Not sure if this affects anyone…
Yes think I will be sticking with unraid.
That is why any NAS should not be exposed to the internet. So turn off port forwarding to your NAS on your router regardless of manufacturer. It’s not a Qnap only issue.
Still in the process of getting my NAS, but I was also thinking of blocking it on the router - although not sure if that will also block any LAN traffic.
I like my QNAP but do make sure to keep it up-to-date. Doesn’t help that they include a whole heap of utility applications, such as the Photo Station that was hacked, and some of them stack… like you can’t turn off multimedia indexing without potentially breaking something. I’ve turned off their DLNA server and use Asset instead. Removed most of their “station” apps and anything else I could that was not needed for my fairly limited needs (file server, backup, dlna, docker).
Anything popular is going to get targeted and we have to hope / push for successful companies to be proactive in security and responsive to any issues. Also needs consumers to be mindful that a £50 wifi security camera (or any cheap ‘smart’ device) might be poorly developed and be an open door into your network, regardless of telling your NAS not to connect to the internet.
Also disable the Qnap Downloader Station app, a few years ago my then SonicWALL UTM detected packets going back and forth to somewhere overseas without any external port forwarding enabled!!
Is ‘stop’ good enough or should these apps be removed?
Stop is okay
Unless you set up port forwarding on it then you are safe.
As long as you do Take Immediate Actions to Secure QNAP NAS | QNAP you don’t need to do anything in terms of router/Lan traffic.
In cases of security, I’m a belt and braces person. As you dont know what kind of hack it will be, also locking down the router “may” prevent some kinds of viruses, for example where the virus need to communicate back to the hacker to get things started. Telling a NAS drive not to talk over the Internet is fine when things are working, but of course a hack may well work around that.
For me, it’s simple on the Eero router - just add it to a new profile, and “Pause” that profile. Tested it with my NDX2, and all local LAN stuff still seems to work.
I see it a bit like taking backups. Here, many use Raid, plus multiple backup copies spread around the country/world.
There is also a firmware update released today that includes the security patch for this vulnerability
How do we check if port forwarding is enabled?
Thats a setting on your firewall / router but needs to be added manually
Ok, so if I never added it I shouldn’t have to worry about it? I have a Ubiquiti Amplifi HD router. I’ll take a look and see if I see anything.
Ok, found the port forwarding menu and I have no rules set up so it’s not enabled.
It appears that you have never applied port forwarding rules on your Amplifi, thats good, relax and enjoy the music tonight
Pretty much. I’d keep the firmware upto date and follow the recommendations from Security Councillor. I’ve had my Qnap ten years and it’s been rock solid and I’ve had no security issues. If I need to access it remotely, I do so via Wireguard vpn server.