Qnap NAS

Cut-Throat-Jake · February 2, 2023, 6:46am

Not sure if this affects anyone…

garyi · February 2, 2023, 6:53am

Yes think I will be sticking with unraid.

spile · February 2, 2023, 7:17am

That is why any NAS should not be exposed to the internet. So turn off port forwarding to your NAS on your router regardless of manufacturer. It’s not a Qnap only issue.

GadgetMan · February 2, 2023, 9:50am

Still in the process of getting my NAS, but I was also thinking of blocking it on the router - although not sure if that will also block any LAN traffic.

beeka · February 2, 2023, 10:47am

I like my QNAP but do make sure to keep it up-to-date. Doesn’t help that they include a whole heap of utility applications, such as the Photo Station that was hacked, and some of them stack… like you can’t turn off multimedia indexing without potentially breaking something. I’ve turned off their DLNA server and use Asset instead. Removed most of their “station” apps and anything else I could that was not needed for my fairly limited needs (file server, backup, dlna, docker).

Anything popular is going to get targeted and we have to hope / push for successful companies to be proactive in security and responsive to any issues. Also needs consumers to be mindful that a £50 wifi security camera (or any cheap ‘smart’ device) might be poorly developed and be an open door into your network, regardless of telling your NAS not to connect to the internet.

HiFiman · February 2, 2023, 7:06pm

Also disable the Qnap Downloader Station app, a few years ago my then SonicWALL UTM detected packets going back and forth to somewhere overseas without any external port forwarding enabled!!

Finkfan · February 2, 2023, 7:25pm

Is ‘stop’ good enough or should these apps be removed?

HiFiman · February 2, 2023, 7:28pm

Stop is okay

Guinnless · February 2, 2023, 7:32pm

Unless you set up port forwarding on it then you are safe.

spile · February 3, 2023, 7:17am

As long as you do Take Immediate Actions to Secure QNAP NAS | QNAP you don’t need to do anything in terms of router/Lan traffic.

GadgetMan · February 3, 2023, 12:53pm

In cases of security, I’m a belt and braces person. As you dont know what kind of hack it will be, also locking down the router “may” prevent some kinds of viruses, for example where the virus need to communicate back to the hacker to get things started. Telling a NAS drive not to talk over the Internet is fine when things are working, but of course a hack may well work around that.

For me, it’s simple on the Eero router - just add it to a new profile, and “Pause” that profile. Tested it with my NDX2, and all local LAN stuff still seems to work.

I see it a bit like taking backups. Here, many use Raid, plus multiple backup copies spread around the country/world.

Quickben · February 3, 2023, 4:51pm

There is also a firmware update released today that includes the security patch for this vulnerability

ElMarko · February 3, 2023, 4:59pm

How do we check if port forwarding is enabled?

HiFiman · February 3, 2023, 5:26pm

Thats a setting on your firewall / router but needs to be added manually

ElMarko · February 3, 2023, 5:52pm

Ok, so if I never added it I shouldn’t have to worry about it? I have a Ubiquiti Amplifi HD router. I’ll take a look and see if I see anything.

Ok, found the port forwarding menu and I have no rules set up so it’s not enabled.

Thanks HiFiman!

HiFiman · February 3, 2023, 6:23pm

It appears that you have never applied port forwarding rules on your Amplifi, thats good, relax and enjoy the music tonight

spile · February 4, 2023, 7:22am

Pretty much. I’d keep the firmware upto date and follow the recommendations from Security Councillor. I’ve had my Qnap ten years and it’s been rock solid and I’ve had no security issues. If I need to access it remotely, I do so via Wireguard vpn server.

system · April 5, 2023, 7:23am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.