You may need to explain a little more fully what you mean by “denied access”. I installed Malware Remover on my QNAP TS-251+ NAS, ran it and set it to run every 24 hours and am still able to use Roon without any problem.
Stephen
After I installed Malware Remover, Qnap Asset disappeared from the server list on my Nova and Muso QB, and my Roon Core on the Qnap was no longer accessible. When I logged into the Qnap and tried to open both apps I got an access denied message quoting the Qnap’s IP address. I deduced that something on the Qnap was denying access and having just installed the Malware app I tried removing it. After restarting the Qnap normal service was resumed. I had previously restarted the NAS with no effect.
I tried the settings tab on the Malware app but there was no option to remove blocks.
I’m glad Roon is still working for you - is your Roon Core on the Qnap? I use the Qnap as my media centre so everything is run from there.
Yes - with the library held on a USB attached SSD.
I can’t understand why installation of the Malware Remover would have the results you mention (although I don’t for a moment doubt what you say). Are you logging into the QNAP as administrator—or merely as a user with administrator privileges? I have found there is a difference (although in my case I did everything as a user with admin privileges).
Stephen
This is because port 8080 is the default http connection port and 443 is the default https port, so these are the most likely target ports for malware that scans for insecure IP addresses.
Putting the admin page(s) on different ports makes it much more difficult for malware on a PC, Mac or portable device to take control of the NAS and then steal data, or worse turn off your QNAP malware protection and open it up to the internet.
1 Like
Thanks for that but that doesn’t answer my question. I have no idea what port number to put in there. Can I just make up any number?
My Core is also on an attached usb SSD drive. I am the administrator - nobody else uses it and it is only used as a media server and browser. Glad it works for you, I only posted my finding in case others came across the same issue.
Actually was just reading up a little more on the use of port numbers and there’s some conflicting views. The 50000 - 60000 are within what’s know as the dynamic range and could potentially be used by applications in your system for communications. The user ports are 1024-49151 and recommended as the ones to use for your own protocols. However, these could potentially already be in use by other applications on your system…you sort of need to know what’s running or use a protocol number that you know wont be used on your system (and assuming it’s not exposed to the Internet)
The contribution is appreciated, from which it doesn’t really seem simple, as it is not that any of the IT engineers in the forum are able to offer us some more light on the matter…
Let’s see…
I wouldn’t get too hung up on the ports unless you have created port forwarding rules on your router/firewall to the QNAP.
1 Like
Apparently both my NAS are older version (412 and 469) and only update to 434.1082 so no security counsellor for me!
I changed the port by adding 1010 and subtracting 3 respectively. Some numbers I chose shaded pink so I presumed these wouldn’t work. There is a link to try the new ports as you change them.
I also changed to force secure connections only (which hopefully won’t mess up with anything, but I can always change back).
.sjb
2 Likes
Port numbers 0 to 1023 are reserved for privileged services and designated as well-known ports, so you can’t use them arbitrarily. A number from 1024 to 65535 is free to use, assuming some other service isn’t already using it.
1 Like
Can I use a number from that range for http and https?
Yes, also long as some other process isn’t already using a port you pick from that range.
1 Like
I only use the QNAP to stream music. Would those ports be used by something I’m unaware of??
Your firewall (assuming you have one) may open the standard ports for HTTP/HTTPS (8080, 443) by default, so anything running on those ports in your local network require extra measures to be secure. That’s the point of the recommendation not to use 443 and 8080. If you use alternate ports for HTTP/HTTPS they won’t as likely be open to your firewall by default.
If your firewall is opening ports by default then get a new one!!
I’m not sure I have one unless the QNAP comes with one by default. My dealer set it all up and I just update the apps as instructed. I’ll take a look this weekend, thanks.
Maybe get your dealer to help. If they can’t help you secure it, then maybe find someone who can.
I think a firewall would be part of your router.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.