Antibug Posté(e) 12 mars 2015 Signaler Share Posté(e) 12 mars 2015 Bonjour, Suite a une demande de support sur qnapsecurity.com site que je pense etre officiel, j'ai eu de desagreables tentatives de visite de mon NAS. Les ip pointent en chine pour la plupart. Hazard ? ou le site n'est pas officiel ? "50","Warning","2015-03-07","00:04:46","root","103.41.124.50","---","SSH","---","Login Fail" "49","Warning","2015-03-06","23:05:05","root","103.41.124.66","---","SSH","---","Login Fail" "48","Warning","2015-03-06","22:18:10","root","101.226.168.158","---","SSH","---","Login Fail" "47","Warning","2015-03-06","22:05:58","root","103.41.124.51","---","SSH","---","Login Fail" "46","Warning","2015-03-06","21:05:43","root","103.41.124.26","---","SSH","---","Login Fail" "45","Warning","2015-03-06","20:06:13","root","103.41.124.50","---","SSH","---","Login Fail" "44","Warning","2015-03-06","19:06:48","root","103.41.124.31","---","SSH","---","Login Fail" "43","Warning","2015-03-06","18:05:08","root","103.41.124.15","---","SSH","---","Login Fail" "42","Warning","2015-03-06","17:03:19","root","103.41.124.14","---","SSH","---","Login Fail" "41","Warning","2015-03-06","16:56:08","root","222.161.4.147","---","SSH","---","Login Fail" "40","Warning","2015-03-06","16:54:21","anonymous","193.104.41.53","---","SSH","---","Login Fail" "39","Warning","2015-03-06","16:50:42","adm","193.104.41.53","---","SSH","---","Login Fail" "38","Warning","2015-03-06","16:47:02","D-Link","193.104.41.53","---","SSH","---","Login Fail" "37","Warning","2015-03-06","16:43:24","pi","193.104.41.53","---","SSH","---","Login Fail" "36","Warning","2015-03-06","16:39:43","admin","193.104.41.53","---","SSH","---","Login Fail" "35","Warning","2015-03-06","16:36:03","admin","193.104.41.53","---","SSH","---","Login Fail" "34","Warning","2015-03-06","16:32:22","root","193.104.41.53","---","SSH","---","Login Fail" "33","Warning","2015-03-06","16:29:52","root","103.41.124.56","---","SSH","---","Login Fail" "32","Warning","2015-03-06","16:28:43","test","193.104.41.53","---","SSH","---","Login Fail" "31","Warning","2015-03-06","16:25:06","user","193.104.41.53","---","SSH","---","Login Fail" "30","Warning","2015-03-06","16:21:25","support","193.104.41.53","---","SSH","---","Login Fail" "29","Warning","2015-03-06","16:17:45","admin","193.104.41.53","---","SSH","---","Login Fail" "28","Warning","2015-03-06","15:32:21","root","103.41.124.37","---","SSH","---","Login Fail" "27","Warning","2015-03-06","14:33:19","root","103.41.124.22","---","SSH","---","Login Fail" "26","Warning","2015-03-06","13:34:43","root","103.41.124.24","---","SSH","---","Login Fail" "25","Warning","2015-03-06","13:04:34","root","221.235.188.205","---","SSH","---","Login Fail" "23","Warning","2015-03-06","12:36:50","root","103.41.124.56","---","SSH","---","Login Fail" "22","Warning","2015-03-06","11:38:20","root","103.41.124.52","---","SSH","---","Login Fail" "20","Warning","2015-03-06","10:38:46","root","103.41.124.44","---","SSH","---","Login Fail" "19","Warning","2015-03-06","09:40:34","root","103.41.124.101","---","SSH","---","Login Fail" "18","Warning","2015-03-06","08:40:23","root","103.41.124.17","---","SSH","---","Login Fail" "17","Warning","2015-03-06","07:42:26","root","103.41.124.15","---","SSH","---","Login