What's new
By:

Security -- Beating to Quarters on DSM 7

JoeHz

JoeHz

Regular Contributor
I just got a mega bleep ton of login attempts alerted to me this morning. Someone from Lausanne Switzerland 179.43.145.42, but it appears to be a VPN originating from privatelayer.com.

Check your login attempts folks. And disable the default accounts.
 
This has always been a thing. Login attempts to any device on a nerwork happen so often it becomes just "background noise".
 
Yeah, I see router attacks all the time, and I don't even know if Windows Popup messages are a thing anymore but they were pervasive, but Synology aimed attacks seem to be new (at least for me). This is the first time in opening that port 18 months ago that I've gotten an automated login bot aimed at it.

What's the standard obfuscation method for this one? Move off of port 5000? Two Factor? I do have remote users so it needs to be open.
 
JoeHz said:
Yeah, I see router attacks all the time, and I don't even know if Windows Popup messages are a thing anymore but they were pervasive, but Synology aimed attacks seem to be new (at least for me). This is the first time in opening that port 18 months ago that I've gotten an automated login bot aimed at it.

What's the standard obfuscation method for this one? Move off of port 5000? Two Factor? I do have remote users so it needs to be open.
Click to expand...
Changing ports will mitigate, but only until someone latches onto the new port.
I run everything behind a VPN, and even then I randomly change that to a random port.
 
JoeHz said:
What's the standard obfuscation method for this one? Move off of port 5000? Two Factor? I do have remote users so it needs to be open.
Click to expand...

Don't expose your NAS directly to the internet nowadays would be my advice.
An appropriately configured Tailscale network (don't know how trusted your remote users are so can't advise specifics) is another option you could look into...
 
Aye mate. But, beating to quarters after the attack is too late...
 
Stephen Harrington said:
An appropriately configured Tailscale network (don't know how trusted your remote users are so can't advise specifics) is another option you could look into...
Click to expand...

Yes - Tailscale is supported as a first party app by QNAP and Synology DSM7

Screenshot 2025-07-04 at 4.59.33 PM.png
Screenshot 2025-07-04 at 4.58.03 PM.png
 
Yeah, I think a VPN for the people who need it is appropriate. The fact it's only happened once is a pretty good indicator of it not being low hanging fruit. I figured I'd have found out immediately if it was a problem but it actually took over 18 months.
 
You must log in or register to reply here.

Similar threads

B
News Asus Security Update for DSL Series Router: DSL-AC51, DSL-N16, DSL-AC750 (11/13/2025)
Replies
0
Views
1K
bennor
B
citizengris
Asus BT10 - still not stable at all even after latest firmware - been tinkering for months - high frustration
3 4 5
Replies
94
Views
21K
YamahaArtist
Y
doge
Asus ROG Rapture GT-AXE16000 - bricked - how to reset / install new firmware
Replies
3
Views
5K
doge
doge
B
Solved OpenVPN problem on RT-AC86U after upgrade to 386.4 - server daemon fails to start with DNS resolution error
Replies
7
Views
7K
ColinTaylor
C
P
How to resolve Security ID's to account name on RT-AC86U?
Replies
1
Views
1K
cooloutac
cooloutac

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,242 (members: 21, guests: 2,221)
Back
Top