NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Was my NAS hacked?
Hi, I suspect that my ReadyNAS Duo V2 has been hacked by someone on the internet. I noticed that there was a /home/ftp folder on it, and an ftp user in the /etc/passwd file. I have not tried ...
A quick perusal of your log shows attempts at hacking from a few different IP addresses, but no successful connections to your system (ie, the HTTP statuses are all 4xx, which are unsuccessful, as opposed to 2xx or 3xx which are successful connections). It looks like the work of script kiddies, rather than a hard core attempt to penetrate your system. Being connected to the internet, you will see this sort of thing on a frequent basis.
I believe that the ftp entry in /etc/passwd is created automatically. The shell for the user is set to "/bin/false" -- this is a good thing: it means that no user can log in with this username. If they did, they would not have access to a shell and therefore can't run any commands.
My advice: make sure that you use strong passwords for all of your accounts, make sure that all unneeded services are disabled, and continue to monitor your access logs on a regular basis for unusual activity.
Also, if you do feel somewhat comfortable in the Linux environment, there is an excellent article in the forums by Jeroen1000 titled "HowTo make your Readynas more secure". It covers a few small changes, some of which, such as removing the server name and version from the header, make it much harder for an attacker to find weaknesses.
I believe that the ftp entry in /etc/passwd is created automatically. The shell for the user is set to "/bin/false" -- this is a good thing: it means that no user can log in with this username. If they did, they would not have access to a shell and therefore can't run any commands.
My advice: make sure that you use strong passwords for all of your accounts, make sure that all unneeded services are disabled, and continue to monitor your access logs on a regular basis for unusual activity.
Also, if you do feel somewhat comfortable in the Linux environment, there is an excellent article in the forums by Jeroen1000 titled "HowTo make your Readynas more secure". It covers a few small changes, some of which, such as removing the server name and version from the header, make it much harder for an attacker to find weaknesses.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
