BeberGold Posted June 23, 2023 Share #1 Posted June 23, 2023 Good morning, I started using synology 3-4 months ago. After reviewing the logs, I noticed my NAS is under permanent brute force attacks. Initially, I started blocking IPs manually (by adding one by one in the firewall with a 'deny' rule), but then I noticed that IPs kept changing as I blocked them. It does not look like a good use of my time. The synology servicedesk is not very helpful: - blocking countries is not working: still getting brute force from one of the three countries I allow, - multi factor authentication: does not work on FTP. FTP transfers are much faster than the web interface. - Brute force is only conducted on SSH. The service desk advised to disable SSH, but even when I disable SSH the box is still processing SSH login requests! (Bruteforce via SSH continues with SSH disabled.) The next step is to block SSH on the firewall of the NAS. Any other idea? Quote Link to comment Share on other sites More sharing options...
Jseinfeld Posted July 1, 2023 Share #2 Posted July 1, 2023 Your NAS should ideally be behind a VPN. Otherwise this is just normal and nothing that it can't handle Quote Link to comment Share on other sites More sharing options...
gadreel Posted July 1, 2023 Share #3 Posted July 1, 2023 On 6/23/2023 at 8:42 AM, BeberGold said: Good morning, I started using synology 3-4 months ago. After reviewing the logs, I noticed my NAS is under permanent brute force attacks. Initially, I started blocking IPs manually (by adding one by one in the firewall with a 'deny' rule), but then I noticed that IPs kept changing as I blocked them. It does not look like a good use of my time. The synology servicedesk is not very helpful: - blocking countries is not working: still getting brute force from one of the three countries I allow, - multi factor authentication: does not work on FTP. FTP transfers are much faster than the web interface. - Brute force is only conducted on SSH. The service desk advised to disable SSH, but even when I disable SSH the box is still processing SSH login requests! (Bruteforce via SSH continues with SSH disabled.) The next step is to block SSH on the firewall of the NAS. Any other idea? A more advanced approach is to use Cloudflare zero trust and apply security measures... Quote Link to comment Share on other sites More sharing options...
Attanar Posted July 2, 2023 Share #4 Posted July 2, 2023 I don't know about DSM, but can't you enable SSH key for logging in to your systems? Then you would have a private key on your remote devices and only those would be able to log in. Quote Link to comment Share on other sites More sharing options...
BeberGold Posted July 2, 2023 Author Share #5 Posted July 2, 2023 Apologies for not replying earlier. The vendor (Synology) does not sound like improving security features will be possible in the near future. I have had to configure strict firewall rules. The nonsense has now stopped. Thank you all for replying. The situation is now resolved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.