ReadyNAS Data Recovery - Duo v2

Well you said you'd been hacked and your data had been deleted. As soon as I hear the words "data has been deleted" I instantly realise that recovering data is likely to be difficult or impossible. Attempting to fix it yourself could only succeed in making it harder for techs that are trained in how to attempt data recovery.

This is a more advanced problem than "my NAS is dead, but I think my disks and array are fine and all my data is still there".

I'm not trying to be difficult, but I do need to warn you that attempting to fix the problem yourself can simply make things worse.

AusS2000 wrote:
Is this a forum for sharing technical help or selling support contracts?

It is a community forum, where people offer their advice (some who work for Netgear, some who don't). mdgm recently joined Netgear, I do not work for them.

That advice offered can be technical, but it also can be "call support".

If my NAS had been hacked and my data deleted, I would zero the drives, do a factory reset, and restore the data from my backups.

If you don't have backups, then getting your data back will be challenging (and might be impossible). It seems to me that using support is a good option, since if you don't know what you are doing (a) a misstep on your part could make recovery impossible, (b) depending on the hack, the vulnerability might spread to other machines.

The NAS was my backup drive. I also used it to store my movie and music archive which although not critical, would be nice to have back. And who knows, I might learn something on the way.

If I were to be pay for a support contract only to be told nothing can be done, all I would have learnt is not to buy support contracts without trying myself. I have previously learned that lesson.

mdgm has provided some code to hopefully allow me to mount the drive on my Debian instance. Then I will run some undelete tools and see what I can restore. If I get something, good. If I don't, I'm a bit richer in knowledge and no poorer monetarily.

Thanks be to mdgm.

AusS2000 wrote:
If I were to be pay for a support contract only to be told nothing can be done, all I would have learnt is not to buy support contracts without trying myself. I have previously learned that lesson.

Though I take your point, there is a risk that the attempt to fix something yourself will do more damage. In your case you are knowingly accepting that risk. That wasn't clear when you made your earlier complaint. (At least I interpreted the reply as a complaint).

AusS2000 wrote:
mdgm has provided some code to hopefully allow me to mount the drive on my Debian instance. Then I will run some undelete tools and see what I can restore. If I get something, good. If I don't, I'm a bit richer in knowledge and no poorer monetarily.

We are all posting here to help - I'm glad you have what you need to get started. Post back with your tools and the results - there will certainly be other users who will be needing to use undelete in the future.

Back to something more technical - when you say the NAS was "hacked" do you mean that someone simply deleted the data once they penetrated the firewall? (e.g., the NAS shares were public).

Is there any evidence that the hacker might have had access to the OS partition via ssh? If there's any hint that might have happened, I again suggest that you zero the drives and rebuild the NAS from scratch once you are done with data recovery.

StephenB wrote:
Though I take your point, there is a risk that the attempt to fix something yourself will do more damage.

I am completely aware of this, although I'm not sure how much more damage can be done to a blank hard drive.

That wasn't clear when you made your earlier complaint. (At least I interpreted the reply as a complaint).

Not sure how you got that idea. I am simply asking for help in mounting a volume in a Debian instance.

Post back with your tools and the results - there will certainly be other users who will be needing to use undelete in the future.

Absolutely. That is my opinion of how community forums should work.

when you say the NAS was "hacked" do you mean that someone simply deleted the data once they penetrated the firewall? (e.g., the NAS shares were public).

That is the case. It was my own fault really. My Firewall/router failed so I replaced with a simple router whilst I fixed the issue. As all my important devices have their own security I wasn't really worried but I didn't think about my NAS. It was open with public access and without the firewall, was open to the outside.

Is there any evidence that the hacker might have had access to the OS partition via ssh? If there's any hint that might have happened, I again suggest that you zero the drives and rebuild the NAS from scratch once you are done with data recovery.

None that I have seen (although I wouldn't know how to look for it) but nothing critical will go on it until it has been factory reset. And my firewall is back in place and there is a backup firewall on standby.

AusS2000 wrote:
StephenB wrote: That wasn't clear when you made your earlier complaint. (At least I interpreted the reply as a complaint). Not sure how you got that idea. I am simply asking for help in mounting a volume in a Debian instance.

This post is the the one I interpreted as a complaint.

AusS2000 wrote:
Is this a forum for sharing technical help or selling support contracts? If this is not the place to come to for help can you recommend somewhere more helpful?

AusS2000 wrote:

StephenB wrote: Is there any evidence that the hacker might have had access to the OS partition via ssh? If there's any hint that might have happened, I again suggest that you zero the drives and rebuild the NAS from scratch once you are done with data recovery. None that I have seen (although I wouldn't know how to look for it) but nothing critical will go on it until it has been factory reset...

I'd do that as well. Though my guess is that is wasn't penetrated, there is no easy way to tell for certain.

I'm guessing that the "simple router" wasn't using NAT, so NAS was using a public internet address?

Finally got around to readdressing this. Didn't get very far.

Typed:
# apt-get install mdadm <enter>

It came back with:
Media change: please insert the disc labeled
'Debian GNU/Linux 5.0.3 _Lenny_ - Official i386 CD Binary-1 20090905-08:23'
in the drive '/cdrom/' and press enter

Well did you insert that disc? I assume you have the iso for that still?

Why are you using Lenny anyway? Lenny is very, very old. The Duo v2 uses a newer distribution of Debian.