Attempted hacks

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
Locked
SteveMe
New here
Posts: 8
Joined: Mon Jun 21, 2021 3:11 pm

Attempted hacks

Post by SteveMe »

Hi All

I have a QNAP TS-228 just used as LAN Raid drive. Have various computers connected to LAN both directly and through wifi switches/extenders. I do not access from outside my home and I’m pretty sure (not positive) all cloud apps/accounts are disabled.

I have been getting what I think is attempted hacks that flag error:-

NAS Name: xxxxxxxx
Severity: Error
Date/Time: 2022/01/06 12:19:28

App Name: Users
Category: Login
Message: [Users] Failed to log in via user account "admin". Source IP address: 154.28.188.59.[/i]

This occurs every hour or so. I have read forum articles regarding solutions but they dont quite apply.

I have blocked a few using Security setting and blocking individual IP's using “Deny connections from the list” setting, however a new one tries a few days later.

As I only use on LAN, I was wondering if I could use the “Allow connections from the list only” setting?
My questions are:-
As I have dynamic IP, if it changed, would I be locked out of NAS?
Would it be better to have a range of IPs, using my IP and Netmask, rather than individual IP

Or is there a better way if stopping this? I considered renaming admin account but seems overly complex and I would have to reconfigure every computer.

Thanks in advance
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Attempted hacks

Post by OneCD »

Hi and welcome to the forum. :)

OK, the bad news is: your NAS is most definitely exposed to the Internet (your router is allowing strange people to try to login to your NAS). Not good. Many QNAPs have been hacked because the user accidentally/purposely exposed their NAS to the Internet via their router.

The good news is: you can stop this quite easily. Disable the UPnP service inside your router, and don’t forward any ports from the router to your NAS. :geek:

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
SteveMe
New here
Posts: 8
Joined: Mon Jun 21, 2021 3:11 pm

Re: Attempted hacks

Post by SteveMe »

I have considered this but would this stop my partner accessing external company networks from home?
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Attempted hacks

Post by OneCD »

No.

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
SteveMe
New here
Posts: 8
Joined: Mon Jun 21, 2021 3:11 pm

Re: Attempted hacks

Post by SteveMe »

Thank for your help

One last one tho, with UPnp off, would it stop me accessing my NVR security camera footage via my phone?
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Attempted hacks

Post by OneCD »

Possibly. It depends whether your NVR was using UPnP to open ports in the router. If it was, then you’ll need to create port-forwards manually that point to your NVR.

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
SteveMe
New here
Posts: 8
Joined: Mon Jun 21, 2021 3:11 pm

Re: Attempted hacks

Post by SteveMe »

Great, thanks very much for your help
AlastairStevenson
Experience counts
Posts: 2415
Joined: Wed Jan 08, 2014 10:34 pm

Re: Attempted hacks

Post by AlastairStevenson »

One last one tho, with UPnp off, would it stop me accessing my NVR security camera footage via my phone?
IP CCTV cameras are riddled with security vulnerabilities, many of them extensively exploited, not so much to view the CCTV video, but to use in a botnet, or to use as a foothold in the LAN to spread malware.
If you are not using a secure VPN to access the cameras, there is a considerable risk of your LAN being compromised.
What brand are your cameras?

Here is a current activity against Hikvision cameras :
https://www.fortinet.com/blog/threat-re ... nerability
TS-431+ for storage and media and a bunch of IP cams under Surveillance Station. TVS-473 as files backup and QVR Pro.
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Attempted hacks

Post by jaysona »

AlastairStevenson wrote: Thu Jan 06, 2022 5:53 pm IP CCTV cameras are riddled with security vulnerabilities, many of them extensively exploited, not so much to view the CCTV video, but to use in a botnet, or to use as a foothold in the LAN to spread malware.
If you are not using a secure VPN to access the cameras, there is a considerable risk of your LAN being compromised.
What brand are your cameras?

Here is a current activity against Hikvision cameras :
https://www.fortinet.com/blog/threat-re ... nerability
The other thing people need to do with their IP cameras is make sure those devices are on a different physical cabling network (businesses for sure) and at the very least VLAN for home use.

I routinely gain (extremely easily in most cases) access to corporate networks and corporate servers by means of some ignored lowly IP camera. WiFi cameras are the best to surreptitiously access, but even hard wired Ethernet IP cameras are easy to exploit.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
SteveMe
New here
Posts: 8
Joined: Mon Jun 21, 2021 3:11 pm

Re: Attempted hacks

Post by SteveMe »

Thanks guys for info, sorry for delay, was on hols

UPDATE

UPnP off for over a week now, no more attempted hacks, yay

I use a Swann NVR security camera setup, hard wired, running SwannView link software. With UPnP off I can still access NVR using Android phone so all is good.
I cant recall how the software was set up on laptop (i think it discovered on my network) but for android phone i scanned the the barcode on the NVR.
I dont have a lot of knowledge about all this but I suspect you need UPnP on for initial setup only, then turn it off. Alternative is to do manual port forwarding.

I do have VPN account but have not idea how to set up NVR or Network to exclusively allow only VPN access. More knowledge needed.

Thanks to all
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Attempted hacks

Post by OneCD »

Me too (I have 2 x Swann DVRs on my LAN). :)

Swann permit you to access your camera footage without needing to forward ports. Swann use a service similar to QNAP’s myQNAPcloud Link, where a continuous connection is maintained between your DVR/NVR and Swann’s servers. The mobile app then uses those same servers as a proxy to access your DVR/NVR. Much safer than leaving open ports in your router. 👍

The VPN access mentioned earlier is not the paid, anonymising type. It’s a free service you create and run yourself on your router (if supported) or on another device inside your LAN (also acceptable).

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
Locked

Return to “Miscellaneous”