: Re: SSH: dozens of unauthorized access attempts failed
babuja wrote:Sorry P3R, i meant outside de wlan, my mistake.
Not required port forward on wlan or lan, only to access qnap when outside the lan/wlan.
- LAN = (L)ocal (A)rea (N)etwork - your home or office on the 'private' side of your router.
- WLAN = (W)ireless (L)ocal (A)rea (N)etwork - your WiFi network on the 'private' side of your router.
- WAN = (W)ide (A)rea (N)etwork - for most people, this is the Internet on the 'public' side of your router.
