Good morning,
I started using synology 3-4 months ago.
After reviewing the logs, I noticed my NAS is under permanent brute force attacks.
Initially, I started blocking IPs manually (by adding one by one in the firewall with a 'deny' rule), but then I noticed that IPs kept changing as I blocked them. It does not look like a good use of my time.
The synology servicedesk is not very helpful:
- blocking countries is not working: still getting brute force from one of the three countries I allow,
- multi factor authentication: does not work on FTP. FTP transfers are much faster than the web interface.
- Brute force is only conducted on SSH. The service desk advised to disable SSH, but even when I disable SSH the box is still processing SSH login requests! (Bruteforce via SSH continues with SSH disabled.)
The next step is to block SSH on the firewall of the NAS.
Any other idea?