Qnap seems to have more security / ransom-ware issues than I believe Synology does... (again this could be completely wrong but I'm always notified of the QNAP ones...
Our community has rated this post as helpful. If you agree, why not thank AquaGalley8616
04-28-2021 at 09:21 AM.
maybe this is not the proper time to make threads on QNAP! Here is why? QNAP the last 7 days has had ransonware attack on massive scale and hackers demanded 500 dollars to give you back your files!
I did not get hacked because I had my 2 QNAP's offline, and turned off the last month, and only turn them on to backup or transfer files from NAS to PC. But most people leave on the NAS 24/7 and many got hacked the last 7 days!
Qnap seems to have more security / ransom-ware issues than I believe Synology does... (again this could be completely wrong but I'm always notified of the QNAP ones...
Our community has rated this post as helpful. If you agree, why not thank jlt722
04-28-2021 at 10:12 AM.
I have both Qnap and Synology in the workplace and home. Consumer and Enterprise ones. Both have pros and cons. For basic user I'd recommend Synology. For more experienced I think depends. But I do agree I have seen more ransomware news regarding QNAP.
QNAP
Pros:
- Prefer backup option. I use HBS3 and active sync. Works well for target folder backups.
- Sometimes prefer interface and QuLog to monitor access.
Cons:
- Updates can be annoying. Sometimes an update can break something, both firmware and applications.
- Parts can be hard to get. I had a PSU die. Found a reasonably priced replacement part, but had to ship from Australia.
- One occasion I deleted a shared folder, but didn't clear up storage. I had to SSH into the server and delete it manually.
Synology
Pros:
- Interface is much better and user-friendly.
- Updates and applications seem more stable and less likely to break after an update.
- Permission management is easier (user and groups).
- Plex works great. However, I haven't tried on QNAP.
Cons:
- Not a fan of the backup applications.
- Not a fan of the security options in OS and apps. Such as IP control.
Both are great for storage (including iscsi, luns, etc.). Both about as equal in ease of use. Can get pricey, so sometimes I'd recommend buy new enterprise hard drives on ebay. Synology is good and just works. QNAP can get annoying because sometimes they are trying to be feature rich, which is not always a good thing.
Thought I'd share in case. I think either is good and work well. QNAP is more reported regarding ransomware so keep in mind. But Synology users have experienced this too. If you have your NAS public facing, so you can access outside your network, such as Quickconnect or NAT/Port Forwarding, keep in mind the risks.
the people being hacked - is it because they had the shit open directly to the NAS or was there some kind of flaw that enabled this to be done remotely?
for example, today i have a NAS. my Nas is not DIRECTly available, but is a shared drive to my PC which uses PLEX to enable outside access - but in theory plex is the only open aspect, the NAS itself isnt directly accessible unless via plex.
does that make my situation more secure or would it have been just as easily attacked with qnap issues?
the people being hacked - is it because they had the shit open directly to the NAS or was there some kind of flaw that enabled this to be done remotely?
for example, today i have a NAS. my Nas is not DIRECTly available, but is a shared drive to my PC which uses PLEX to enable outside access - but in theory plex is the only open aspect, the NAS itself isnt directly accessible unless via plex.
does that make my situation more secure or would it have been just as easily attacked with qnap issues?
I would say it depends. I could say alot, but will try keep short as I can. To answer first question, I'd say I'm not exactly sure. The brute force attack I'd just implement security feature of banning IP after failed attempts. The ransomware exploit is kinda interesting. The abuser scans public network for qnap device. Then remotely triggers the QNAP's built in feature to pw protect files. Again keep QNAP internal only to avoid both issues mentioned.
Actually if your Windows machine is public facing (port-fowarding/NAT) then your PC is more likely to get hit by ransomware than the qnap server. Ransomware for Windows is not the same as Linux, or QNAP.
I've had a situation where a windows PC infected with ransomware encrypted files in a QNAP mounted shared folder. Also I've had a Windows Server get ransomware that spread to the QNAP server shared folders it had access to. These were targeting Windows, not QNAP.
I'd say for now your biggest concern should be your Windows PC being public facing. Make sure your PC isn't pingable outside your network. Plex uses port 32400 I believe, so make sure that's the only port used.
If must have plex open outside your network, get another pc that you don't care if gets hacked. If hacked, then dump it or clean install. Make sure plex user only has READ ONLY access to the video folder. NO ACCESS to others. If notice something strange, check Windows Resource monitor to check network connections. This is maybe the minimum I'd suggest.
ANOTHER option? Just get a router with VPN feature. Keep all devices within the network. No public facing devices. Then just connect to VPN and do your thang~
the people being hacked - is it because they had the shit open directly to the NAS or was there some kind of flaw that enabled this to be done remotely?
for example, today i have a NAS. my Nas is not DIRECTly available, but is a shared drive to my PC which uses PLEX to enable outside access - but in theory plex is the only open aspect, the NAS itself isnt directly accessible unless via plex.
does that make my situation more secure or would it have been just as easily attacked with qnap issues?
