Jump to content
RESET Forums (homeservershow.com)

Malware affecting QNAP NAS's

Al_Borges

By Al_Borges,
in QNAP

 Share Followers 0

Recommended Posts

Al_Borges

Al_Borges 97

Posted
Posted

still trying to get out from under a situation where my QNAP has been borked

 

apparently  QNAP NAS'S has been subjected to MALWARE infection

 

https://www.qnap.com/en-us/security-advisory/nas-201902-13

 

I still have access to my shares but I cant access most of my apps nor update or install anything

 

QNAP Tech support responded  and is logged into my machine

 

This happened after I went ahead and installed firmware update  a week ago 

 

don't know if I can recover or if I would even trust this box without a full reinitialize

 

fortunately,  I did a full system backup before the firmware upgrade -  so I have that going for me at least

 

Something is fishy -  QNAP issued 3 firmware updates during March

 

So those running QNAP NAS's   take heed

 

and for you Synology users -    smile, but recheck your security processes !!!

 

Link to post
Share on other sites
Tedster

Tedster 1

Posted
Posted

That's not good! I do hope you get a positive outcome but I'd be tempted to wipe the unit and start afresh.

 

I have a Synology unit myself. With my circumstances, I'm able to leave it restricted to my internal LAN. Every time I hear something like this, I'm kinda glad that I do!

Link to post
Share on other sites
Al_Borges

Al_Borges 97

Posted
  • Author
Posted

UPDATE:    The QNAP SUPPORT GUY was great and was logged on for almost an Hour Friday Night

 

But he couldn't get it fixed -   He told me that he was going to escalate this and get back to me this week.

 

Wasn't sure that even if were fixed,  I could trust it.

 

so after verifying that I had good backups,   I reinitialized the NAS and reformated all the data disks

 

Loading in the backup files now -   

 

The process wasn't difficult nor did it require a lot of touch time -   but a lot of downtime  ~  8 hours for building the raid and going on 12 hours to load in the data

 

cant help but think that someone hacked the firmware update -  it happened immediately after I installed one

 

The biggest challenge in security now and in the future will be moles infiltrating previously trusted spaces
 
again,  I am not going to install any firmware update that is newer than a month going forward,  My NAS was working fine and the "updates"  didnt add anything of value to warrant the risk.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 0
Go to topic listing

  • Similar Content

    • Mario P.
      Need large'ish NAS
      By Mario P.
      I have old WHS v.1 20-bay movie server.
      Few years ago I bought QNAP TS-415+ with 4Tb drives setup in RAID5.
      I really like PLEX on QNAP and started moving/transcoding my movies from WHS to QNAP.
      Well, my 4-bay QNAP is full. 
      I need to get a larger one.
       
      I'm looking at 8-bay ones and just don't think it'll be large enough once I start getting more BD movies, and especially once 4K movies start moving into my home (probably 1-2 years away).
      8-Bay units setup in RAID6 with the largest 12TB drives will be limited to 72TB. I have immediate use for about 30TB -- that's 42% of maximum 8 bay capacity. 
      I don't really need much processing power, but am afraid to run out of space again.
      Also, I don't want to get a power hungry monster (like my 20-bay WHS was) because I want to keep running it 24/7 and electricity was in the order of $28-40 per month.
       
      I like QNAP. I would like to get another one but looking at prices of $3,500-$6,000 for 16-bay unit just seems high -- really high.
      Is QNAP overpriced, or are the components just that good/pricey for what I get. 
       
      Again, I don't need much processing power (no need for VMs, CPU heavy tasks beyond PLEX transcoding), just large space (80+TB).
      What have you or would you do?
       
      P.S. I would prefer Intel CPU if at all possible.
       
      TIA,
      Mario
       
    • Al_Borges
      Control panel Mount/ Dismount of USB Drive
      By Al_Borges
      One of the nice features of both features of QNAP ( as well as Synology and others I suppose)   is the ability to automatically dismount an external Drive after a backup
       
      as part of my Ransomware protection plan, I backup my NAS  to a USB Drive, then  the drive is taken off line  so its longer available to the evil doers out there
       
       
      However, even though the drive is still plugged in,   I have to physically unplug and re insert it to have the QNAP recognize the drive.
       
      It there a way to automate this  -   have hybrid backup sync  mount as well as dismount a connected drive ?
       
      would also be satisfied with a console/control panel command that will let me mount the drive.
       
       
      Yes,     this is to avoid getting up out of the chair and head down to the basement to reset a usb drive 
       
       
    • Helzy
      WTB or Trade for the following NAS's
      By Helzy
      I am on the hunt for the following NAS's:
       
      Qnap TS-453S Pro, any of the Synology mini's Ds409slim,Ds411Slim, Ds411slim, Ds414slim and Ds416 slim
       
      PM me or reply here if you have any of these wee beasties for trade/sale!
       
