NAS keeps getting hit
Discussion
Afternoon all.
So today my Synology NAS keeps getting hit with access attempts which have all been successfully blocked by the NAS itself. 18 attempts since 10am. The NAS is setup with 2FA so it requires a code generated by my phone to access it, even if you guess the long password.
Is there anything I can do to stop the attempts being made and blocking it at router level. I am running a UniFi USG3 system? The attacks are worldwide so whoever it is must be using VPN I presume.
Thanks
TBT.
So today my Synology NAS keeps getting hit with access attempts which have all been successfully blocked by the NAS itself. 18 attempts since 10am. The NAS is setup with 2FA so it requires a code generated by my phone to access it, even if you guess the long password.
Is there anything I can do to stop the attempts being made and blocking it at router level. I am running a UniFi USG3 system? The attacks are worldwide so whoever it is must be using VPN I presume.
Thanks
TBT.
You have your NAS connected directly to the internet ? Id move it behind a VPN.
As for blocking access attempts you are asking to change the behaviour of something you don't control. You may get some luck changing from default ports.
Personally though I'd go for a proper remote access solution and possibly geo restriction of allowed IPs or static IP origin of practical (unlikely) and definitely you are doing the right thing with MFA.
As for blocking access attempts you are asking to change the behaviour of something you don't control. You may get some luck changing from default ports.
Personally though I'd go for a proper remote access solution and possibly geo restriction of allowed IPs or static IP origin of practical (unlikely) and definitely you are doing the right thing with MFA.
bmwmike said:
You have your NAS connected directly to the internet ? Id move it behind a VPN.
As for blocking access attempts you are asking to change the behaviour of something you don't control. You may get some luck changing from default ports.
Personally though I'd go for a proper remote access solution and possibly geo restriction of allowed IPs or static IP origin of practical (unlikely) and definitely you are doing the right thing with MFA.
Yes the geo restriction is what I was thinking of but no idea how to implement it. As for blocking access attempts you are asking to change the behaviour of something you don't control. You may get some luck changing from default ports.
Personally though I'd go for a proper remote access solution and possibly geo restriction of allowed IPs or static IP origin of practical (unlikely) and definitely you are doing the right thing with MFA.
Thanks chaps.
gavsdavs said:
It's not personal, bot sweeps go on continuously. Share devices on the internet, expect to be probed continuously.
This.If you’ve not I’d have a read about the qnap security & ransomware issues. It would prevent me from exposing my nas.
If you want to look at more pro fw/routers then have a look at pfsense, opensense & untangle.
LordHaveMurci said:
I had a message from Synology a while ago advising a change from the default ADMIN account to something else.
Not had an attempt to hack it since, was getting loads.
Yes I did that ages ago when I got a similar email. Not had an attempt to hack it since, was getting loads.
And yes the logs state that they are trying to login using "admin"
Edited by thebraketester on Tuesday 26th July 14:24
Anything connected to the Internet will be subject to continuous attack from all over the world. These attacks are not personal (they do not know or care who you are), directed (they do not know or care you have a NAS, at least not initially) and are originated by bots (likely themselves running on already compromised hosts).
As a result, connecting anything directly to the Internet is foolish. Get your NAS behind a well-supported, patched up-to-date VPN and use MFA to connect to it.
As a result, connecting anything directly to the Internet is foolish. Get your NAS behind a well-supported, patched up-to-date VPN and use MFA to connect to it.
thebraketester said:
Can someone point me in the direction of how to “put it behind a vpn” please…. Dummy guide… no long words please.
The easiest thing would be to turn off whatever method you're currently using for making it internet accessible, this will at least stop the access attempts.Then if you need to get access to it from the internet yourself, you'll need to set up a VPN. There isn't really a "for dummies" version of this.
outnumbered said:
The easiest thing would be to turn off whatever method you're currently using for making it internet accessible, this will at least stop the access attempts.
Then if you need to get access to it from the internet yourself, you'll need to set up a VPN. There isn't really a "for dummies" version of this.
I thought as much :-)Then if you need to get access to it from the internet yourself, you'll need to set up a VPN. There isn't really a "for dummies" version of this.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff