NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

WildfireTech's avatar
WildfireTech
Guide
Apr 29, 2018
Solved

READYCLOUD Appears to have been hacked

I got my weekly security bulletin from my NetGear R6400 this morning and it is full of pages and pages of entries like this:   [LAN access from remote] from XXX.XXX.XXX.XXX:YYYYY to XXX.XXX.XXX.X...
ReadyCLOUD Portal
Security
  • Marc_V's avatar
    Marc_V
    Apr 29, 2018

    Hi WildfireTech

     

    Can you please send in the logs and report from your router also if you have screenshots that would be also helpful. Sending logs

     

    Regards

     

     

WildfireTech's avatar
WildfireTech
Guide
Apr 29, 2018

I have no port forwarding or port triggering configured.  UPnP is disabled on my router and the NAS (no idea how to manage my ISP's Cable Modem).

 

Thanks

StephenB's avatar
StephenB
Guru - Experienced User
Apr 30, 2018
WildfireTech wrote:

I have no port forwarding or port triggering configured.  UPnP is disabled on my router and the NAS (no idea how to manage my ISP's Cable Modem).

 

Port 80 is normal HTTP - it isn't the port that ReadyCloud or ReadyRemote use.

 

Is the second IP address that you redacted the IP address of the router?  Or is it the IP address of the ReadyNAS?

 

Note that private IP addresses aren't routable, so it is safe to post addresses in the ranges 192.168.0.0.-192.168.255.255, 10.0.0.0-10.255.255.255 and 172.16.0.0 – 172.31.255.255 ( https://en.wikipedia.org/wiki/Private_network ).

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More