Constant Admin login failures from different IP addresses
-
- Know my way around
- Posts: 126
- Joined: Fri Dec 18, 2015 2:43 pm
Constant Admin login failures from different IP addresses
I logged into my QNAP NAS today and I noticed in the system logs that I am getting constant [warning] admin login fail http from different ip addresses by user admin... The attempts are happening about every ten seconds. What can I do to stop this?
Is there a way to prevent NAS access from the internet, i.e. only allow access within my home wi-fi network? Currently, the NAS is connected to a external router (which has Wi-Fi disabled) which my PC is hard-wired to. I have a Netgear Orbi system for my meshed Wi-Fi connected to my external router. The external router does have MAC access control enabled so nothing is allowed to connect if the MAC address is not registered. But I am not sure if this blocks anyone from accessing the NAS from the internet. Thanks in advance...
Is there a way to prevent NAS access from the internet, i.e. only allow access within my home wi-fi network? Currently, the NAS is connected to a external router (which has Wi-Fi disabled) which my PC is hard-wired to. I have a Netgear Orbi system for my meshed Wi-Fi connected to my external router. The external router does have MAC access control enabled so nothing is allowed to connect if the MAC address is not registered. But I am not sure if this blocks anyone from accessing the NAS from the internet. Thanks in advance...
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Constant Admin login failures from different IP addresses
disable auto router config and upnp on your router
without portforwarding there will be no more login attempts
without portforwarding there will be no more login attempts
-
- Starting out
- Posts: 18
- Joined: Sun Dec 02, 2018 1:08 am
Re: Constant Admin login failures from different IP addresses
I had the same issue, but after a lot of back and forth I just restricted access to my NAS to certain IP addresses, this has stopped this in its tracks and I can access the system at my home WiFi with ease.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Constant Admin login failures from different IP addresses
if access is supposed to be only in wifi (lan) ..why are ports forwarded to wan anyways ?
-
- Know my way around
- Posts: 126
- Joined: Fri Dec 18, 2015 2:43 pm
Re: Constant Admin login failures from different IP addresses
I was able to disable UPNP on my router but could not disable auto router config in my router settings. I have a Netgear R7000...
I did find disable auto router config in the MyQNAPCloud app on the NAS but it shows grey (-) bars there... The Auto Router Config in the app shows UPNP as disabled. I do not have Cloudlink setup on the NAS so I think I do not have access to the NAS over the internet.
I am sorry but I am not too familiar with some of these things...
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Constant Admin login failures from different IP addresses
yes ...
upnp gets disabled on the router
autorouter config on the nas
with both disabled (even one should be enough) no more login attempts should happen
upnp gets disabled on the router
autorouter config on the nas
with both disabled (even one should be enough) no more login attempts should happen
-
- Know my way around
- Posts: 126
- Joined: Fri Dec 18, 2015 2:43 pm
Re: Constant Admin login failures from different IP addresses
Thanks for the info...
- Moogle Stiltzkin
- Guru
- Posts: 11445
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Constant Admin login failures from different IP addresses
upnp should be disabled on your router.... here is steve gibson explaining why upnp is a bad idea.... especially for router
https://www.youtube.com/watch?v=wEa43qM4JjQ
because.... an app that will auto do upnp will make holes through your router without you knowing about it. and we all know what happened to the USS enterprise everytime the shields went down
How to Turn Off UPnP on Netgear NIghthawk Routers
https://www.podfeet.com/blog/tutorials- ... k-routers/
https://kb.netgear.com/24306/How-do-I-e ... awk-router
if ever you needed a port forwarded, do the port forward manually, it's not that hard. but mostly try and avoid it when not needed.
while at it, keep your QNAP, client devices, and router all updated
By the way your router was also affected by vpnfilter vulnerability. So if you haven't updated your router in ages, you probably should
https://kb.netgear.com/000058814/Securi ... AR-Devices
https://www.youtube.com/watch?v=2YfT1FHCslU
https://www.youtube.com/watch?v=H0OlA51NR_Y
and yes although the qnap has myqnapcloud, you are not required to use it. i suggest using vpn if you require a secure remote access. but even then, that would require a proper vpn setup (check the forum or google for how to do that, if you need it).
in your QTS security settings, there should be an option to limit auto logins. what this does is, if someone tries to login with an incorrect credentials, it won't just let them do it for infinity without consequence. Instead it will block them for a short period of time before they can try again. this prevents them from infinite times of entering credentials until they succeed (this is called a brute force attack). a good limit auto login mechanism would increase the block duration penalty for successive flags by the same ip.
it's better to just install the qnap security counselor app from app center. this will run you through a checklist of security items to get your NAS secure with the minimum level of hardening you should do for your NAS. This is useful for less technical (and even technical users) for quickly hardening their QNAP NAS security.
if your broadband isp subscription is dynamic meaning the ip address changes, maybe you can try power off your router and modem for 5-15minutes or so, boot up. and hopefully you get issued a new ip (you can check in your router UI, or here https://www.iplocation.net )
if you set your qnap to use a dyndns which is a fixed ip e.g. myqnapnas.com then changing your ip is not gonna do much since they can use that dyndns ip which will be updated to use the new one.
