elmuziko Posted August 5, 2014 Share #26 Posted August 5, 2014 Further info here: http://www.theregister.co.uk/2014/08/05 ... y_attacks/ Although according to the comments it's been patched? I'll ask the same questions on here as I have on theregister: I disabled the admin account and created a new one. I have SSH turned off. I have SSL turned on and auto-redirected. I have auto-block IP on 2 password fuck-ups. Am I doing everything I should to keep safe? hackers do not necessary need to try your admin password, once the hackers identified your device is synology NAS, and have some security vulnerabilities that haven't been fixed, it is possible hackers can remote access your nas as root user - disable port forwards 5000, 50001 ... ports - stop using synology free DDNS, synology domain is unsafe On further reading today (fuck work, who needs work?) it looks like I'm safe as running the latest Nanoboot. Still, taken it off the internet for the time being. Isn't Nanoboot using a legacy bootloader or something to get around the Syno protection? So is it possible even on DSM 5 the rest of us could be a target? Quote Link to comment Share on other sites More sharing options...
thenexus7 Posted August 5, 2014 Share #27 Posted August 5, 2014 Fresh news about the issue coming from Synology forums: -------------------- The AnandTech article was updated a bit ago: http://www.anandtech.com/show/8337/synology-advises-users-of-synolocker-ransomware "Synology has finished analyzing the exploit and confirmed which versions of DSM are vulnerable. The vulnerability in question was patched out of DSM in December of 2013, so only servers running significantly out of date versions of DSM appear to be affected. In summary, DSM 5.0 is not vulnerable. Meanwhile DSM 4.x versions that predate the vulnerability fix – anything prior to 4.3-3827, 4.2.3243, or 4.0-2259 – are vulnerable to SynoLocker. For those systems that are running out of date DSM versions and have not been infected, then updating to the latest DSM version should close the hole. As for systems that have been infected, Synology is still suggesting that owners shut down the device and contact the company for direct support." ------------------- So it seems the issues only affects non "updated" 4.x versions... good news Quote Link to comment Share on other sites More sharing options...
vanaema78 Posted August 5, 2014 Share #28 Posted August 5, 2014 How to update from 4.2 to 5.0? I would love to keep my data.... Quote Link to comment Share on other sites More sharing options...
lev400 Posted August 6, 2014 Share #29 Posted August 6, 2014 Thank god its not effecting DSM 5. At least this has caused be to review my security settings on my NAS's. I will get my last 4.3 box updated soon, for now I have removed web/https access from the internet. Quote Link to comment Share on other sites More sharing options...
Schnapps Posted August 6, 2014 Share #30 Posted August 6, 2014 Thank god its not effecting DSM 5. At least this has caused be to review my security settings on my NAS's. I will get my last 4.3 box updated soon, for now I have removed web/https access from the internet. Useless mate! But good choice. My suggestion is to block 5000 5001 ports in your firewall/cancel port forwards. It's enough that the system is pingable on the internet the exploit just gets root permissions for the attacker and everything is installed automatically. Quote Link to comment Share on other sites More sharing options...
djelusion Posted August 6, 2014 Share #31 Posted August 6, 2014 glad to know i updated my synology before hand, have all the rules in place and also have it set to not be accessible thru the net Quote Link to comment Share on other sites More sharing options...
Trexx Posted August 6, 2014 Share #32 Posted August 6, 2014 Here is a link to a way to decrypt CryptoLocker files that was just released. I DO NOT know whether this will also work on SynoLocker files or not, but may be worth a shot for those who have been affected. http://arstechnica.com/security/2014/08/whitehats-recover-victims-keys-to-cryptolocker-ransomware/ Quote Link to comment Share on other sites More sharing options...
lev400 Posted August 7, 2014 Share #33 Posted August 7, 2014 Thank god its not effecting DSM 5. At least this has caused be to review my security settings on my NAS's. I will get my last 4.3 box updated soon, for now I have removed web/https access from the internet. Useless mate! But good choice. My suggestion is to block 5000 5001 ports in your firewall/cancel port forwards. It's enough that the system is pingable on the internet the exploit just gets root permissions for the attacker and everything is installed automatically. I have set DSM to use non default ports for HTTPS web admin access and disabled unencrypted access. Also blocked port 80 as if you visit that with it not blocked it will just re-direct the user to the web admin page with the hidden port. Of course the port is not that hidden and can just be port scanned but changing things from non-default ports is always a good step. I have a few DSM systems in datacenters that use internet facing IP so I cant block them in firewall. I am just using the DSM inbuilt firewall. Only services I need are allowed thru the firewall. Quote Link to comment Share on other sites More sharing options...
spammy Posted August 7, 2014 Share #34 Posted August 7, 2014 VPN FTW. Yes it'll take a bit of effort to set up, but once you do all these issues go away. Quote Link to comment Share on other sites More sharing options...
lev400 Posted August 7, 2014 Share #35 Posted August 7, 2014 VPN I have been meaning to do but not had success with it so far, couldn't get it working. And yes you are right, VPN is the way to go if the situation suits it. Quote Link to comment Share on other sites More sharing options...
waspsoton Posted August 12, 2014 Author Share #36 Posted August 12, 2014 well i am now all back up and running. i have one questions>>> 1. can i upgrade to 5 without loosing my data Quote Link to comment Share on other sites More sharing options...
freddan83 Posted August 17, 2014 Share #37 Posted August 17, 2014 well i am now all back up and running. i have one questions>>>1. can i upgrade to 5 without loosing my data yes Quote Link to comment Share on other sites More sharing options...
Schnapps Posted August 17, 2014 Share #38 Posted August 17, 2014 well i am now all back up and running. i have one questions>>>1. can i upgrade to 5 without loosing my data Yes! Guys, for the God's sake, "Read The Fuckin Manual!". There are sooo many threads and posts in this regard that apparently no newbie is reading. Everyone is asking again and again the same thing. Sad. Quote Link to comment Share on other sites More sharing options...
guldhammer Posted August 19, 2014 Share #39 Posted August 19, 2014 Where can i download DSM 4.3-3827 not to Esxi?? Quote Link to comment Share on other sites More sharing options...
XerSonik Posted August 26, 2014 Share #40 Posted August 26, 2014 http://www.f-secure.com/weblog/archives/00002737.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.