Fail" "16","Warning","2015-03-06","07:42:19","root","103.41.124.48","---","SSH","---","Login Fail" "15","Warning","2015-03-06","07:12:57","root","101.226.168.158","---","SSH","---","Login Fail" "13","Warning","2015-03-06","06:47:49","root","103.41.124.51","---","SSH","---","Login Fail" "12","Warning","2015-03-06","05:51:01","root","103.41.124.104","---","SSH","---","Login Fail" "11","Warning","2015-03-06","04:59:58","root","103.41.124.51","---","SSH","---","Login Fail" "10","Warning","2015-03-06","04:49:49","root","182.100.67.102","---","SSH","---","Login Fail" "9","Warning","2015-03-06","03:51:20","root","103.41.124.103","---","SSH","---","Login Fail" "8","Warning","2015-03-06","01:24:59","root","218.65.30.92","---","SSH","---","Login Fail" cdt Antibug Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
0 GlaceNot Posté(e) 12 mars 2015 Signaler Share Posté(e) 12 mars 2015 Bonsoir Votre lien nous renvoie ici...sur la page actuelle... Si vous n'êtes pas sûr envoyez un courriel à Qnap, mais je ne pense pas que le site du support soit bidon. Changez le numéro du port ssh pour un autre plus élevé puis mettez des règles autobloquantes des ip pour un certains temps. Mettez un mot de passe fort, chiffres et lettres majuscules et minuscules...de dix à douze caractères minimum. Redémarrez le router afin d'obtenir une nouvelle ip...et vérifiez les paramètres de ce dernier afin qu'il ne soit pas une passoire depuis le wan. Il y a eu d'autres cas récemment mais si vous n'avez rien de sensible sur le nas alors ne vous faites pas de soucis. Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
0 Antibug Posté(e) 13 mars 2015 Auteur Signaler Share Posté(e) 13 mars 2015 Bonjour GlaceNot, Merci pour ta réponse. J'ai changé le lien du site pour ne mettre que son nom sans lien. Merci pour tes conseils de sécurité, je mettrais ca en place ce we ! Pour la partie redémarrage de routeur, ca ne change pas l'ip, je suis en ip fixe penses- tu que je peux faire une demande auprès de mon fournisseur pour changer d'ip ? Pourrais tu développer ta dernière phrase "vérifiez les paramètres de ce dernier afin qu'il ne soit pas une passoire depuis le wan" ? stp Pourrais tu me donner des astuces ou trucs de base a savoir pour cela ? D'avance merci cdt Antibug Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
0 pipovip Posté(e) 13 mars 2015 Signaler Share Posté(e) 13 mars 2015 Bonjour, bienvenue au club des "victimes" ! J'ai le meme problème depuis environs 1 mois, il me semble effectivement que c'est après avoir pris contact avec le support Qnap (Helpdesk : helpdesk.qnap.com/) pour un problème de refus de mise en veille des disques durs (problème toujours pas résolu ...). J'avais alors communiqué les différentes informations pour un accès à distance de mon NAS (via SSH je crois) ; je ne peux pas confirmé que mon problèmes de tentatives d'intrusions quasi-quotidienne est apparu à partir du moment où j'ai fais appel au support, mais je crois que oui. Depuis, j'ai effectivement près de 90% de tentatives d'intrusions par nos amis chinois, les 10% restant, proviennent des USA, Japon, Ukraine. Voici mon topic sur le sujet : Alors, comme évoqué dans mon sujet, vu que nos amis chinois sont un peu plus d'1 milliard, j'espère que les tentatives d'intrusions ne vont pas continuer ! Je n'ai pas encore trouver