NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS 102 strange behaviour
Lately Im having some issues with my ReadyNAS 102: First, I hear it is doing something very often, like if some app or process would be running all the time, but I havent found out what is it. S...
osilvab wrote:That doesnt sounds good. ok. I will have to do the job. Would it be safe to backup the data from the Snapshots?
You can just back them up from the main shares. Make sure there is a real-time virus scanner running on the PC you use to do the backup. You might also want to install malware protection (such as Malwarebytes - taking advantage of their free premium trial)
osilvab wrote:
I have to check which ports I have redirected, but are most probably both required for http and https.
You need to be very selective on what ports you forward and also ensure that you have appropriate security on the services that listen on those ports.
osilvab wrote:
How can I be sure that after doing the backup the hacker would not have access? I can't even understand how did they got it in first place.
More than likely they guessed your admin password. Another possibility is that they exploited a security issue in the NAS kernel or web server. Netgear includes security updates in their releases, but if you are running old firmware you won't have the most recent ones.
I wouldn't forward HTTP, and it is a bit better to forward https on a secondary port (and not 443). Right now the only port I forward to the NAS is for plex. Everything else requires a VPN connection.
I agree that you've been hacked and that you've port forwarded more than you should have.
I would disable the port forwarding and make sure you have a good backup of your data that you've verified, do a factory default (wipes all data, settings, everything) and restore your data from backup.
Thanks i did already disabled the portforwarding and did a reinstall of the OS.
Im planning to do the factory reset as soon as i get a full backup. I dont have backup of some few folders.
Im not expert on this and would like to aks something. You both suggest that I have opened more ports than needed, what would you have done different? I had interest to have internet access to my NAS for the owncloud. and I have many devices using the files on the owncloud, including my mobile.
How can I keep same functionality and avoid and attack like his in the future?
osilvab wrote:
Thanks i did already disabled the portforwarding and did a reinstall of the OS.
Make sure you also manually uninstall the packages we discussed over PM. Even with port forwarding disabled, those packages can allow someone to access your NAS over the internet. That's because the NAS can still make outbound connections through your router, unless you take steps to block that.
Alternatively, disconnect your router from the internet until you complete the backup and do the factory reset.
osilvab wrote:
I had interest to have internet access to my NAS for the owncloud. and I have many devices using the files on the owncloud, including my mobile.
How can I keep same functionality and avoid and attack like his in the future?
What ports did you forward? If you need to forward 443, it is important to use a strong admin password. It'd be wise to change that password periodically (every couple of months). If you need to forward port 80, you should go to system->settings->services and disable admin access via http. You'll still be able to use the web admin interface through https (port 443).
Are you using owncloud simply for your own use? Or are you using it to share files with friends/family?
If you just wanting remote access for your own devices, then a VPN is a better way to go. OpenVPN is built into many routers (including Nighthawk) - though some older nighthawks might not support iOS or Android, so you should confirm that you get the right version using the home networking forum here. It is possible to install ZeroTier on the NAS. There are apps for both of these for iOS, Android, Windows, and Mac. Both ZeroTier and OpenVPN are free, and neither requires port forwarding.
Resilio Sync is another possibility, if you are specifically interested in mobile device access. It can be set up to back up photos and videos on your mobile devices to the NAS, and it can also give you read-only selective sync to NAS shares. You then can download a file remotely, and open it in the desired mobile app. Though you might find that works better if you run it on an always-on PC (sharing folders on the NAS). No port forwarding is needed.
Another option is to use ReadyCloud, which has similar features to Owncloud but doesn't require port forwarding. Though lots of folks here have found ReadyCloud to be problematic (issues with performance, and bugs).
StephenBwrote:Make sure you also manually uninstall the packages we discussed over PM. Even with port forwarding disabled, those packages can allow someone to access your NAS over the internet. That's because the NAS can still make outbound connections through your router, unless you take steps to block that.
Yes, I uninstall all those packages. I also run malwarebytes in the devices at the LAN and didnt find anything.
StephenBwrote:
What ports did you forward? If you need to forward 443, it is important to use a strong admin password. It'd be wise to change that password periodically (every couple of months). If you need to forward port 80, you should go to system->settings->services and disable admin access via http. You'll still be able to use the web admin interface through https (port 443).Are you using owncloud simply for your own use? Or are you using it to share files with friends/family?
The ports I had open were 80,443,3306 for owncloud. I use it for my own data (file storage, calendar, etc), others at home also use it and also other relatives out of home.
This brings me to another topic and its the SSL certificate, I had a lets'encrypt running but in some update it stopped renewing and I couldnt generate new one anymore. Since that moment the https connections gave the certificates warning and I guess it was also generating vulnerability to MIM attacks, even worse when some browsers doesnt allow to add exceptions easily.
Also I remember trying to make the https connection to owncloud in other port but I didnt succeed. is it possible to change it? would it work without certificate?
StephenBwrote:If you just wanting remote access for your own devices, then a VPN is a better way to go. OpenVPN is built into many routers (including Nighthawk) - though some older nighthawks might not support iOS or Android, so you should confirm that you get the right version using the home networking forum here. It is possible to install ZeroTier on the NAS. There are apps for both of these for iOS, Android, Windows, and Mac. Both ZeroTier and OpenVPN are free, and neither requires port forwarding.
I got a Nighthawk a couple of months ago but had to return it as was causing me disconnections in games. After tracking down the issue it was the router. So I came back to an old one from other brand but it doesnt support VPN
StephenBwrote:Resilio Sync is another possibility, if you are specifically interested in mobile device access. It can be set up to back up photos and videos on your mobile devices to the NAS, and it can also give you read-only selective sync to NAS shares. You then can download a file remotely, and open it in the desired mobile app. Though you might find that works better if you run it on an always-on PC (sharing folders on the NAS). No port forwarding is needed.
This looks like a good alternative, thou not so sure the free version will fulfill my needs, i will read about it. My mobile calendar is sync with the owncloud calendar, not so sure I can do that with Resilio but it looks good. Question is again if it is a secure connection, and how they deal with privacy. but worth checking.
Thanks, very useful discussion
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
