Just an awareness post. last weekend i suffered a massive data loss, over 1 tb of files and folders deleted. I investigated the issue and found out, some random IPs were scanning my IP ports and found an opening on my synology NAS.

needless to say, they login to my Synology through brute force and managed to randomly deleted my files and folders.

My advise is, if you are using synology and have quickconnect turned on. if you are not using the feature, turn it off. quickconnect allows you to connect to the NAS even if you are outside of your network. Eg, if you are at work using mobile, you can connect to the NAS through quickconnect.

If you need quickconnect, turn on 2-factor authentication. Even with brute force entry, they cant brute force the 6 digit authentication code. please refer to this site for a more thorough walk through: https://kb.synology.com/en-us/DSM/tutorial/...ur_Synology_NAS

Stay safe digitally guys.

I am looking for a reliable data recovery expert, if you have any recommendation - please let me know

thank you

from the my firewall log.. for example:

[LAN access from remote] from 99.253.XXX.XX:XXXXX to 192.168.X.X:XXXXX, Tuesday, Aug 03,2021 14:30:15

Yes, you can install log activity app from the store to have a more detailed report

Yes.. allow me to share my corrective and preventive actions:

1. Install DS finder and turn on notification on synology - therefore any funny stuff, you get notified immediately

2. ALWAYS do back up, depending on the importance of the files, do it daily, weekly, monthly, quarterly, half yearly or yearly

3. do a security audit from time to time

4. change any default ports, these are frequently scanned by hackers or malware

5. use cloud back up and back up the cloud data too from time to time

Yes, but the one i shared is from my personal firewall…so i have 2 firewalls - one on the NAS and another is from the router end

have you use undelete before? i was thinking about https://www.mydatarecovery.my

i know this buddy.. and synology format is linux and my harddrive is ext4..i can install driver to read the drive but i cant be sure if undelete could scan and recover

you mean mydatarecovery is good?

Unfortunately i did not get it

No. Any good? You tried?

Question: when you recover the files, are they in correct file names and correct directories?

I tried running one before but the file names are not in the original and no folder structure which is a big pain.

It’s under https and http. Change both

This post has been edited by nate_nightroad: Aug 4 2021, 11:49 AM

So i have updated DMS 7, it's more secure.. I recommend it!

please turn of 2FA, and change the quickconnect default port

take care everyone