      Thanks!
    • Joe_Miner
      Install Drive-Cage in HPE ProLiant ML10v2
      By Joe_Miner
      By: JohnStutsman
       
       
       

       
      Figure 1 – The Calhoun Technologies HP 686745-002 “Refurbished” drive-cage in anti-static package with Dell 15” mini SAS cable resting on top with other drive-cages and HPE ProLiant ML10v2 Server
       
       
       
      A year ago when I was planning my move to Ohio I wanted to move my 5TB drives from my HPE ProLiant ML30 Gen9 to my HPE ProLiant ML10v2 in order to set up a “Mirror” backup of the files on my WHS2011 system using AllWay Sync on my ML10v2. The fastest way to make the move was to unplug the drive-cage in the ML30 Gen9 and plug it into the ML10v2! It fit perfectly and worked flawlessly. It also spoiled me!
       
      After settling in Ohio, finally, I wanted to return the ML30 Gen9’s drive-cage to its rightful place and I began searching for the best low-cost way to add a drive-cage to my ML10v2 that worked like the one in the ML30 Gen9 instead of the stock ML10v2 drive-cage. There’s a great discussion in the HSS Forums documenting forum members search for a similar drive-cage.
       
       
       

       
      Figure 2 – Pages 18 & 19 of HPE ProLiant ML30 Gen9 Server “Maintenance and Service Guide”; Part Number: 825545-001; December 2015; Edition 1; shows a spare part number 792351-001 for the Four-bay LFF Hot-plug drive backplane assembly which would include the a) Drive backplane and Drive cage – Part 792351-001 is the part I first looked for and found at Calhoun Technologies.
       
       
       
      After reading some great suggestions in the Forums I stumbled upon the 792351-001 in the parts number of the ML30 Gen9 manual and thought it should fit the bill and found a low-cost option at Calhoun Technologies for a 792351-001 “Refurbished”.
       
       
       

       
      Figure 3 – ML30Gen9 drive-cage (also 686745-002 footprint) compared to 792351-001 on bottom – the sharpie markings show how much wider the front of the 792351-001 frame is compared to the 686745-002 and why the front cover of the ML10v2 wouldn’t close on the 792351-001.
       
       
       
      The 792351-001 did work in my ML10v2 but I could not close the front cover on the ML10v2, so I kept looking while also trying to modify the 792351 with my Dremel. I could make it fit finally, but only after a lot of Dremel work and the end result didn’t look good.
       
       
       

       
      Figure 4 – Tag identifying the drive-cage assembly in ML30G9 as: HPE P/N 674790-002 Replace with spare HDD Cage, 4Lff, $u Gen8 Enhanced (686745-002) LITEON (Rev. 15-11-17. The 686745-002 that arrived was identified with a similar tag: HP P/N 674790-002 Replace with spare HDD Cage, 4LFF, 4U Gen8 Enhanced (686745-002) LITEON (Rev.A) 14-03-17.
       
       
       
      On the drive-cage out of the ML30 Gen9 I found the part number 686745-002 which I thought was the part number of the cage alone. (I was wrong about that!) I found it at Calhoun Technologies listed as HP 686745-002 “Refurbished” SPS-HDD cage 4LFF 4U Enhanced. Thinking that it was likely only the drive-cage without a backplane I ordered it since with the 792351-001 I had an extra backplane. I was wrong! The part number referred to the assembly of the drive-cage and backplane.
       
      As the following pictures will show the 686745-002 arrived with a backplane and it appears to be working flawlessly.
       
       
       

       
      Figure 5 – Front and Back of Calhoun Technologies HP 686745-002 “Refurbished” SPS-HDD cage 4LFF 4U Enhanced
       
       
       

       
      Figure 6 – Picture of backplanes L-R: ML30G9 Drive-Cage, 792351-001, and 686745-002
       
       
       
      Video of my installation of the 686745-002.
       
       
       
       
      Video 1 – Install Drive-Cage in HPE ProLiant ML10v2
       
       
       

       
      Figure 7 – Calhoun Technologies HP 686745-002 “Refurbished” SPS-HDD cage 4LFF 4U Enhanced installed in HPE ProLiant ML10v2
       
       
       

       
      Figure 8 – HPE ProLiant ML10v2 powered up and all 3.5” drives functioning in Calhoun Technologies HP 686745-002 “Refurbished” SPS-HDD cage 4LFF 4U Enhanced
       
       
       
      Thanks to the members of HSS Forum Thread: ML10v2 Drive-Cage for their many insights and suggestions and thanks to forum member ToyCeli22 for starting the thread.
       
