Hello everybody,
For the past couple of days I have been noticing some wierd behavior of my xpenology install. Today I did some digging and realized there was a process call Synodns making my CPU clock at 100% constantly.
I am not sure how it was done and what methods were used by apparently my synology install was compromised and "synodns" was installed.
From what I can tell "synodns" is a renamed Cpu miner:
"Running /usr/syno/bin/synodns --help does indeed show it is a miner.
Usage: minerd [OPTIONS]
Options:
-a, --algo=ALGO specify the algorithm to use
scrypt scrypt(1024, 1, 1) (default)
sha256d SHA-256d
-o, --url=URL URL of mining server (default: http://127.0.0.1:9332/)
-O, --userpass=U:P username:password pair for mining server
-u, --user=USERNAME username for mining server
-p, --pass=PASSWORD password for mining server
... snip ...
-V, --version display version information and exit
-h, --help display this help text and exit"
See also:
http://www.reddit.com/r/synology/commen ... edsynodns/
http://forum.synology.com/enu/viewtopic ... ns#p301696
I am not the most advanced in internet security so if one of you guys could let me know what I can do to better protect myself from stuff like this in the future I would appreciate it.