Hi All
I have a QNAP TS-228 just used as LAN Raid drive. Have various computers connected to LAN both directly and through wifi switches/extenders. I do not access from outside my home and I’m pretty sure (not positive) all cloud apps/accounts are disabled.
I have been getting what I think is attempted hacks that flag error:-
NAS Name: xxxxxxxx
Severity: Error
Date/Time: 2022/01/06 12:19:28
App Name: Users
Category: Login
Message: [Users] Failed to log in via user account "admin". Source IP address: 154.28.188.59.[/i]
This occurs every hour or so. I have read forum articles regarding solutions but they dont quite apply.
I have blocked a few using Security setting and blocking individual IP's using “Deny connections from the list” setting, however a new one tries a few days later.
As I only use on LAN, I was wondering if I could use the “Allow connections from the list only” setting?
My questions are:-
As I have dynamic IP, if it changed, would I be locked out of NAS?
Would it be better to have a range of IPs, using my IP and Netmask, rather than individual IP
Or is there a better way if stopping this? I considered renaming admin account but seems overly complex and I would have to reconfigure every computer.
Thanks in advance
Attempted hacks
- OneCD
- Guru
- Posts: 12037
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Attempted hacks
Hi and welcome to the forum.
OK, the bad news is: your NAS is most definitely exposed to the Internet (your router is allowing strange people to try to login to your NAS). Not good. Many QNAPs have been hacked because the user accidentally/purposely exposed their NAS to the Internet via their router.
The good news is: you can stop this quite easily. Disable the UPnP service inside your router, and don’t forward any ports from the router to your NAS.
OK, the bad news is: your NAS is most definitely exposed to the Internet (your router is allowing strange people to try to login to your NAS). Not good. Many QNAPs have been hacked because the user accidentally/purposely exposed their NAS to the Internet via their router.
The good news is: you can stop this quite easily. Disable the UPnP service inside your router, and don’t forward any ports from the router to your NAS.
-
- New here
- Posts: 8
- Joined: Mon Jun 21, 2021 3:11 pm
Re: Attempted hacks
I have considered this but would this stop my partner accessing external company networks from home?
- OneCD
- Guru
- Posts: 12037
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
-
- New here
- Posts: 8
- Joined: Mon Jun 21, 2021 3:11 pm
Re: Attempted hacks
Thank for your help
One last one tho, with UPnp off, would it stop me accessing my NVR security camera footage via my phone?
One last one tho, with UPnp off, would it stop me accessing my NVR security camera footage via my phone?
- OneCD
- Guru
- Posts: 12037
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Attempted hacks
Possibly. It depends whether your NVR was using UPnP to open ports in the router. If it was, then you’ll need to create port-forwards manually that point to your NVR.
-
- New here
- Posts: 8
- Joined: Mon Jun 21, 2021 3:11 pm
Re: Attempted hacks
Great, thanks very much for your help
-
- Experience counts
- Posts: 2415
- Joined: Wed Jan 08, 2014 10:34 pm
Re: Attempted hacks
IP CCTV cameras are riddled with security vulnerabilities, many of them extensively exploited, not so much to view the CCTV video, but to use in a botnet, or to use as a foothold in the LAN to spread malware.One last one tho, with UPnp off, would it stop me accessing my NVR security camera footage via my phone?
If you are not using a secure VPN to access the cameras, there is a considerable risk of your LAN being compromised.
What brand are your cameras?
Here is a current activity against Hikvision cameras :
https://www.fortinet.com/blog/threat-re ... nerability
TS-431+ for storage and media and a bunch of IP cams under Surveillance Station. TVS-473 as files backup and QVR Pro.
- jaysona
- Been there, done that
- Posts: 846
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: Attempted hacks
The other thing people need to do with their IP cameras is make sure those devices are on a different physical cabling network (businesses for sure) and at the very least VLAN for home use.AlastairStevenson wrote: ↑Thu Jan 06, 2022 5:53 pm IP CCTV cameras are riddled with security vulnerabilities, many of them extensively exploited, not so much to view the CCTV video, but to use in a botnet, or to use as a foothold in the LAN to spread malware.
If you are not using a secure VPN to access the cameras, there is a considerable risk of your LAN being compromised.
What brand are your cameras?
Here is a current activity against Hikvision cameras :
https://www.fortinet.com/blog/threat-re ... nerability
I routinely gain (extremely easily in most cases) access to corporate networks and corporate servers by means of some ignored lowly IP camera. WiFi cameras are the best to surreptitiously access, but even hard wired Ethernet IP cameras are easy to exploit.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- New here
- Posts: 8
- Joined: Mon Jun 21, 2021 3:11 pm
Re: Attempted hacks
Thanks guys for info, sorry for delay, was on hols
UPDATE
UPnP off for over a week now, no more attempted hacks, yay
I use a Swann NVR security camera setup, hard wired, running SwannView link software. With UPnP off I can still access NVR using Android phone so all is good.
I cant recall how the software was set up on laptop (i think it discovered on my network) but for android phone i scanned the the barcode on the NVR.
I dont have a lot of knowledge about all this but I suspect you need UPnP on for initial setup only, then turn it off. Alternative is to do manual port forwarding.
I do have VPN account but have not idea how to set up NVR or Network to exclusively allow only VPN access. More knowledge needed.
Thanks to all
UPDATE
UPnP off for over a week now, no more attempted hacks, yay
I use a Swann NVR security camera setup, hard wired, running SwannView link software. With UPnP off I can still access NVR using Android phone so all is good.
I cant recall how the software was set up on laptop (i think it discovered on my network) but for android phone i scanned the the barcode on the NVR.
I dont have a lot of knowledge about all this but I suspect you need UPnP on for initial setup only, then turn it off. Alternative is to do manual port forwarding.
I do have VPN account but have not idea how to set up NVR or Network to exclusively allow only VPN access. More knowledge needed.
Thanks to all
- OneCD
- Guru
- Posts: 12037
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Attempted hacks
Me too (I have 2 x Swann DVRs on my LAN).
Swann permit you to access your camera footage without needing to forward ports. Swann use a service similar to QNAP’s myQNAPcloud Link, where a continuous connection is maintained between your DVR/NVR and Swann’s servers. The mobile app then uses those same servers as a proxy to access your DVR/NVR. Much safer than leaving open ports in your router.
The VPN access mentioned earlier is not the paid, anonymising type. It’s a free service you create and run yourself on your router (if supported) or on another device inside your LAN (also acceptable).
Swann permit you to access your camera footage without needing to forward ports. Swann use a service similar to QNAP’s myQNAPcloud Link, where a continuous connection is maintained between your DVR/NVR and Swann’s servers. The mobile app then uses those same servers as a proxy to access your DVR/NVR. Much safer than leaving open ports in your router.
The VPN access mentioned earlier is not the paid, anonymising type. It’s a free service you create and run yourself on your router (if supported) or on another device inside your LAN (also acceptable).