       
       

       
      Figure 9 – 686745-002 drive-cage installed in ML10v2 on left and stock 674790-002 drive-cage back in the ML30Gen9 on right
       
       
       
      In the As-Built that follows I list how this ML10v2 is loaded. Be sure to check out more on this at ML10 and ML10v2 Forum and ML10v2 Drive Cage Forum Thread.
       
       
       
      As-Built (I named my Computer: SkyNet)
      HPE ProLiant ML10v2 Server Xeon E3-1220v3 32GB Unbuffered ECC RAM KVR16E11K4/32 OS: Windows 8.1 Pro B120i Logical Drive 01: OS drive – 1 x Corsair Force GT 240GB SSD in RAID0 on HP Dynamic Smart Array B120i RAID Controller – Port 1 (SATA III or 6GB/s) -- Icy Dock ExpressCage MB326SP-B Bay 1 B120i Logical Drive 02: Data drive – 1 x Samsung 256GB 840 Pro SSD in RAID0 on HP Dynamic Smart Array B120i RAID Controller – Port 2 (SATA III or 6GB/s) – Icy Dock ExpressCage MB326SP-B Bay 2 B120i Logical Drive 03: Data drive -- 4 x WD10JUCT 1TB 2.5” HDDs in RAID10 on HP Dynamic Smart Array B120i RAID Controller – Ports 3, 4, 5, & 6 (each SATA II or 3GB/s) – Icy Dock ExpressCage MB326SP-B Bays 3, 4, 5, & 6 P222 Logical Drive 01: Data drive – 4 x WD 5TB SE HDDs (WD5001F9YZ) in RAID5 on HP Dynamic Smart Array P222 RAID Controller Card – Ports 1, 2, 3, & 4 (each SATA III or 6GB/s) – mounted in Bays 1, 2, 3, & 4 of drive-cage 686745-002 “Refurbished” Calhoun Technologies Drive-cage 686745-002 “Refurbished” SPS-HDD cage 4LFF 4U Enhanced; Dell Poweredge T710 PG9KK Mini SAS SFF-8087 cable 15” (38cm) Icy Dock ExpressCage MB326SP-B (I used the existing SATA cable that had gone to the optical drive for bay 5 plus a Blue 18” SATA cable I had in stock from previous projects for Bay 6; StarTech Model SAS8087S450 19” (50cm) Serial Attached SCSI SAS Cable – SFF-8087 to 4x Latching SATA for Bays 1, 2, 3, & 4; I also used a Molex Y to two SATA Power Connectors) 60mm Fan mounted near the bottom front of ML10v2 to increase air flow for the P222 60mm Fan mounted in empty card slot to direct air flow directly on P222 heat sink (plus Molex to Fan splitter and Y Fan to 2 Fan connector cable)  
       
       Please join us in the HSS Forums to discuss this and many other interesting topics.
       
       
       
      References:
       
      Check HSS Forum Post: http://homeservershow.com/forums/index.php?/topic/10796-ml10v2-drive-cage/
       
      Scsi4me.com 3.5” Drive Tray Caddy 4 HP ProLiant ML350e ML310e SL250s Gen8 Gen9 G9 651314-001 http://www.ebay.com/itm/231001449171
       
      Dell Poweredge T710 PG9KK Mini SAS SFF-8087 to SFF-8087 Cable 15” (38cm) https://www.amazon.com/Dell-Poweredge-PG9KK-SFF-8087-Cable/dp/B00NOEY3OS/ref=pd_sim_147_9?_encoding=UTF8&psc=1&refRID=1ZRF07DQQ5V1M36D045C
       
       HPE ProLiant ML30 Gen9 Server; Maintenance and Service Guide (Item 18 on pages 18-19 lists a Spare part number 792351-001 Four-bay LFF Hot-plug drive backplane assembly – this was where I initially got part number 792351-001 that I ordered from Calhoun Technologies – as stated earlier I found that it did work but I was unable to close the front cover of the ML10v2 or ML30G9 when that part was installed) http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c04905980-1.pdf
       
      Calhoun Technologies HP 686745-002 Refurbished http://www.calhountech.com/products/hp-686745-002-4-bay-sas-sata-lff-hot-plug-drv-cage.html
       
      Additional Fans in the HPE ProLiant ML10v2 http://homeservershow.com/additional-fans-in-the-hpe-proliant-ml10v2.html
       
      Installing Icy Dock 5.25” ExpressCage MB326SP-B http://homeservershow.com/installing-my-icy-dock-5-25-expresscage-mb326sp-b.html  
       
      Other HSS ML10v2 Blog Postings: http://homeservershow.com/tag/ML10v2
       
      HSS HP ProLiant ML10v2 postings: http://homeservershow.com/forums/index.php?/forum/98-ml10-and-ml10v2/
       
      Check out my ML10v2 Play List:
       
      Unboxing Drive Caddies for my ML30 G9
       
       
    • Joe_Miner
      64GB RAM in HPE ProLiant ML30 Gen9
      By Joe_Miner
      By: JohnStutsman
       
       
       

       
      Figure 1 – Preparing to install new 64GB of RAM
       
       
       
      I upgrade the stock 8GB to 64GB of RAM in the HPE ProLiant ML30 Gen9 using 4 DIMMs (“Sticks”) of Kingston KVR21E15D8/16.
       
