Jump to content

Archived

This topic is now archived and is closed to further replies.

kentroup

Photo.scr worm on NAS drive.

Recommended Posts

Yesterday I noticed that a file names photo.scr had appeared in every folder of my seagate central Nas drive. They were dated from 18th Nov onwards. I checked everything I had downloaded and emails from the 17th and 18th but found no suspects. My computer, tablets and phones were clean. I then suspected that I was being attacked from the internet. A few weeks ago I was experimenting with how to access my Nas remotely. In doing so I had changed my router settings on my sky hub to make my Nas a demilitarised server which allowed me direct access via FTP. As soon I removed these settings, photo.scr stopped being propagated and I could delete the 18000 files relatively quickly via Treesize file search.

 

Share this post


Link to post
Share on other sites
2 hours ago, kentroup said:

In doing so I had changed my router settings on my sky hub to make my Nas a demilitarised server which allowed me direct access via FTP

If your going to open up FTP use, you need to configure the Eset firewall only to allow connections to specific trusted IP address. When I perform period reviews of my router logs, FTP ports namely port 23 are constantly being probed for access by external sources.

Share this post


Link to post
Share on other sites

Hi Itman, the present method of communicating with my nas drive remotely is by a Seagate Tappin program. However the program is being discontinued next April so I need to come up with a new method. I need to access my drive over the internet from any computer, tablet or phone. Do you know of a secure method?

 

Share this post


Link to post
Share on other sites
3 hours ago, kentroup said:

Do you know of a secure method?

A few suggestions here: https://security.stackexchange.com/questions/35425/securing-a-network-attached-storage-on-the-internet

This one looked interesting:

I would use Duplicati (http://www.duplicati.com/) to SFTP the files to the NAS. You could set up a separate share for each backup to isolate the risk of compromise if the password was leaked. Set up your NAS with dynamic DNS and have the clients push the data to the NAS, so that you only have to worry about your IP address, not theirs. Duplicati can also do encryption and incremental backups.

Also, if you do decide to use Duplicati, make sure you select the SSH option, not the FTP option to do SFTP. It's weird like that.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...