edmondhk

Freshly installed DSM got hacked?

Recommended Posts

I just update from DSM5.0 to DSM5.1 5022-U3 which run on N54L

After everything is settle down, I tried the new security adviser. And it found my DSM have following files got edited.

/usr/syno/synoman/webman/usersettings.cgi

 

-rwxr-xr-x 1 root root 65000 Jan 16 00:31 usersettings.cgi

 

I installed optware before but I have uninstall it by instruction from following webpage.

http://blog.bangbits.com/2011/05/optwareipkg-on-synology-ds211.html

 

What is usersettings.cgi does and how I can restore it?

Share this post


Link to post
Share on other sites

usersettings.cgi is a part / container of synology dsm protection so it was dynamically patched to keep dsm work on any hw.

Don't worry. It's ok.

Share this post


Link to post
Share on other sites
usersettings.cgi is a part / container of synology dsm protection so it was dynamically patched to keep dsm work on any hw.

Don't worry. It's ok.

So this is normal if DSM is installed at non-Synology hardware

Share this post


Link to post
Share on other sites
usersettings.cgi is a part / container of synology dsm protection so it was dynamically patched to keep dsm work on any hw.

Don't worry. It's ok.

So this is normal if DSM is installed at non-Synology hardware?

Share this post


Link to post
Share on other sites
usersettings.cgi is a part / container of synology dsm protection so it was dynamically patched to keep dsm work on any hw.

Don't worry. It's ok.

 

Hi Vortex,

 

Great thanks for your working on xpenoboot.

 

I don't know which method synology used to protect DSM, but I like your patch for the protected files

(especially the "PWNED BY VTX" part ...LOL).

Now I'm wondering if we could pass the protection in another way, which don't patch the protect

files but simulate a genius synology environment(by kernel modules? or qemu emulation?), do you thinks

this is possible?

Share this post


Link to post
Share on other sites