de solution pour arrêter complétement ces intrusions, là seule alternative qui m'a été conseillé ici est de faire un réglages qui bannit l'IP au bout d'un certains nombre de tentatives. Par ailleurs, je précise que je ne suis pas quelqu'un d'exposé ou de célèbre, ni en pro ni en perso ; je suis un simple utilisateur en "bon" père de famille et le contenu de mon NAS n'est vraiment pas très intéressant pour autrui (quelques films + photos/videos de famille) ; donc, rien qui pourrait faire de moi une "cible" ... Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
0 GlaceNot Posté(e) 13 mars 2015 Signaler Share Posté(e) 13 mars 2015 Bonjour vous deux Je n'avais pas fait le lien entre le cas de pipovip et antibug...effectivement c'est suspect. Vous devriez envoyer un courriel à Qnap chacun de votre côté expliquant en quelques lignes la situation. Cela ne peut pas nuire et ils pourront faire un meilleur suivi pour l'avenir. Ils auront peut-être des éclaircissements à vous demander par la même occasion ce qui serait un bon signe. À antibug; pour l'adresse ip cela dépend de votre fournisseur internet. Je pense au frais supplémentaires bien sûr. Si c'est gratuit et que cela n'occasionne pas de problème pour vous (vous êtes peu de personnes à vous connecter à votre nas) alors changez la. Cela les brouillera c'est sûr... Quand à la 'passoire' je pensais à la 'zone démilitarisée' communément appelé le DMZ qui est une option sur le routeur. Cette dernière devrait être désactivée puisque qu'à partir de ce moment vos machines ne sont plus protégées par le pare-feu du routeur. En supplément, vérifiez l'état de vos ports en faisant ces tests (site de la GRC) https://www.grc.com/x/ne.dll?bh0bkyd2 Les ports de 0 à 1055 du routeur seront scannés et devront tous être au vert à la fin. Ce qui signifie qu'ils ne sont pas détectables ou visibles depuis le net. Si certains sont bleus, cela signifie qu'ils sont visibles (mais fermé donc vulnérable à du code) depuis l'internet. Si vous avez des ports redirigés comme le 22 ou autres changez- le pour un autre qui sera suppérieur à 1055 comme 2222. Faites de même avec le 80 et même le 8080 qui est trop connu. Vérifiez la vulnérabilté de l'UPnP toujours sur le même site. L'UPnP sur un routeur c'est utile, mais je préfère personnellement le laisser désactivé. Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
0 Antibug Posté(e) 19 mars 2015 Auteur Signaler Share Posté(e) 19 mars 2015 Bonjour GlaceNot, Merci pour ta réponse. D'apres le site GRC, tout est OK. je vais voir pour faire remonter l'info coté Qnap ... essayer cdt Antibug Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
0 Antibug Posté(e) 8 avril 2015 Auteur Signaler Share Posté(e) 8 avril 2015 Bonsoir, Les conseils que j'ai reçu du support QNAP sont les suivant : changer le port SSH dans l'onglet sécurité bloqué le protocole SSH si il y a plusieurs tentatives infructueuses mais rien de plus ... Plus de connexion suspecte... Sujet clos Merci à tous. cdt Antibug Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
Question
Antibug
Bonjour,
Suite a une demande de support sur qnapsecurity.com site que je pense etre officiel,
j'ai eu de desagreables tentatives de visite de mon NAS.
Les ip pointent en chine pour la plupart.
Hazard ? ou le site n'est pas officiel ?
