Just an awareness post. last weekend i suffered a massive data loss, over 1 tb of files and folders deleted. I investigated the issue and found out, some random IPs were scanning my IP ports and found an opening on my synology NAS.

needless to say, they login to my Synology through brute force and managed to randomly deleted my files and folders.

My advise is, if you are using synology and have quickconnect turned on. if you are not using the feature, turn it off. quickconnect allows you to connect to the NAS even if you are outside of your network. Eg, if you are at work using mobile, you can connect to the NAS through quickconnect.

If you need quickconnect, turn on 2-factor authentication. Even with brute force entry, they cant brute force the 6 digit authentication code. please refer to this site for a more thorough walk through: https://kb.synology.com/en-us/DSM/tutorial/...ur_Synology_NAS

Stay safe digitally guys.

Woah, OK. Was thinking of investing in NAS. Now maybe not.

I am looking for a reliable data recovery expert, if you have any recommendation - please let me know

thank you

You should turn on 2FA for login.
If you have quickconnect turned on.

Or use the built in OpenVPN.

This post has been edited by JK-Rai: Aug 3 2021, 03:41 PM

how do you check if your NAS is being scanned?

enable firewall
enable ip banning for number of login failed
2fa
enable ssl

because synology have these capability to
detterent brute force login.

i kena also but im using 2fa need token .. so cannot masuk

in synology nas have detailed log for scanned / request activity

ada log will tell you .. something like an ip tried to attempt .. then locked etc etc

Never allow the NAS to access the internet except for firmware updates.

from the my firewall log.. for example:

[LAN access from remote] from 99.253.XXX.XX:XXXXX to 192.168.X.X:XXXXX, Tuesday, Aug 03,2021 14:30:15

Yes, you can install log activity app from the store to have a more detailed report

https://undelete360.com/




honestly.

with the speed of Internet today.
why using Local Storage? instead of Cloud?

honesly, extreme important data better be on cloud. or Double cloud.

security advisor >login analysis?

Sorry to hear that TS, hope you can recover your files. btw agree with cloud solution. I am choosing between NAS/cloud and I choose cloud in the end

Also disable the default Admin user. Create a new user with admin privilege. Knowing the correct ID to login is already half the game.

Yes.. allow me to share my corrective and preventive actions:

1. Install DS finder and turn on notification on synology - therefore any funny stuff, you get notified immediately

2. ALWAYS do back up, depending on the importance of the files, do it daily, weekly, monthly, quarterly, half yearly or yearly

3. do a security audit from time to time

4. change any default ports, these are frequently scanned by hackers or malware

5. use cloud back up and back up the cloud data too from time to time

Yes, but the one i shared is from my personal firewall…so i have 2 firewalls - one on the NAS and another is from the router end

have you use undelete before? i was thinking about https://www.mydatarecovery.my

used their services b4. good service. fair charging rate.