       
       

       
      Figure 2 – Kingston KVR21E15D8/16
       
       
       

       
      Figure 3 – 64GB RAM about to be installed in HPE ProLiant ML30 Gen9
       
       
       
       
       
      Figure 4 – HPE ProLiant ML30 Gen9 – System Board Components & Memory “Type” requirement from “QuickSpecs” – DIMMs removal & installation instructions from “Maintenance & Service Guide” (see links in References below)
       
       
       

       
      Figure 5 – HPE ProLiant ML30 Gen9 – Memory & DDR4 memory population guidelines from “QuickSpecs” (see links in References below)
       
       
       
      I upgraded to 64GB of RAM in my HPE ProLiant ML30 Gen9 using Kingston KVR21E15D8/16 from Newegg. The KVR21E15D8/16 was suggested by Schoondoggy on the forum thread RAM for ML30 Gen9.
       
       
       
       
      Video 1 – 64GB RAM in HPE ProLiant ML30 Gen9.
       
       
       

       
      Figure 6 – View of the four new DIMMs installed for 64GB of RAM. Time to replace the air baffle, tower bezel, and side panel then hook up the ML30 Gen9 and see if it works!
       
       
       
       
       

       
      Figure 7 – IT WORKS! Screen during first post showing 64GB RAM - for the first time!  Thank you Schoondoggy!!
       
       
       

       
      Figure 8 – System Summary Information showing 64GB RAM installed
       
       
       

       
      Figure 9 – System Information with Installed Physical Memory (64GB RAM) Highlighted
       
       
       

       
      Figure 10 – Task Manager showing 64GB of DDR4.
       
       
       

       
      Figure 11 – iLO4 System Information – Memory Information showing four 16GB DIMMs installed.  Status is "Good, In Use".
       
       
       

       
      Figure 12 – Temperatures appear well within range while system fan speed was a consistent 6% - BIOS set to Optimal Cooling (Note that the two 40mm fans in the Icy Dock ToughArmor MB994SP-4SB-1 were also running).
       
       
       

       
      Figure 13 – HPE ProLiant ML30 Gen9 running with 64GB RAM and using 30.1 Watts. Everything seems to be working well – time to think about adding more drives and turn on Hyper-V!!
       
       
       
      As-Built (I named my Computer: Serenity)
      HPE ProLiant ML30 Gen9 (Product No. 830893) Xeon E3-1240v5 (SkyLake LGA 1151) 64GB ECC RAM – Kingston KVR21E15D8/16 OS: Windows 10 Pro B140i Dynamic Smart Array: Ports 1-4: (4*3.5” Drive Tray Caddies for Main Drive-Cage Assembly Bays 1-4) B140i Dynamic Smart Array: Ports 5-6: Icy Dock MB994SP-4SB-1 in Top 5.25” half-height Bay; with/ 2*18” SATA III (6 Gb/s) cables attached to Bays 1 & 2 (Bays 3 & 4 are available for future); Molex to Molex & Fan Y-Connector Cable; Samsung 840 Pro 256GB in Bay 1;  
       
      Please join us in the HomeServerShow Forums to discuss this and tell us what you are building at home.
       
       
       
      Reference:
       
      RAM for ML30 Gen9 http://homeservershow.com/forums/index.php?/topic/14807-ram-for-ml30-gen9/
       
      ValueRAM Decoder https://www.kingston.com/us/memory/valueram/valueram_decoder
       
      ValueRAM KVR21E15D8/16 Specs Sheet http://www.kingston.com/dataSheets/KVR21E15D8_16.pdf
       
      Check HSS Forum Post: Other HSS ML30 Blog Postings: http://homeservershow.com/tag/ML30
       
      HomeServerShow Forum for ML10’s & ML30’s http://homeservershow.com/forums/index.php?/forum/98-ml10-and-ml10v2/
       
      HPE ProLiant ML30 Gen9 Server Maintenance & Service Guide http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c04905980-1.pdf
       
      HPE ProLiant ML30 Gen9 Server QuickSpecs http://h20195.www2.hp.com/v2/GetDocument.aspx?docname=c04834998&doctype=quickspecs&doclang=EN_US&searchquery=&cc=us&lc=en
×
×
  • Create New...