1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Synology DSM attacked by SynoLocker malware

Discussion in 'Article Discussion' started by Gareth Halfacree, 5 Aug 2014.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
  2. andrew8200m

    andrew8200m Multimodder

    Joined:
    4 May 2009
    Posts:
    2,491
    Likes Received:
    253
    I feel sorry for anyone with a Synology but for other reasons quite happy about this. Its good to see a peg being plucked from beneath a large company like this. The crash to reality to improve customer relations that will follow will hopefully be what is needed. The breach leading to a financial implication is a bit crap though.. These ransom like virus need die a death already
     
  3. azazel1024

    azazel1024 What's a Dremel?

    Joined:
    3 Jun 2010
    Posts:
    487
    Likes Received:
    10
    I don't have a Synology NAS, but from everything I understand, Synology is very good about support and customer relations.

    So I don't know why you are "quite happy" about this. It is apparently an unknown vulnerability, not something they've known about and ignored. This is unlike wifi routers where most manufacturers let known vulnerabilities exist for ages, because they provide very little aftermarket support for their products. Synology is very good about supporting their products for years after sales.
     
  4. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    3,555
    Likes Received:
    646
    Some criminal finds an unknown exploit in the system of what actually seems like a pretty decent company, uses it in order to attack their customers data and blackmail their users, and you're "quite happy about this". Jeez :rolleyes:

    It's like seeing a car crash and saying you're quite happy it happened because it will ultimately improve car safety.
     
  5. runadumb

    runadumb What's a Dremel?

    Joined:
    20 Jan 2010
    Posts:
    424
    Likes Received:
    5
    Syslogys support is great. They helped me rebuild a lost drive remotely a whiles back.

    People used to try and remote access my NAS all the time. I doubt it'll help with the vulnerability but I set a very strong password and blocked ip's after 2 failed login attempts.
    My NAS is currently switched off. I only use it for 1 specific purpose anyway.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    My home server has SSH exposed to the 'net on the standard port. You wouldn't believe how many brute-force login attempts I get each day. Thankfully, barring any serious holes in the software, it's unlikely anyone's getting in: I use fail2ban to block brute-force attempts at the firewall, logins require a keypair rather than a password, and any login not from a trusted IP address requires two-factor authentication. I also have watchdog daemons running, just in case there is a zero-day in the SSH server, alerting me to unusual activity. Paranoid? Perhaps. Safe from things like CryptoLocker and its variants? Oh, yes.

    Then, of course, there's the multiple-redundant off-site backups...
     
  7. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,649
    Likes Received:
    268
    It's a lot of fun doing cat /var/logs/messages when there has been lots of brute force attempts though. hope you got big buffers :D
     
  8. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    Less so with fail2ban; each IP only gets five entries before they're blocked...
     
  9. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,649
    Likes Received:
    268
    I didn't know it was a thing, though looking at it now it seems like a great thing. I will speak to some of my clients who's webservers I look after about implementing that, as there are a few that get brute force on their ssh ports ALL the time. (not literally all the time, but it's quite a thing for them.). Thanks for the top tip linux man :)
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    You can do the same thing with iptables directly, but fail2ban is so incredibly easy - and can be extended to protect other services, too. Also check out Duo Security - that's the two-factor authentication service I use, and it's free for fewer than ten users (and cheap for more than ten). Works like a charm - and as well as protecting SSH it has plugins for WordPress, most common VPNs, and a bunch of other stuff, as well as an API you can access to use it with bespoke systems if you pay for the (still surprisingly cheap) enterprise account.
     
    dark_avenger likes this.
  11. dark_avenger

    dark_avenger Minimodder

    Joined:
    9 Jul 2008
    Posts:
    1,118
    Likes Received:
    48
    I currently use a obscure port which stopped the brute force attempts but the fail2ban and Duo Security look good as well.

    Thanks for sharing :) :thumb:
     
  12. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,284
    Likes Received:
    183
    I'd love to see a guide based around your setup Gareth. Perhaps bit-tech would buy it as a feature article?
     
  13. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    I'll pitch it to the powers that be - although its Linux focus means it's a bit niche for a site like Bit. That said, editors that normally wouldn't touch Linux with the proverbial ten-foot pole go ga-ga if you s/Linux/the Raspberry Pi/g...
     
  14. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,649
    Likes Received:
    268
    Do it unofficial in the software section :) Would float my boat!
     
  15. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,953
    Likes Received:
    270
    There are million various backup schemes and strategies.

    My personal backup scheme is - install a rsync server on every OS i want to backup (for Windows i use Cygwin with cygrunsvr, rsync server). Then i have my local server, that runs rsnapshot which does backup via rsync. Then my remote server at completely different location does a daily rsnapshot against my daily.0 folder on the local server. You could of course extend this to any length or number of computers as you wish.

    And why rsnapshot ? Because it is something inbetween the incremental and full backups - if there is a previous backup, then the previous backup is rolled from hourly.0 to hourly.1 (and every folder with higher number in same category is rolled to a higher number, the oldest one is of course removed), new hourly.0 folder is created, all files from the old folder are copied over as hard links (so no extra disk space is used up) and then new or modified files replace the copied over files. With every backup, the cycle is repeated, and every time only the space requirement increases for new & modified files only. You can set up your own rotation scheme (i have a backup every hour, then every day, every week of a month, every month for last 12 months on my main server). That means i will have hourly.0-23 folders, daily.0-7, weekly.0-3, monthly.0-11 folders.

    For example 5 daily backups of 29GB data on my remote backup site use 36GB in total. 24 hourly and 7 daily backups on my main server ? 53GB.
     
  16. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    I think they're specifically after the security aspect, not the backup aspect.
     
  17. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,284
    Likes Received:
    183
    No surprises there. The internet has a raging nerd-on for pi's.

    Indeed I am. But the backup stuff is all gravy too.
     
  18. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,395
    Likes Received:
    2,992
    I'd be interested in both tbh...
     
  19. littlepuppi

    littlepuppi Currently playing MWO and loving it

    Joined:
    26 Apr 2009
    Posts:
    3,515
    Likes Received:
    186
    Have been half expecting this in the netapp space for a while now.... Shows the vulnerabilities of centralised mass storage
     
  20. mitch311

    mitch311 What's a Dremel?

    Joined:
    10 Feb 2012
    Posts:
    49
    Likes Received:
    1
    I must say this news has me slightly worried. Could anyone's Synology NAS be targeted or is it like other viruses where you need to do something stupid first (dodgy sites etc)? I have been toying with replacing my NAS with a linux server and this kind of thing just wants me to push my timetable forward.

    As an additional note I must say that Synology has started getting their act together a bit. I have started getting security related emails from them recently about updates and patches.
     

Share This Page