Jump to content
XPEnology Community

Curiousology

Rookie
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by Curiousology

    [SOLVED] Trojan horse XPEnology?

    in Archives

    Posted

    Hi all,

     

    I'd like to point your attention to a posting that appeared recently at Wilders security forums:

     

    Well , if anything looks to good to be true...

     

    A few weeks ago I surfed past this site -http://www.xpenology.com-. I had an old WHS lying around, and well I like to tweak computers , so I gave it a try.

    After some tweaking I found my old WHS was running as a real Synology NAS ...

    Nicely done I thought.....

     

    Well you guys probably allready know where this is going...

    It turned out I installed A gaping backdoor on to my network, and they got in....

     

    I have no idea how long they have been looking around or what they did, but it scares me.

     

    So what did I do so far:

     

    Plugged my router (closed all outgoing ports). Found a furtual netwerk adaptor on one off my computers, wich I removed. Scanned for virus (nod32) and malware (Hitman pro). I use a password manager (Lastpass) with multifactor login. Havn't noticed any misuse there.

     

    I formatted all drives in the compromised machine.

     

    Still it was stupid, very stupid...

     

    What do you guys think, did I do enough damage control?

     

    Any additional things I should do?

     

    thx for your ( upcomming) advise.

     

    Eric

     

    Unfortunately "Eric" fails to explain what "gaping backdoor" he thinks he has discovered. What is more, his english skills are not on par with his sense of persecution, giving a hard time to guess what could have gone wrong. But anyway, do you see any evidence for his statement? Are THEY for real? :smile: Thanks in advance!

    Synology RS3413xs+ DSM 4.2-3211 x86

    in DSM 5.2 and earlier (Legacy)

    Posted

    odie82544,

     

    thanks a lot for this release! I managed to install it to four discarded rackmount servers. They are fully identical ecxept for one having only a single HDD while the other three are eqipped with two same-sized HDDs. On the one with the single HDD, the USB boot stick is seen as an "external device", is auto-mounted involuntarily as /VolumeUSB1/ and I am not allowed to delete the according share: "The following shared folders are reserved for system use and cannot be deleted: usbshare1"

     

    Is there any way to prevent this unwanted behaviour? Thanks in advance!

×
×
  • Create New...