NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Ghost installes an Addon?
Hello All,
Yesterday i noticed something very strange in my status logs. It said the following:
di nov 27 12:13:21 CET 2012 The reset add-on has been successfully installed.
di nov 27 12:13:19 CET 2012 Password reset done
I did not lop into the nas on this day and i did nothing myself. Does someone know what is happening
because i was at work and noone has access to my nas.
Am i hacked?
Or is this automatically done ?
Marco
Yesterday i noticed something very strange in my status logs. It said the following:
di nov 27 12:13:21 CET 2012 The reset add-on has been successfully installed.
di nov 27 12:13:19 CET 2012 Password reset done
I did not lop into the nas on this day and i did nothing myself. Does someone know what is happening
because i was at work and noone has access to my nas.
Am i hacked?
Or is this automatically done ?
Marco
8 Replies
Replies have been turned off for this discussion
- Sounds like you've been hacked
Have you noticed any passwords have been changed? - Nothing would do this automatically. Do you have HTTPS forwarded from the Internet? Someone may have gotten in.
Start by downloading the System Logs (status>logs>download all logs). - Yes, i forwarded port 443 to my nas, so i will block this port again
Also, which addon is this btw? does a reset addon exists?
I checked the logs, but i am not sure where to look. I want to know how and who installed this. Specially how
Any advice which files to look for?
Also i cannot get the remote addon to work, it cannot contact the server while i have a perfect network connection to my nas, a uninstall and reinstall does not work. i have a ultra 6 with the latest firmware installed
Regards - ps the password is still intact and when i look which addons are installed, i cannot find this password addon, where could i find this addon on the os?
ssh is installed - There is no official reset add-on that I know of. Must be a custom add-on made by someone.
- What addons do you have installed?
443 is usually reserved for SSL isn't it? (NZBGet, SABNZB, some email etc?) - 443 is the default port for FrontView and other web services run through that.
Sounds like someone got into his box. Treat it like any other hack, be cautious of your data on there, maybe restore from backup. chirpa wrote: 443 is the default port for FrontView and other web services run through that.
D'oh! Of course.
Be good to know what addons are installed though, or if any have been removed lately.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
