I was just checking one of the shares (our main one) on the NV+ we have in the office, and apparently there was a rsync enabled to 64.64.131.102, which I do not think was set by me. (The only admin in the company)The ReadyNAS is also secured with a password, and our network is protected by a Sonicwall TZ 210. (which probably allows the rsync protocol to get through, outbound)Could this be a some sort of hack to have all our information backed up somewhere else where a competitor or any other individual/organization has access to our files?No password was set either.It was just detected as users were complaining about permissions on files and folders on the share, which caused me to go through all the settings. I was quite surprised to see rsync enabled, actually.We just updated the firmware to the latest one, which gave us the ReadyNAS Vault option - was this part of the upgrade??Thanks for any info...

I'm not a vault user, but according to this link the data is in the amazon S3 cloud: http://readynasvault.zendesk.com/entrie ... ly-stored- I suppose they could also use other storage suppliers.64.64.131.102 is owned by IIC internet (also known as onlinestoragesolution.com), which offers its own on-line storage solution. Does that ring a bell?

StephenB wrote:I'm not a vault user, but according to this link the data is in the amazon S3 cloud: http://readynasvault.zendesk.com/entrie ... ly-stored- I suppose they could also use other storage suppliers.64.64.131.102 is owned by IIC internet (also known as onlinestoragesolution.com), which offers its own on-line storage solution. Does that ring a bell?Yes, I did lookup the IP, but IIC Internet is unknown to us.Interesting that somehow this was done when nobody else has access to the ReadyNAS.

I do note that under System -> Config Backup -> Backup, nothing has been selected there.However, rsync probably backs up independently of these selections, correct?Edited to Add: Noted that these are only system configs backed up.

I was assuming that the rsync to 64.64.131.102 was a frontview backup job. Is it something else? For instance something you are seeing running via ssh?Maybe this is obvious, but I think I'd(a) turn off the scheduling of the backup job for now, and disable rsync on the share if you aren't using that.(b) change the admin password for the NAS (and the root password if you use SSH).(c) check the logs and see if the backups are actually working(d) contact vault support directly(e) contact onlinestoragesolution.com support. If you didn't authorize the backups, then someone is illegally using them to steal your data. If you have the login user name and destination path, it should be easy for them to track down who it is, and they should be able to see the data transfer from their own logs.If the NAS is compromised/hacked then you should probably rebuild it (starting from a factory reset, and restoring data from backups). Re-configure the NAS manually, as you don't want to accidentally grab something in the OS partition that could reopen the vulnerability.

No idea what the rsync was, seriously.Thanks for the points - done:a) Done.b) Done. (not sure what is the root password)c) logs are not showing any rsync entries.d) Have to do this soon.e) There were no usernames or passwords - could rsync still be used, if the IP was allocated to someone?Thanks again!

ReadyNAS Vault using rsync?? | NETGEAR Communities

15 Replies

Replies have been turned off for this discussion

StephenB
Guru - Experienced User
Jun 01, 2013
You could try email to support@iicinternet.com

Since http://www.iicinternet.com/help.html also uses support@onlinestoragesolution.com for "contact us" you might cc that address also.
SuperFlyBoy1
Aspirant
Jun 02, 2013
StephenB wrote:
You could try email to support@iicinternet.com

Since http://www.iicinternet.com/help.html also uses support@onlinestoragesolution.com for "contact us" you might cc that address also.

Thanks - I sent out that mail and I requested our internet provider to check their logs as well, as I do not see anything on our NV+.

However, I do not think that either one will even bother to reply...
StephenB
Guru - Experienced User
Jun 02, 2013
I suppose you could try to loop in law enforcement, depending on exactly what might have been compromised. I'm not sure how to do that.

The company is based in Oklahoma City, which might be one reason for sluggish responses.
SuperFlyBoy1
Aspirant
Jun 02, 2013
StephenB wrote:
I suppose you could try to loop in law enforcement, depending on exactly what might have been compromised. I'm not sure how to do that.

Actually, I have experience in that field, interestingly enough...

That can only be done if we have sufficient proof of (specific) laws being broken, after which a police complaint (or through a Federal/international law-enforcement organizations) and/or legal notice can be served on the parties responsible.

We just received a response from the admin of the site, where he claims that tens of thousands of users utilize the same IP address and is requesting a username/password.

A username/password was not configured on our NV+, but I'm guessing that if, in fact, data was being compromised, this was an allocated IP and did not require these.
StephenB
Guru - Experienced User
Jun 02, 2013
It seems likely that they would have lots of users sharing the server (probably some cluster).

You don't know the user/password, but you do know your external IP address. They could possibly search their logs for rsync traffic coming from that IP address, going to their server. Then they might possibly be able to give you the user information.

Forum Discussion

ReadyNAS Vault using rsync??

15 Replies

Related Content

ReadyNAS Vault

ReadyNas Vault vs. OneDrive

Question About Using Rsync For ReadyNAS 628x Backups

Can't get ReadyNAS 212 working with ReadyNAS Vault

RSYNC Failure

NETGEAR Academy

ProSupport for Business