if you didn't secure your router and qnap, by disabling upnp and port forwarding, then you'll just get this issue all over again. do that first thing
https://www.youtube.com/watch?v=wEa43qM4JjQ
because.... an app that will auto do upnp will make holes through your router without you knowing about it. and we all know what happened to the USS enterprise everytime the shields went down
How to Turn Off UPnP on Netgear NIghthawk Routers
https://www.podfeet.com/blog/tutorials- ... k-routers/
https://kb.netgear.com/24306/How-do-I-e ... awk-router
if ever you needed a port forwarded, do the port forward manually, it's not that hard. but mostly try and avoid it when not needed.
while at it, keep your QNAP, client devices, and router all updated
By the way your router was also affected by vpnfilter vulnerability. So if you haven't updated your router in ages, you probably should
https://kb.netgear.com/000058814/Securi ... AR-Devices
https://www.youtube.com/watch?v=2YfT1FHCslU
https://www.youtube.com/watch?v=H0OlA51NR_Y
and yes although the qnap has myqnapcloud, you are not required to use it. i suggest using vpn if you require a secure remote access. but even then, that would require a proper vpn setup (check the forum or google for how to do that, if you need it).
in your QTS security settings, there should be an option to limit auto logins. what this does is, if someone tries to login with an incorrect credentials, it won't just let them do it for infinity without consequence. Instead it will block them for a short period of time before they can try again. this prevents them from infinite times of entering credentials until they succeed (this is called a brute force attack). a good limit auto login mechanism would increase the block duration penalty for successive flags by the same ip.
it's better to just install the qnap security counselor app from app center. this will run you through a checklist of security items to get your NAS secure with the minimum level of hardening you should do for your NAS. This is useful for less technical (and even technical users) for quickly hardening their QNAP NAS security.
if your broadband isp subscription is dynamic meaning the ip address changes, maybe you can try power off your router and modem for 5-15minutes or so, boot up. and hopefully you get issued a new ip (you can check in your router UI, or here https://www.iplocation.net )
if you set your qnap to use a dyndns which is a fixed ip e.g. myqnapnas.com then changing your ip is not gonna do much since they can use that dyndns ip which will be updated to use the new one.
if you didn't secure your router and qnap, by disabling upnp and port forwarding, then you'll just get this issue all over again. do that first thing
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
- Moogle Stiltzkin
- Guru
- Posts: 11445
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Constant Admin login failures from different IP addresses
this is an interesting post related to a similar issue. recommended read
https://www.reddit.com/r/qnap/comments/ ... good_qnap/
https://www.reddit.com/r/qnap/comments/ ... good_qnap/
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
-
- New here
- Posts: 2
- Joined: Sun Jun 23, 2019 11:19 pm
Re: Constant Admin login failures from different IP addresses
Hi,
I have exactly the same problem, noticed following the update of my NAS that I made today.
Is it a coincidence, a bug in the update? Or is there really a constant intrusion attempt on my NAS?
I have exactly the same problem, noticed following the update of my NAS that I made today.
Is it a coincidence, a bug in the update? Or is there really a constant intrusion attempt on my NAS?
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Constant Admin login failures from different IP addresses
probably constant intrusion attempts..get the nas out of the open web
-
- Know my way around
- Posts: 126
- Joined: Fri Dec 18, 2015 2:43 pm
Re: Constant Admin login failures from different IP addresses
Hmm... Intreresting reading... Here is my setup, maybe someone can chime in and give me some advice. Repeating from OP...
Currently, the NAS is connected to a Netgear R7000 external router (which has Wi-Fi disabled) which my PC is hard-wired to. I have a Netgear Orbi system for my meshed Wi-Fi connected to my R7000 external router. The external router does have MAC access control enabled so nothing is allowed to connect if the MAC address is not registered.
Am I correct to assume that if the NAS is connected directly to the Orbi iso the R7000 it would make it more secure because it would be within the network and not exposed to the internet? What would be the drawbacks of this?
Currently, the NAS is connected to a Netgear R7000 external router (which has Wi-Fi disabled) which my PC is hard-wired to. I have a Netgear Orbi system for my meshed Wi-Fi connected to my R7000 external router. The external router does have MAC access control enabled so nothing is allowed to connect if the MAC address is not registered.
Am I correct to assume that if the NAS is connected directly to the Orbi iso the R7000 it would make it more secure because it would be within the network and not exposed to the internet? What would be the drawbacks of this?
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Constant Admin login failures from different IP addresses
not sure what wifi mac address control has to do with wan login attempts
-
- Know my way around
- Posts: 126
- Joined: Fri Dec 18, 2015 2:43 pm
Re: Constant Admin login failures from different IP addresses
Sorry, let me clarify... If I connect the NAS to the Orbi iso the R7000, does that mean it is isolated from the internet?
-
- Know my way around
- Posts: 126
- Joined: Fri Dec 18, 2015 2:43 pm
Re: Constant Admin login failures from different IP addresses
Also, on a side note, since disabling the UPNP and the auto router config, I have had no further attempts to log in to the NAS... I hope that fixes it... Thanks all...