Just an awareness post. last weekend i suffered a massive data loss, over 1 tb of files and folders deleted. I investigated the issue and found out, some random IPs were scanning my IP ports and found an opening on my synology NAS.

needless to say, they login to my Synology through brute force and managed to randomly deleted my files and folders.

My advise is, if you are using synology and have quickconnect turned on. if you are not using the feature, turn it off. quickconnect allows you to connect to the NAS even if you are outside of your network. Eg, if you are at work using mobile, you can connect to the NAS through quickconnect.

If you need quickconnect, turn on 2-factor authentication. Even with brute force entry, they cant brute force the 6 digit authentication code. please refer to this site for a more thorough walk through: https://kb.synology.com/en-us/DSM/tutorial/...ur_Synology_NAS

Stay safe digitally guys.

Woah, OK. Was thinking of investing in NAS. Now maybe not.

I am looking for a reliable data recovery expert, if you have any recommendation - please let me know

thank you

You should turn on 2FA for login.
If you have quickconnect turned on.

Or use the built in OpenVPN.

This post has been edited by JK-Rai: Aug 3 2021, 03:41 PM

how do you check if your NAS is being scanned?

enable firewall
enable ip banning for number of login failed
2fa
enable ssl

because synology have these capability to
detterent brute force login.

i kena also but im using 2fa need token .. so cannot masuk

in synology nas have detailed log for scanned / request activity

ada log will tell you .. something like an ip tried to attempt .. then locked etc etc

Never allow the NAS to access the internet except for firmware updates.

from the my firewall log.. for example:

[LAN access from remote] from 99.253.XXX.XX:XXXXX to 192.168.X.X:XXXXX, Tuesday, Aug 03,2021 14:30:15

Yes, you can install log activity app from the store to have a more detailed report

https://undelete360.com/




honestly.

with the speed of Internet today.
why using Local Storage? instead of Cloud?

honesly, extreme important data better be on cloud. or Double cloud.

security advisor >login analysis?

Sorry to hear that TS, hope you can recover your files. btw agree with cloud solution. I am choosing between NAS/cloud and I choose cloud in the end

Also disable the default Admin user. Create a new user with admin privilege. Knowing the correct ID to login is already half the game.

Yes.. allow me to share my corrective and preventive actions:

1. Install DS finder and turn on notification on synology - therefore any funny stuff, you get notified immediately

2. ALWAYS do back up, depending on the importance of the files, do it daily, weekly, monthly, quarterly, half yearly or yearly

3. do a security audit from time to time

4. change any default ports, these are frequently scanned by hackers or malware

5. use cloud back up and back up the cloud data too from time to time

Yes, but the one i shared is from my personal firewall…so i have 2 firewalls - one on the NAS and another is from the router end

have you use undelete before? i was thinking about https://www.mydatarecovery.my

used their services b4. good service. fair charging rate.

go youtube educate yourself.

i using undelete since MSDOS era.


Delete is not Delete in filesystem.

Wipe is Delete.

Delete is only remove the file entry data on file system registry.

all the sector contain the data is untouched.

as long as the free space after delete is "UNTOUCHED"
undelete is possible.


but when the sector is re-written by new data. another story.

dont use Malaysia tech lah.. or malaysia software.

i know this buddy.. and synology format is linux and my harddrive is ext4..i can install driver to read the drive but i cant be sure if undelete could scan and recover

you mean mydatarecovery is good?

u didnt set limit on brute force trial ? im using synology for years. i think around 7-8 years.
so far only few times got notified some login failure by some brute force bot. btw please disable default admin as well. use diff username


This post has been edited by megahertz: Aug 3 2021, 04:20 PM

yeah

Unfortunately i did not get it

have tried using UFS file explorer?

No. Any good? You tried?

yup. my syn nas was corrupted couple of years back and i manage to recover the files.

Question: when you recover the files, are they in correct file names and correct directories?

I tried running one before but the file names are not in the original and no folder structure which is a big pain.

don't think i encountered that. just that it recovered some of the deleted files as well.

no wonder syn keep asking me to disable admin acc.
i just did hopefully safe

from where do we change quickconnect port numbers

It’s under https and http. Change both

This post has been edited by nate_nightroad: Aug 4 2021, 11:49 AM

saved

So i have updated DMS 7, it's more secure.. I recommend it!

just found dsm7 version as well. i will research a bit b4 click

thanks to Kevin for the headsup

scary ler, better do 2FA

is there any dedicated thread on Synology users here? sometimes I damn headache even after years of using

another fren kena same thing. i told him jaga & not sure his damage

[8/5 15:53] 吃饱太得空
[8/5 16:14] As on 3/8 a lot of file missing
[8/5 16:15] Cb, kena hack

please turn of 2FA, and change the quickconnect default port

take care everyone