Brute force attack?

[KiwiScot]

I'm getting failed user login attempts (>10,000 in the last 24 hours) but I have no idea where they are coming from. I've disconnected from MyQnapCloud but atx not made any difference.

I'm confused by the user name field and the fact is the local host IP address.

Severity: Warning
Date/Time: 2022/08/21 12:05:56

App Name: QuLog Center
Category: Connection Status
Message: [QuLog Center] Failed to log in. User: ---. Source IP: 127.0.0.1. Connection type: HTTP. Check the permissions and the connection.

Any pointers gratefully received.

M

[dolbyman]

never ever expose any part of you NAS to WAN ..no matter if you use QNAP DDNS or not ....remove port forwards and disable upnp (both on router)

tons of people have and are still losing all their files to criminals


the IP shown is localhost ..are there any WAN IPs in the logs?

[KiwiScot]

Thanks dolbyman - will have a look, see if I can find any external IP info. TBH that's hat was confusing me, that it seemed to be internal.

[NASaHOLIC]

I'm having this issue too. I THINK it is an internal QNAP login that is failing as it only triggered after I enabled 2FA on the admin account. did you solve this or did you mess with 2FA??

[FSC830]

Dont expose NAS to WAN (or a service like photo-/video-/whatever station).
Thats the best protection.
2FA is more or less smoke and mirrors and does not protect against exploits in any way.
Even more: there was just a post (cant remember if here of in German forum) that someone lost/damaged his cell phone. With new cell phone he cant login to NAS because 2FA expectes the old cell phone.
I dont know about the details what went wrong, but in this case 2FA was an obstacle for NAS owner to gain access again.

Regards