1
and this
https://wiki.qnap.com/wiki/Firmware_Recovery
Unknown Thread kthreaddnai
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
-
- Starting out
- Posts: 10
- Joined: Sun Feb 18, 2018 5:03 pm
Re: Unknown Thread kthreaddnai
I have got same infection. Malware found nothing
After restart the process did not started just after few hours.
So I have
- updated to latest firmware
- deleted the files from web directory
- changed every possible password ( admin, phpmyadmin, vpn, etc.. )
- on router which is before the NAS made few rules like incoming traffic dropped automatically expected from few known IP but port 80 it is open ( unfortunately have to leave open )
At the moment I cannot seen this process 4 days now.
I hope I could help...
After restart the process did not started just after few hours.
So I have
- updated to latest firmware
- deleted the files from web directory
- changed every possible password ( admin, phpmyadmin, vpn, etc.. )
- on router which is before the NAS made few rules like incoming traffic dropped automatically expected from few known IP but port 80 it is open ( unfortunately have to leave open )
At the moment I cannot seen this process 4 days now.
I hope I could help...
-
- Starting out
- Posts: 11
- Joined: Sun Aug 03, 2014 9:37 am
Re: Unknown Thread kthreaddnai
No idea if its the same sh**t.
But mine removed malware remover...
Third QNAP wipe in 6 months.
My configuration was just:
QPVN (openvpn)
the web page unter https in a non standard port.
Official MLDONKEY (not externally mapped)
Cloudlink
No UPNP
So the only mapped ports were the HTTPS for web and OPNVPN.
Just unacceptable
But mine removed malware remover...
Third QNAP wipe in 6 months.
My configuration was just:
QPVN (openvpn)
the web page unter https in a non standard port.
Official MLDONKEY (not externally mapped)
Cloudlink
No UPNP
So the only mapped ports were the HTTPS for web and OPNVPN.
Just unacceptable
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Unknown Thread kthreaddnai
probably the exposed weblogin
why expose that if you already have openVPN in place ?
why expose that if you already have openVPN in place ?
-
- Starting out
- Posts: 11
- Joined: Sun Aug 03, 2014 9:37 am
Re: Unknown Thread kthreaddnai
Why a exposed weblogin is considered normal?
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Unknown Thread kthreaddnai
No as there is constant security advisories about exploits in the QNAP web server (last week they fixed several and announced it via advisory)
As you can see QNAP's implementation is not hardened enough for WWW exposure.
Also https doesn't help a to prevent this(only helps against credential sniffing,MITM attacks and maybe slowing down DDOS attempts due to handshake negotiations)
As you can see QNAP's implementation is not hardened enough for WWW exposure.
Also https doesn't help a to prevent this(only helps against credential sniffing,MITM attacks and maybe slowing down DDOS attempts due to handshake negotiations)
-
- Starting out
- Posts: 11
- Joined: Sun Aug 03, 2014 9:37 am
Re: Unknown Thread kthreaddnai
As a client of QNAP i still consider this unacceptable.
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Unknown Thread kthreaddnai
Let them now .. we are only users and QNAP does not read in this forum
-
- New here
- Posts: 3
- Joined: Mon Oct 10, 2016 4:36 am
Re: Unknown Thread kthreaddnai
just got an email from charter saying one of my computers have been turned into a BOT hitting on targets around the world. upon investigation, i found this self replicating file called 'god' and 'god1' sitting in /web and when scanned, turned out to be a backdoor virus. does anyone here know the best way to find this viruses? malware remover will not detect them. only mcafee (which i have 25 days trial remaining) is cleaning this file then they replace themselves. Now i have setup a virus scanner to occur every **mins and automatically delete any virus.
how did you guys deal with this problem in the past?
@kameha where did you place the script you created?
how did you guys deal with this problem in the past?
@kameha where did you place the script you created?
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Unknown Thread kthreaddnai
setup the whole nas from scratch...