Multple Guest Access in Logs via FTP and Login Ok
-
- New here
- Posts: 3
- Joined: Tue Sep 11, 2018 11:27 pm
Multple Guest Access in Logs via FTP and Login Ok
Hi,
We noticed some strange activity with our QNAP NAS where during the evenings over the last few days there are hundreds of attempts to access via FTP using a guest account. All the logins say OK, but we have no idea what this is and what has been accessed. All the source IPs seem to be from other NAS around the world and they are repeatidly changed and a new attempt occurs every few seconds.
Attached is an example where i have hidden the last few numbers.
Can anyone provide information to what this is and what needs to be modified in our security settings? We dont see a Guest user in our list.
We noticed some strange activity with our QNAP NAS where during the evenings over the last few days there are hundreds of attempts to access via FTP using a guest account. All the logins say OK, but we have no idea what this is and what has been accessed. All the source IPs seem to be from other NAS around the world and they are repeatidly changed and a new attempt occurs every few seconds.
Attached is an example where i have hidden the last few numbers.
Can anyone provide information to what this is and what needs to be modified in our security settings? We dont see a Guest user in our list.
You do not have the required permissions to view the files attached to this post.
- Don
- Guru
- Posts: 12289
- Joined: Thu Jan 03, 2008 4:56 am
- Location: Long Island, New York
Re: Multple Guest Access in Logs via FTP and Login Ok
Remove guest access.
As long as you have ports open to the internet hacking attempts will be made.
As long as you have ports open to the internet hacking attempts will be made.
Use the forum search feature before posting.
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.
NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
-
- New here
- Posts: 3
- Joined: Tue Sep 11, 2018 11:27 pm
Re: Multple Guest Access in Logs via FTP and Login Ok
how do i remove guest access? looked everywhere and this user does not exist.
I am worried that my data has been compromised, but i dont see what they would have seen. There is no accessed resource in any of the attempts.
I am worried that my data has been compromised, but i dont see what they would have seen. There is no accessed resource in any of the attempts.
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Multple Guest Access in Logs via FTP and Login Ok
In the FTP context it's called anonymous access - so disable the anonymous access on your FTP server service.
You do not have the required permissions to view the files attached to this post.
-
- Starting out
- Posts: 11
- Joined: Thu Dec 22, 2016 5:03 am
Re: Multple Guest Access in Logs via FTP and Login Ok
I have found a similar rash of FTP guest logins on the 9th September 2018. Anonymous access was disabled. I have now disallowed FTP access.
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Multple Guest Access in Logs via FTP and Login Ok
Put a random password on the guest account, just in case.
[~] # paswd guest
...
[~] # paswd guest
...
-
- Starting out
- Posts: 11
- Joined: Thu Dec 22, 2016 5:03 am
Re: Multple Guest Access in Logs via FTP and Login Ok
At the same time that the ftp attempts started, the router has been experiencing intermittent problems: very slow connections, other devices disconnect. Perhaps a coincidence? For now the NAS is off the network while I track the connections of the other devices.
-
- New here
- Posts: 4
- Joined: Sun Aug 17, 2014 8:01 pm
Re: Multple Guest Access in Logs via FTP and Login Ok
Same situation here. FTP port suddenly changed to 49832 and anonymous login was enabled. A lot of guest login OK record was found.
I use FTP every day and I clearly sure that i have disabled anonymous login. Is it a problem/bug related to live update?
I use FTP every day and I clearly sure that i have disabled anonymous login. Is it a problem/bug related to live update?
-
- First post
- Posts: 1
- Joined: Thu Nov 10, 2011 9:00 pm
Re: Multple Guest Access in Logs via FTP and Login Ok
Same situation here. FTP port suddenly changed to 49832 and anonymous login was enabled. A lot of guest login OK record was found.
And I don't find any strange file on the server.
And I don't find any strange file on the server.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Multple Guest Access in Logs via FTP and Login Ok
what services did you expose?
time to start your system from scratch and never expose it again
time to start your system from scratch and never expose it again
-
- New here
- Posts: 3
- Joined: Tue Sep 11, 2018 11:27 pm
Re: Multple Guest Access in Logs via FTP and Login Ok
I have also disabled FTP access completely and i cant see any more attacks. However, i have been shutting it down overnight since the 14th as almost all the accesses were from 10pm - 4am.
Will leave it on overnight now and report back if they still show up.
Will leave it on overnight now and report back if they still show up.
Not sure what you mean by this?what services did you expose?
-
- First post
- Posts: 1
- Joined: Fri Oct 19, 2018 4:06 am
Re: Multple Guest Access in Logs via FTP and Login Ok
I have noticed exactly the same thing yesterday. logon using guest over ftp from multiple locations. The issue is i don't have a guest account in the users section and FTP is not enabled! I am shutting down the NAS until i find out more.
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Multple Guest Access in Logs via FTP and Login Ok
same question to you waht services are you exposing to the web ?
QTS admin
Photo station
Video station
etc.
QTS admin
Photo station
Video station
etc.