NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

WildfireTech's avatar
WildfireTech
Guide
Apr 29, 2018
Solved

READYCLOUD Appears to have been hacked

I got my weekly security bulletin from my NetGear R6400 this morning and it is full of pages and pages of entries like this:   [LAN access from remote] from XXX.XXX.XXX.XXX:YYYYY to XXX.XXX.XXX.X...
ReadyCLOUD Portal
Security
  • Marc_V's avatar
    Marc_V
    Apr 29, 2018

    Hi WildfireTech

     

    Can you please send in the logs and report from your router also if you have screenshots that would be also helpful. Sending logs

     

    Regards

     

     

schumaku's avatar
schumaku
Guru - Experienced User
Apr 29, 2018

Completely unrelated to ReadyCloud.

 

Your NAS port 80 is exposed to the wild Internet, being by UPnP PMP or manual port forwarding. Every attempted access to the ReadyNAS Web interface is allowed, and forwarded by your router. Whatever traffic is there - being attempted username/password dictionary access tries, or evaluating for potential security issues.

 

Editing potentially attcker IPs is fine, changing your most likely RFC 1918 private IP addresses used on the LAN is not required.

WildfireTech's avatar
WildfireTech
Guide
Apr 29, 2018

I have no port forwarding or port triggering configured.  UPnP is disabled on my router and the NAS (no idea how to manage my ISP's Cable Modem).

 

Thanks

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More