lev400

Have been runing a HP Microserver with Xpenology 4 on it for about a year, nice and stable, no problems. Now upgraded (fresh install) to NanoBoot DSM 5. Have a few Microservers running DSM and a few VM's. Stable and very nice NAS OS!

VPN I have been meaning to do but not had success with it so far, couldn't get it working. And yes you are right, VPN is the way to go if the situation suits it.

Useless mate! But good choice. My suggestion is to block 5000 5001 ports in your firewall/cancel port forwards. It's enough that the system is pingable on the internet the exploit just gets root permissions for the attacker and everything is installed automatically. I have set DSM to use non default ports for HTTPS web admin access and disabled unencrypted access. Also blocked port 80 as if you visit that with it not blocked it will just re-direct the user to the web admin page with the hidden port. Of course the port is not that hidden and can just be port scanned but changing things from non-default ports is always a good step. I have a few DSM systems in datacenters that use internet facing IP so I cant block them in firewall. I am just using the DSM inbuilt firewall. Only services I need are allowed thru the firewall.

Thank god its not effecting DSM 5. At least this has caused be to review my security settings on my NAS's. I will get my last 4.3 box updated soon, for now I have removed web/https access from the internet.

More info: http://www.guru3d.com/news-story/synology-nas-servers-plagued-by-ransomware.html

New ransomware that is effecting Synology DSM NAS's Have a Synology NAS? Is it accessible to the internet? If it is, You might want to take it offline for a while. Synolocker is a 0-day ransomware that once installed, will encrypt all of the NAS's files and hold them for ransom just like Cryptolocker does for windows PC's. The Virus is currently exploiting an unknown vulnerability to spread. Synology is investagating the issue. Source: http://hardware.slashdot.org/story/14/08/05/0344244/synolocker-0-day-ransomware-puts-nas-files-at-risk More Info on Forums http://forum.synology.com/enu/viewtopic.php?f=108&t=88770