kentroup 0 Posted November 24, 2017 Posted November 24, 2017 Yesterday I noticed that a file names photo.scr had appeared in every folder of my seagate central Nas drive. They were dated from 18th Nov onwards. I checked everything I had downloaded and emails from the 17th and 18th but found no suspects. My computer, tablets and phones were clean. I then suspected that I was being attacked from the internet. A few weeks ago I was experimenting with how to access my Nas remotely. In doing so I had changed my router settings on my sky hub to make my Nas a demilitarised server which allowed me direct access via FTP. As soon I removed these settings, photo.scr stopped being propagated and I could delete the 18000 files relatively quickly via Treesize file search.
itman 1,799 Posted November 24, 2017 Posted November 24, 2017 2 hours ago, kentroup said: In doing so I had changed my router settings on my sky hub to make my Nas a demilitarised server which allowed me direct access via FTP If your going to open up FTP use, you need to configure the Eset firewall only to allow connections to specific trusted IP address. When I perform period reviews of my router logs, FTP ports namely port 23 are constantly being probed for access by external sources.
kentroup 0 Posted November 24, 2017 Author Posted November 24, 2017 Hi Itman, the present method of communicating with my nas drive remotely is by a Seagate Tappin program. However the program is being discontinued next April so I need to come up with a new method. I need to access my drive over the internet from any computer, tablet or phone. Do you know of a secure method?
itman 1,799 Posted November 24, 2017 Posted November 24, 2017 3 hours ago, kentroup said: Do you know of a secure method? A few suggestions here: https://security.stackexchange.com/questions/35425/securing-a-network-attached-storage-on-the-internet This one looked interesting: I would use Duplicati (http://www.duplicati.com/) to SFTP the files to the NAS. You could set up a separate share for each backup to isolate the risk of compromise if the password was leaked. Set up your NAS with dynamic DNS and have the clients push the data to the NAS, so that you only have to worry about your IP address, not theirs. Duplicati can also do encryption and incremental backups. Also, if you do decide to use Duplicati, make sure you select the SSH option, not the FTP option to do SFTP. It's weird like that.
kentroup 0 Posted November 25, 2017 Author Posted November 25, 2017 Thanks for the info. I will investigate the options.
itman 1,799 Posted November 26, 2017 Posted November 26, 2017 A FYI in regards to malicious attackers use of port 23: http://securityaffairs.co/wordpress/66012/malware/mirai-argentina.html
Recommended Posts