News Synology DSM attacked by SynoLocker malware

I feel sorry for anyone with a Synology but for other reasons quite happy about this. Its good to see a peg being plucked from beneath a large company like this. The crash to reality to improve customer relations that will follow will hopefully be what is needed. The breach leading to a financial implication is a bit crap though.. These ransom like virus need die a death already

 

I don't have a Synology NAS, but from everything I understand, Synology is very good about support and customer relations.

So I don't know why you are "quite happy" about this. It is apparently an unknown vulnerability, not something they've known about and ignored. This is unlike wifi routers where most manufacturers let known vulnerabilities exist for ages, because they provide very little aftermarket support for their products. Synology is very good about supporting their products for years after sales.

 

Some criminal finds an unknown exploit in the system of what actually seems like a pretty decent company, uses it in order to attack their customers data and blackmail their users, and you're "quite happy about this". Jeez

It's like seeing a car crash and saying you're quite happy it happened because it will ultimately improve car safety.

 

Syslogys support is great. They helped me rebuild a lost drive remotely a whiles back.

People used to try and remote access my NAS all the time. I doubt it'll help with the vulnerability but I set a very strong password and blocked ip's after 2 failed login attempts.
My NAS is currently switched off. I only use it for 1 specific purpose anyway.

 

It's a lot of fun doing cat /var/logs/messages when there has been lots of brute force attempts though. hope you got big buffers

 

I didn't know it was a thing, though looking at it now it seems like a great thing. I will speak to some of my clients who's webservers I look after about implementing that, as there are a few that get brute force on their ssh ports ALL the time. (not literally all the time, but it's quite a thing for them.). Thanks for the top tip linux man

 

I currently use a obscure port which stopped the brute force attempts but the fail2ban and Duo Security look good as well.

Thanks for sharing

 

I'd love to see a guide based around your setup Gareth. Perhaps bit-tech would buy it as a feature article?

 

Do it unofficial in the software section Would float my boat!

 

There are million various backup schemes and strategies.

My personal backup scheme is - install a rsync server on every OS i want to backup (for Windows i use Cygwin with cygrunsvr, rsync server). Then i have my local server, that runs rsnapshot which does backup via rsync. Then my remote server at completely different location does a daily rsnapshot against my daily.0 folder on the local server. You could of course extend this to any length or number of computers as you wish.

And why rsnapshot ? Because it is something inbetween the incremental and full backups - if there is a previous backup, then the previous backup is rolled from hourly.0 to hourly.1 (and every folder with higher number in same category is rolled to a higher number, the oldest one is of course removed), new hourly.0 folder is created, all files from the old folder are copied over as hard links (so no extra disk space is used up) and then new or modified files replace the copied over files. With every backup, the cycle is repeated, and every time only the space requirement increases for new & modified files only. You can set up your own rotation scheme (i have a backup every hour, then every day, every week of a month, every month for last 12 months on my main server). That means i will have hourly.0-23 folders, daily.0-7, weekly.0-3, monthly.0-11 folders.

For example 5 daily backups of 29GB data on my remote backup site use 36GB in total. 24 hourly and 7 daily backups on my main server ? 53GB.

 

No surprises there. The internet has a raging nerd-on for pi's.

Indeed I am. But the backup stuff is all gravy too.

 

I'd be interested in both tbh...

 

Have been half expecting this in the netapp space for a while now.... Shows the vulnerabilities of centralised mass storage

 

I must say this news has me slightly worried. Could anyone's Synology NAS be targeted or is it like other viruses where you need to do something stupid first (dodgy sites etc)? I have been toying with replacing my NAS with a linux server and this kind of thing just wants me to push my timetable forward.

As an additional note I must say that Synology has started getting their act together a bit. I have started getting security related emails from them recently about updates and patches.