Security has to be taken seriously otherwise you cannot expect not to get compromised. All my websites have 20 digit passwords and dual factor authentication. I run dozens of websites from my homelab via a name match only reverse proxy (default returns 401), so unless they directly guess the name (12 character string then domainname) they will never get access. For example I do the above and have OpenVPN on a random port, I also have Untangle F/W geo blocking every country except mine, have all packets assessed against a known threat matrix. Security is a process and should be multi layered. Block all ports at your router, disable UPnP and setup a VPN instead to allow remote access. Stop exposing the NAS directly to the internet. My nas is like 7 years old at this point, so I will likely be getting a new one in the next few years, however if i just bought this fucking disk holding trash can, I would be livid. It's sad that I spent $3,500 on something that I have to constantly be concerned that I'm going to get hacked, or lose my data. Those things exist just for no reason other than for people who have no idea what they are doing to just fuck around with random technology. They are fucking garbage, they try to add so much stupid shit and asinine features, like an X-Ray viewer who the fuck uses that? Even then the stuff that might be semi useful, like they support installing various versions of SQL and such no one in their right mind would actually run a SQL DB on a QNAP. This will still let you like download some music off your NAS to your phone before you like get on a flight, and let you still feel like it's connected to the internet.Īt this point though, anyone with their QNAP still accessible for the internet is just sitting on a ticking time-bomb. Really the only way to still get functionality of anything remote is by having a VPN, bonus points if your VPN has MFA. I am able to do that with piece of mind that no matter what stupid fucking thing they do next, I'm locked down. However, since I have a pfsense I am going through and granting it access to things such as Google Drive, my cloud plex server ect. I completely cut my QNAP off from the internet after this last ordeal. If you still want a decent amount of functionality out of your QNAP while having piece of mind, your going to need a real firewall. If you are tech savvy, I'd go the pfsense route, if you want something out of the box, get on craigs list and get a decent used firewall for like 100 bucks. I don't know how tech savvy you are, however it isn't horribly difficult. Install a real firewall like pfsense, or pick up a cheap one somewhere. Don't trust their firewall to work, don't trust myQNAPcloud link to stay disabled, don't trust anything made by them. Why are you still trusting QNAP to 'work'? For all you know, they will push an update, and magically all these shit you tweaked in QNAP in the name of saftey is broken or changed. QUIT TRUSTING QNAP AND THERE SHITTY SOFTWARE. If the common ports are all reported as "stealth" you should be good)Īs long as your router is properly configured nothing should be getting through to the qnap.Ĭheck the source ports in the actual firewall messages, as long as they are from any of these address ranges you're good (they are your network, these are not routable through the internet) (note that this tool allows testing "common" ports or "first 1024 ports" which takes much longer. If anything is visible at all this will find it. This will tell you what is exposed to the internet. Is your qnap in the router's DMZ? (check router config) Make sure both qnap and router have uPnP disabled. Removed 'admin' account and created a custom one.UPnP connections on my router - Disabled.UPnP port forwarding on QNAP settings - Disabled.myQNAPcloud link - Disabled (and I've 'unregistered' from the service).HTTPS is required and with a custom port number.QuFirewall is installed - Denied access to 2118 packets in the last 24 hours.Well, "delighted" is a strong word since I'd prefer to be able to access it remotely and have it secure but QNAPs can't do that apparently :( I've followed all the advice about restricting access and would be delighted if my NAS was no longer reachable from the internet. NAS Name: Severity: WarningDate/Time: 9 08:52:01App Name: QuFirewallCategory: Firewall EventsMessage: the denied amount reach the set threshold: 30. Notification from your device: MildinerNAS My inbox is full of notifications like this (another came in while typing this): Nevertheless, I'm still, weeks later, seeing tens of access attempts every hour. Thankfully, I haven't had any ransomware successfully deployed to my machine. I was one of the first to post on here about the ransomware attacks when my device came under repeated attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |