QNAP’s hardware is good, generally a step up from Synology. But as to where I’d go next, I don’t know.
Maybe homebrew something on based on FreeNAS.
1 Like
Yes, I was not attacked. Checking logs back a month, no suspicious log in attempts.
1 Like
Yes it’s the hardware and good technology that had me looking, but the alarm bells started going off not long after I did, due to bad default’s and other hack/security bypasses that seem all to common on their platform.
A good NAS platform offer’s so much functionality, and it is the set it and forget it features of QNAP and Synology that bring user’s back. But when offering services connected to the Internet there is so much danger that most user’s are not really geared up for.
2 Likes
Thanks for all inputs and the QNAP expansion two bay drive seems to be useful for the backups externally. Current issue is to resolve the encrypted files (I hope) … and next to buy a usb HD to store everything from the NAS …
Ugh … some people /organizations need their government issued license(*) to develop and distribute software revoked.
(*) if anyone got triggered, take a breath … that’s a joke; an attempt at being ironic.
2 Likes
I should think that the prospect of having your employment terminated with extreme prejudice is a great motivator…
2 Likes
I spoke too soon. I evidently haven’t be infected, but I installed QuFirewall and disabled the admin account. I am now receiving many denied attempts to log in. All from user “Admin”. Creating a different administrator account and disabling the default admin account is probably one of the best things you can do. I followed all of the other recommendations as well, though I still need to access the internet, so I can’t completely lock it down. Feels good enough though.
2 Likes
To @Tony_Kwong oh man, sorry to hear that - not sure how much QNAP would have been able to help, but as per their post re: this, they mention NOT to reboot or turn off the NAS and then contact them. Hope you can find a solution. I would rather take the loss than pay, but, well, everyone has different priorities.
Now, it looks like this is not a phish bait thing - from what I understand, nobody clicked on something then started the process - I get the impression that this was about appliances exposed to the internet. Am I wrong on this?
v
Change the default 8080 http port of the web-based user interface. Change the default https port too.
Disable UPnP on the NAS.
Do not port forward http or https ports from the router to the NAS.
Use a strong Admin password. You dont need to disable the default Admin.
I’ve been using 2021 as a overhaul year for my home network operations. I was looking to replace two decade old machines I use, one Dell 2900 used for Windows Server 2012r2 and the other a 2008 Mac Pro hacked to run Catalina (and currently running Roon and Plex for me). I was researching a big, hairy NAS machine and was zoning in on a couple of QNAP models. And now I see this.
I’m not a network ops guy but I know enough about security to know that QNAP accidentally hard coding login authentication information into code is literal malpractice and opening themselves up for a big lawsuit in the US. One thing that you shouldn’t do is open your NAS to the Internet unless you absolutely have to and then zealously guard the keys and check the logs. Use VPNs to get to your network if you need access from the outside. Don’t use UPnP. Change the default logins and passwords immediately upon setup and don’t use default port numbers for web pages.
Of course, I also made the decision to get Unifi network equipment in January and they got hacked too. Fortunately I installed after the hack but none of this makes me feel any safer. And considering that running Roon on a NAS is a barely supported thing anyway, maybe I should leave it on a PC/Mac.
1 Like
I’m running Roon on a big, hairy Synology RS3617xs with a 32GB RAM upgrade. The NAS has been running for 4 years, and so far, everything’s been good. Bought it originally for handling and off-site backing up of tens of thousands of hi-res RAW files when I was making money as a photographer.
It also runs a Plex server, hosts all of our IP cams, provides networked storage for documents and Mrs. F’s Time Machine and has been running Roon for over 6 months.
Main array is 12 X 4TB spinners in RAID 10 for speed, expansion RX1217 has 2 X SSDs in RAID0 for database, 4 X SSDs for library (also RAID 0) and a couple of hot spares for the main array.
Network connection to it is a 20Gbit fibre 802.3ad LAG. You’d never spend this kind of money for a Roon core - mine has grown organically over the years, but if you have need of the other stuff it’s a robust solution.
I only have the ports open that I need to and the default ports are all on different numbers. Your post has prompted me to double-check a few things and tighten up some stuff, just to be sure.
1 Like
Thanks for the information. I was concerned about Roon on a NAS since Roon doesn’t seem to be maintaining this themselves. It’s one thing for a third party NAA like RoPieee (which I use), but I was curious how this has been for people running Roon Core this way.
The RS3617xs and the subsequent xs+ models have been replaced by newer hardware but the reasonable CPU specs, built in dual 10gb Ethernet and virtualization abilities means I could effectively retire the Dell server and still run Windows Server if I felt the need to. The Dell is so old that it’s limited to 2 TB drives. Outside of 5 of those 2 TB models, I have five 10TB drives, five 16TB drives and four 4 TB drives in my house now. The current model equivalent to yours is now the RS3621xs+ which is a $4400 investment…not cheap by any standards. But I’m looking for a long term purchase.
One big concern is Synology’s practice of only really supporting their own memory and hard drives. Not sure what to make of that since I have so much I want to transfer over. My company mandates the same thing…but we’re selling million dollar servers in the data center.
You can easily find equivalent memory for the Synology Rackstations - as long as they’re the same speed spec and ECC. There are a number of websites which guarantee compatibility of memory with chosen devices.
Synology publish a list of compatible drives for each NAS - in the main, most enterprise drives work. There are a few non-enterprise drives which don’t work. Most enterprise drives from Seagate, WD, Hitachi, Toshiba should be OK.
EDIT: I’ve just read the compatibility list for the 3621xs+ and it’s a short list! Strangely, they don’t list incompatible drives!
I would think most enterprise drives would work, unless Synology specifically blocks them…?
That’s the problem When the “21” series Rackstations came out, Synology seemed to change policy in that (for at least the Enterprise market), if you choose to use either third party memory or hard drives, you void the warranty. There is a loophole where owners of the “17” series machines who want to upgrade still can move their hard drives over, but according to a review from nascompares.com, hard drives from the major vendors are considered to be “incompatible” and the software won’t allow you to add them to a pool. I guess the lesser models can still do other hard drives, but if this is the case, I can’t buy this since I can’t just throw out thousands in existing storage just for a Synology mandate.