nas hacked?

chirpa wrote:
So you had SSH enabled. Did you change the default root password? If you don't change admin users password, default will be netgear1, which is too generic to port forward that to the public.

Personally I think the "inner workings" of SSH are too abstract for the majority of users:

"If you enable SSH the password will be your admin password."
"If you have enabled SSH and changed the default admin password afterwards, the SSH password for root will stay unchanged"
"If you change the admin password *before* enabling SSH access, the SSH password will be the same as the admin password"
"If you change the admin password *after* enabling SSH access, the SSH password will remain the same password as it was before"

I think the "coupling/de-coupling" of the respective passwords isn't clear enough here. I know that there has to be a default somewhere. But for the ... ummm, well ... average user it just isn't obvious that once you have enabled SSH access the password management for "admin" (as used in Frontview) and "root" (as used for SSH access) is de-coupled and that you have to change the root password seperately. And yes, if I knew a better way of doing this aside from writing it in 68pt letters on the user's screen, I'd tell you ;) Because on the good side, SSH access is what makes the ReadyNAS great for developers and advanced users and on the other hand it's a major gateway for breaking into the system. I guess it's a "when the cat is out of the bag, it's out of the bag" situation.

-Stefan