QNAP had at least three recent vulnerabilities they had to address (CVE-2020-36195[mitre.org], CVE-2020-2509[mitre.org], and CVE-2021-28799[qnap.com]). Vulnerabilities like SQL or command injection were exploited by attackers that were able to access the devices remotely over the public internet. This is on QNAP to fix (which they have), but there's always risk associated with making a device accessible on the internet, as not all vulnerabilities are always disclosed (or disclosed in time to patch before exploitation). For this reason, there is some responsibility on the owner of such devices to reduce the threat landscape by restricting internet access to approved IP addresses if it must be internet accessible, or by using a more secure method of remote access if it's not (such as remote VPN). Ideally, you'd also want to isolate the device on your network to prevent an attacker from pivoting through the network, but this is often beyond the ability of a typical consumer.
maybe this is not the proper time to make threads on QNAP! Here is why? QNAP the last 7 days has had ransonware attack on massive scale and hackers demanded 500 dollars to give you back your files!
I did not get hacked because I had my 2 QNAP's offline, and turned off the last month, and only turn them on to backup or transfer files from NAS to PC. But most people leave on the NAS 24/7 and many got hacked the last 7 days!
To the contrary I have 3 QNAP NAS's (2 in one location, 1 in another) online 24/7 and none are hacked because we check for firmware updates on a regular basis. If people take the most basic steps to ensure their devices are secure, there's not an issue. If they don't, then that's on the person not on the vendor.
9 Comments
Your comment cannot be blank.
Sign up for a Slickdeals account to remove this ad.
Our community has rated this post as helpful. If you agree, why not thank AquaGalley8616
I did not get hacked because I had my 2 QNAP's offline, and turned off the last month, and only turn them on to backup or transfer files from NAS to PC. But most people leave on the NAS 24/7 and many got hacked the last 7 days!
2 youtube videos on this:
I've just been HIT by a global ransomware attack, QNAP need to be held accountable for this
https://www.youtube.com/watch?v=S_4p68l
The QNAP QLocker Ransomware - How, Why and QNAP's Response
https://www.youtube.com/watch?v=cQjOn5H
Our community has rated this post as helpful. If you agree, why not thank jlt722
QNAP
Pros:
- Prefer backup option. I use HBS3 and active sync. Works well for target folder backups.
- Sometimes prefer interface and QuLog to monitor access.
Cons:
- Updates can be annoying. Sometimes an update can break something, both firmware and applications.
- Parts can be hard to get. I had a PSU die. Found a reasonably priced replacement part, but had to ship from Australia.
- One occasion I deleted a shared folder, but didn't clear up storage. I had to SSH into the server and delete it manually.
Synology
Pros:
- Interface is much better and user-friendly.
- Updates and applications seem more stable and less likely to break after an update.
- Permission management is easier (user and groups).
- Plex works great. However, I haven't tried on QNAP.
Cons:
- Not a fan of the backup applications.
- Not a fan of the security options in OS and apps. Such as IP control.
Both are great for storage (including iscsi, luns, etc.). Both about as equal in ease of use. Can get pricey, so sometimes I'd recommend buy new enterprise hard drives on ebay. Synology is good and just works. QNAP can get annoying because sometimes they are trying to be feature rich, which is not always a good thing.
Thought I'd share in case. I think either is good and work well. QNAP is more reported regarding ransomware so keep in mind. But Synology users have experienced this too. If you have your NAS public facing, so you can access outside your network, such as Quickconnect or NAT/Port Forwarding, keep in mind the risks.
for example, today i have a NAS. my Nas is not DIRECTly available, but is a shared drive to my PC which uses PLEX to enable outside access - but in theory plex is the only open aspect, the NAS itself isnt directly accessible unless via plex.
does that make my situation more secure or would it have been just as easily attacked with qnap issues?
for example, today i have a NAS. my Nas is not DIRECTly available, but is a shared drive to my PC which uses PLEX to enable outside access - but in theory plex is the only open aspect, the NAS itself isnt directly accessible unless via plex.
does that make my situation more secure or would it have been just as easily attacked with qnap issues?
Actually if your Windows machine is public facing (port-fowarding/NAT) then your PC is more likely to get hit by ransomware than the qnap server. Ransomware for Windows is not the same as Linux, or QNAP.
I've had a situation where a windows PC infected with ransomware encrypted files in a QNAP mounted shared folder. Also I've had a Windows Server get ransomware that spread to the QNAP server shared folders it had access to. These were targeting Windows, not QNAP.
I'd say for now your biggest concern should be your Windows PC being public facing. Make sure your PC isn't pingable outside your network. Plex uses port 32400 I believe, so make sure that's the only port used.
If must have plex open outside your network, get another pc that you don't care if gets hacked. If hacked, then dump it or clean install. Make sure plex user only has READ ONLY access to the video folder. NO ACCESS to others. If notice something strange, check Windows Resource monitor to check network connections. This is maybe the minimum I'd suggest.
ANOTHER option? Just get a router with VPN feature. Keep all devices within the network. No public facing devices. Then just connect to VPN and do your thang~
Sign up for a Slickdeals account to remove this ad.
for example, today i have a NAS. my Nas is not DIRECTly available, but is a shared drive to my PC which uses PLEX to enable outside access - but in theory plex is the only open aspect, the NAS itself isnt directly accessible unless via plex.
does that make my situation more secure or would it have been just as easily attacked with qnap issues?
I did not get hacked because I had my 2 QNAP's offline, and turned off the last month, and only turn them on to backup or transfer files from NAS to PC. But most people leave on the NAS 24/7 and many got hacked the last 7 days!
2 youtube videos on this:
I've just been HIT by a global ransomware attack, QNAP need to be held accountable for this
https://www.youtube.com/watch?v=S_4p68l
The QNAP QLocker Ransomware - How, Why and QNAP's Response
https://www.youtube.com/watch?v=cQjOn5H