Unknown Thread kthreaddnai

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
dolbyman
Guru
Posts: 12962
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Sat Dec 01, 2018 3:58 am


deakgyuri
New here
Posts: 4
Joined: Sun Feb 18, 2018 5:03 pm

Re: Unknown Thread kthreaddnai

Post by deakgyuri » Mon Dec 03, 2018 8:43 pm

I have got same infection. Malware found nothing

After restart the process did not started just after few hours.

So I have
- updated to latest firmware
- deleted the files from web directory
- changed every possible password ( admin, phpmyadmin, vpn, etc.. )
- on router which is before the NAS made few rules like incoming traffic dropped automatically expected from few known IP but port 80 it is open ( unfortunately have to leave open )

At the moment I cannot seen this process 4 days now.

I hope I could help...

Vaiolo
Starting out
Posts: 11
Joined: Sun Aug 03, 2014 9:37 am

Re: Unknown Thread kthreaddnai

Post by Vaiolo » Fri Dec 07, 2018 1:47 am

No idea if its the same sh**t.

But mine removed malware remover...

Third QNAP wipe in 6 months.
My configuration was just:

QPVN (openvpn)
the web page unter https in a non standard port.
Official MLDONKEY (not externally mapped)
Cloudlink
No UPNP

So the only mapped ports were the HTTPS for web and OPNVPN.

Just unacceptable

dolbyman
Guru
Posts: 12962
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Fri Dec 07, 2018 1:52 am

probably the exposed weblogin

why expose that if you already have openVPN in place ?

Vaiolo
Starting out
Posts: 11
Joined: Sun Aug 03, 2014 9:37 am

Re: Unknown Thread kthreaddnai

Post by Vaiolo » Fri Dec 07, 2018 2:32 am

Why a exposed weblogin is considered normal?

dolbyman
Guru
Posts: 12962
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Fri Dec 07, 2018 2:42 am

No as there is constant security advisories about exploits in the QNAP web server (last week they fixed several and announced it via advisory)

As you can see QNAP's implementation is not hardened enough for WWW exposure.

Also https doesn't help a to prevent this(only helps against credential sniffing,MITM attacks and maybe slowing down DDOS attempts due to handshake negotiations)

Vaiolo
Starting out
Posts: 11
Joined: Sun Aug 03, 2014 9:37 am

Re: Unknown Thread kthreaddnai

Post by Vaiolo » Fri Dec 07, 2018 5:16 am

As a client of QNAP i still consider this unacceptable.

dolbyman
Guru
Posts: 12962
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Fri Dec 07, 2018 5:29 am

Let them now .. we are only users and QNAP does not read in this forum

josephngary
New here
Posts: 3
Joined: Mon Oct 10, 2016 4:36 am

Re: Unknown Thread kthreaddnai

Post by josephngary » Sun May 05, 2019 6:00 pm

just got an email from charter saying one of my computers have been turned into a BOT hitting on targets around the world. upon investigation, i found this self replicating file called 'god' and 'god1' sitting in /web and when scanned, turned out to be a backdoor virus. does anyone here know the best way to find this viruses? malware remover will not detect them. only mcafee (which i have 25 days trial remaining) is cleaning this file then they replace themselves. Now i have setup a virus scanner to occur every **mins and automatically delete any virus.

how did you guys deal with this problem in the past?
@kameha where did you place the script you created?

dolbyman
Guru
Posts: 12962
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Unknown Thread kthreaddnai

Post by dolbyman » Sun May 05, 2019 9:32 pm

setup the whole nas from scratch...

Post Reply

Return to “Miscellaneous”