Not locking out

Q'center app, Helpdesk app
Post Reply
borg357
Starting out
Posts: 25
Joined: Mon Jun 03, 2013 3:17 pm

Not locking out

Post by borg357 »

So, I have some guy trying to log into my admin account, every 15mins, for 3 days..

How does someone do this, and not get locked out from the same IP?? I clearly have access protection on to block for 1 day if 5 attempts... but this guy is allowed to pound the door day and night for 3 days?

Are they spoofing or malformed the IP or something?

Thanks
-Richard
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Not locking out

Post by Moogle Stiltzkin »

i'm guessing that your nas is exposed online, so people can keep trying their luck with you.

if you need remote access, use vpn



as for your question, if it's the same ip, and you set the access protection to trigger block for failed login attempts, it would block them for time x..

check your settings, it's under qts security, network access protection.

i still recommend you not make your nas exposed simply like that.....

even if they don't figure out your password, they can still attack you using known vulnerabilities (they will assume you don't update qts, which unfortunately a lot of people are guilty of lax management).

Or even worse, they may try a zero day attack (an unknown vulnerability, which was what happened for qsnatch as an example)


anyway report bugs to qnap
https://service.qnap.com/


not 100% sure, but by default it's set to allow access to all. perhaps that needs to switch to blacklist mode. so when they get flagged, their ip might be put into that blacklist. i'm not sure if this will work that way, but it's very likely.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
borg357
Starting out
Posts: 25
Joined: Mon Jun 03, 2013 3:17 pm

Re: Not locking out

Post by borg357 »

Thanks for the response..

I did and do have access protection on. It's set to 5 times.

So, my question still remains.. How are they able to get by the access protection, and try over and over again?

Thanks

-Richard
Post Reply

Return to “NAS Management”