Checking the Resource Monitor and I see a process called "dedpma" running under the "System Processes". It's using a fair chunk of CPU and RAM, google returns no info about it.
Connected via SSH and found 2 processes running from the /tmp directory by the httpdusr. Deleted the file and killed the processes, NAS seems back to normal, ran antivirus and malware remover scan, nothing. Few hours later and it's back. When running my NAS seems sluggish.
Also had a process called "dovecat" doing the same thing. Took the same actions and that one hasn't come back so far.
I changed my password recently(ish) and have 2 factor enabled.
Any idea what this could be or how to get rid of it for good?
A process called "dedpma" might be messing with my NAS and I can't find any info on it, any clues?
-
- New here
- Posts: 7
- Joined: Sun Dec 13, 2015 1:02 am
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: A process called "dedpma" might be messing with my NAS and I can't find any info on it, any clues?
I guess you were hacked...2fa does nothing against exploits
kill your nas and restore from backups...then never expose it to wan again
kill your nas and restore from backups...then never expose it to wan again
-
- New here
- Posts: 7
- Joined: Sun Dec 13, 2015 1:02 am
Re: A process called "dedpma" might be messing with my NAS and I can't find any info on it, any clues?
Well that **. I was hoping I took all the steps to make that chance next to none.
I'm in another country but do have a laptop I can remote into so that could be useful. Will try and restore from an older backup, fingers crossed it works.
I'm in another country but do have a laptop I can remote into so that could be useful. Will try and restore from an older backup, fingers crossed it works.
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: A process called "dedpma" might be messing with my NAS and I can't find any info on it, any clues?
to reinit the nas:
take all drives out
format all drives
do a diskless firmware update
reinstall the nas with the disks inserted
restore your backups
if you need to access the nas from outside your lan, run a vpn server on your router/firewall/vpn appliance
take all drives out
format all drives
do a diskless firmware update
reinstall the nas with the disks inserted
restore your backups
if you need to access the nas from outside your lan, run a vpn server on your router/firewall/vpn appliance
Last edited by dolbyman on Mon Oct 12, 2020 12:01 pm, edited 1 time in total.
-
- New here
- Posts: 7
- Joined: Sun Dec 13, 2015 1:02 am
Re: A process called "dedpma" might be messing with my NAS and I can't find any info on it, any clues?
Thanks for the tip.
Best I can do is resorting from a backup using the web UI at the moment. Did that and it seems everything is back to normal.
In a few months when I get back, I'll do it properly. Gotta find somewhere to put the 8TB of data since the drives will be wiped.
Best I can do is resorting from a backup using the web UI at the moment. Did that and it seems everything is back to normal.
In a few months when I get back, I'll do it properly. Gotta find somewhere to put the 8TB of data since the drives will be wiped.