I'm getting failed user login attempts (>10,000 in the last 24 hours) but I have no idea where they are coming from. I've disconnected from MyQnapCloud but atx not made any difference.
I'm confused by the user name field and the fact is the local host IP address.
Severity: Warning
Date/Time: 2022/08/21 12:05:56
App Name: QuLog Center
Category: Connection Status
Message: [QuLog Center] Failed to log in. User: ---. Source IP: 127.0.0.1. Connection type: HTTP. Check the permissions and the connection.
Any pointers gratefully received.
M
Brute force attack?
- dolbyman
- Guru
- Posts: 35248
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Brute force attack?
never ever expose any part of you NAS to WAN ..no matter if you use QNAP DDNS or not ....remove port forwards and disable upnp (both on router)
tons of people have and are still losing all their files to criminals
the IP shown is localhost ..are there any WAN IPs in the logs?
tons of people have and are still losing all their files to criminals
the IP shown is localhost ..are there any WAN IPs in the logs?
-
- New here
- Posts: 2
- Joined: Sun Aug 21, 2022 12:14 pm
Re: Brute force attack?
Thanks dolbyman - will have a look, see if I can find any external IP info. TBH that's hat was confusing me, that it seemed to be internal.
-
- New here
- Posts: 2
- Joined: Tue Oct 11, 2016 3:38 pm
Re: Brute force attack?
I'm having this issue too. I THINK it is an internal QNAP login that is failing as it only triggered after I enabled 2FA on the admin account. did you solve this or did you mess with 2FA??
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: Brute force attack?
Dont expose NAS to WAN (or a service like photo-/video-/whatever station).
Thats the best protection.
2FA is more or less smoke and mirrors and does not protect against exploits in any way.
Even more: there was just a post (cant remember if here of in German forum) that someone lost/damaged his cell phone. With new cell phone he cant login to NAS because 2FA expectes the old cell phone.
I dont know about the details what went wrong, but in this case 2FA was an obstacle for NAS owner to gain access again.
Regards
Thats the best protection.
2FA is more or less smoke and mirrors and does not protect against exploits in any way.
Even more: there was just a post (cant remember if here of in German forum) that someone lost/damaged his cell phone. With new cell phone he cant login to NAS because 2FA expectes the old cell phone.
I dont know about the details what went wrong, but in this case 2FA was an obstacle for NAS owner to gain access again.
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com