"50","Warning","2015-03-07","00:04:46","root","103.41.124.50","---","SSH","---","Login Fail"
"49","Warning","2015-03-06","23:05:05","root","103.41.124.66","---","SSH","---","Login Fail"
"48","Warning","2015-03-06","22:18:10","root","101.226.168.158","---","SSH","---","Login Fail"
"47","Warning","2015-03-06","22:05:58","root","103.41.124.51","---","SSH","---","Login Fail"
"46","Warning","2015-03-06","21:05:43","root","103.41.124.26","---","SSH","---","Login Fail"
"45","Warning","2015-03-06","20:06:13","root","103.41.124.50","---","SSH","---","Login Fail"
"44","Warning","2015-03-06","19:06:48","root","103.41.124.31","---","SSH","---","Login Fail"
"43","Warning","2015-03-06","18:05:08","root","103.41.124.15","---","SSH","---","Login Fail"
"42","Warning","2015-03-06","17:03:19","root","103.41.124.14","---","SSH","---","Login Fail"
"41","Warning","2015-03-06","16:56:08","root","222.161.4.147","---","SSH","---","Login Fail"
"40","Warning","2015-03-06","16:54:21","anonymous","193.104.41.53","---","SSH","---","Login Fail"
"39","Warning","2015-03-06","16:50:42","adm","193.104.41.53","---","SSH","---","Login Fail"
"38","Warning","2015-03-06","16:47:02","D-Link","193.104.41.53","---","SSH","---","Login Fail"
"37","Warning","2015-03-06","16:43:24","pi","193.104.41.53","---","SSH","---","Login Fail"
"36","Warning","2015-03-06","16:39:43","admin","193.104.41.53","---","SSH","---","Login Fail"
"35","Warning","2015-03-06","16:36:03","admin","193.104.41.53","---","SSH","---","Login Fail"
"34","Warning","2015-03-06","16:32:22","root","193.104.41.53","---","SSH","---","Login Fail"
"33","Warning","2015-03-06","16:29:52","root","103.41.124.56","---","SSH","---","Login Fail"
"32","Warning","2015-03-06","16:28:43","test","193.104.41.53","---","SSH","---","Login Fail"
"31","Warning","2015-03-06","16:25:06","user","193.104.41.53","---","SSH","---","Login Fail"
"30","Warning","2015-03-06","16:21:25","support","193.104.41.53","---","SSH","---","Login Fail"
"29","Warning","2015-03-06","16:17:45","admin","193.104.41.53","---","SSH","---","Login Fail"
"28","Warning","2015-03-06","15:32:21","root","103.41.124.37","---","SSH","---","Login Fail"
"27","Warning","2015-03-06","14:33:19","root","103.41.124.22","---","SSH","---","Login Fail"
"26","Warning","2015-03-06","13:34:43","root","103.41.124.24","---","SSH","---","Login Fail"
"25","Warning","2015-03-06","13:04:34","root","221.235.188.205","---","SSH","---","Login Fail"
"23","Warning","2015-03-06","12:36:50","root","103.41.124.56","---","SSH","---","Login Fail"
"22","Warning","2015-03-06","11:38:20","root","103.41.124.52","---","SSH","---","Login Fail"
"20","Warning","2015-03-06","10:38:46","root","103.41.124.44","---","SSH","---","Login Fail"
"19","Warning","2015-03-06","09:40:34","root","103.41.124.101","---","SSH","---","Login Fail"
"18","Warning","2015-03-06","08:40:23","root","103.41.124.17","---","SSH","---","Login Fail"
"17","Warning","2015-03-06","07:42:26","root","103.41.124.15","---","SSH","---","Login Fail"
"16","Warning","2015-03-06","07:42:19","root","103.41.124.48","---","SSH","---","Login Fail"
"15","Warning","2015-03-06","07:12:57","root","101.226.168.158","---","SSH","---","Login Fail"
"13","Warning","2015-03-06","06:47:49","root","103.41.124.51","---","SSH","---","Login Fail"
"12","Warning","2015-03-06","05:51:01","root","103.41.124.104","---","SSH","---","Login Fail"
"11","Warning","2015-03-06","04:59:58","root","103.41.124.51","---","SSH","---","Login Fail"
"10","Warning","2015-03-06","04:49:49","root","182.100.67.102","---","SSH","---","Login Fail"
"9","Warning","2015-03-06","03:51:20","root","103.41.124.103","---","SSH","---","Login Fail"
"8","Warning","2015-03-06","01:24:59","root","218.65.30.92","---","SSH","---","Login Fail"
cdt
Antibug
Lien vers le commentaire
Partager sur d’autres sites
6 réponses à cette question
Messages recommandés
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.