Hi,
Apologies if this is a dumb question but..
I have an 8900AX R2 and also have a Qnap NAS drive on my internal network.
I recently noticed some log entries on my NAS drive that their had been failed login attempts from a couple of IP addresses in Switzerland and Stockholm
Is there any way I can block any external login attempts into my QNap NAS - by blocking incoming traffic somehow into my 8900AX R2?
I am not that au fait firewalls etc - so dummy level instructions would be appreciated.
Thanks in advance for any help.
Block hack / login attempts?
-
nightcustard
- Posts: 68
- Joined: Sat Nov 03, 2012 2:50 pm
Re: Block hack / login attempts?
Hi
I'd probably tackle this at the QNAP end - disable (if you don't need remote login) the Web Server (under 'Applications'). You can also restrict which addresses your NAS will accept login attempts from under 'System' / 'Security' / 'Allow/Deny list' - select 'Allow connections from the list only' and define the range - I simply listed the whole of my LAN IP address range (ie) 192.168.1.1 - 192.168.1.254
Obviously this can only work if you don't need to log in to your NAS from outside - if you do, set up a VPN and use that.
Apologies if this is a dumb answer and please note I'm assuming your NAS has the same capabilities as mine (a TS-269).
As far as your router set up is concerned, block WAN ping and use a ports tester (like Gibson Research's 'Shields-Up!') to check you don't have open ports - your NAS logs suggest you might.
If my answer is flawed, please let me know!
Regards, Mike
I'd probably tackle this at the QNAP end - disable (if you don't need remote login) the Web Server (under 'Applications'). You can also restrict which addresses your NAS will accept login attempts from under 'System' / 'Security' / 'Allow/Deny list' - select 'Allow connections from the list only' and define the range - I simply listed the whole of my LAN IP address range (ie) 192.168.1.1 - 192.168.1.254
Obviously this can only work if you don't need to log in to your NAS from outside - if you do, set up a VPN and use that.
Apologies if this is a dumb answer and please note I'm assuming your NAS has the same capabilities as mine (a TS-269).
As far as your router set up is concerned, block WAN ping and use a ports tester (like Gibson Research's 'Shields-Up!') to check you don't have open ports - your NAS logs suggest you might.
If my answer is flawed, please let me know!
Regards, Mike
-
harry66
- Posts: 48
- Joined: Wed Aug 13, 2014 5:08 pm
Re: Block hack / login attempts?
Thanks Mike,
I disabled the QnapCloud stuff - as I don't need to login remotely anyway
Also, just applied the range filter for good measure.
I asked on the Qnap Forum as well and someone mentioned about disabling port forwarding - will have look into that.
Thanks
I disabled the QnapCloud stuff - as I don't need to login remotely anyway
Also, just applied the range filter for good measure.
I asked on the Qnap Forum as well and someone mentioned about disabling port forwarding - will have look into that.
Thanks
-
nightcustard
- Posts: 68
- Joined: Sat Nov 03, 2012 2:50 pm
Re: Block hack / login attempts?
You're very welcome - it's nice to be able to post some help for a change! There's loads of advice on-line about hardening network security, so it's worth having a look for further ideas.
In passing, I'd advise you to disable any service on your Qnap that you don't need, and on the router disable UPnP and check what ports are already open on your router, closing them if you don't need them.
Cheers!
In passing, I'd advise you to disable any service on your Qnap that you don't need, and on the router disable UPnP and check what ports are already open on your router, closing them if you don't need them.
Cheers!