Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[mickey599]

Hi everyone,
Recently i had problems with DIR 645 which was damaged (not responding to LAN ports) and it also affected my 320L.
I had to reset it (couldn't access it although it responded on ping) and start all over. I had saved backup bin but it won't accept it.
Installed new Firmware 1.08 (Firmware Date 01/28/2016)
I also have configured users groups my dlink account Dynamic DNS (www.dlinkddns.com) etc
I had to change router so my ISP gave me some ZTE (crap) it works in local but from outside only way is to put NAS in DMZ (no port forwarding options in ZTE)

This is what bothers me, few days ago I noticed unusual hdd activity and went for logs, this is what I saw

"Jan  9 05:21:39 dlink-AEB207 smbd: CIFS: [91.197.19.2xx] closed the connection to service [Volume_1].
Jan  9 05:21:33 dlink-AEB207 smbd: CIFS: [91.197.19.2xx] closed the connection to service [P2P].
Jan  9 05:21:33 dlink-AEB207 smbd: CIFS: [91.197.19.2xx] closed the connection to service [Recycle Bin - Volume_1].
Jan  9 05:21:23 dlink-AEB207 smbd: CIFS: [91.197.19.2xx] connected to [Volume_1] as user [nobody].
Jan  9 05:21:21 dlink-AEB207 smbd: CIFS: [91.197.19.2xx] connected to [P2P] as user [nobody].
Jan  9 05:21:19 dlink-AEB207 smbd: CIFS: [91.197.19.2xx] connected to [Recycle Bin - Volume_1] as user [nobody].
Jan  9 05:21:14 dlink-AEB207 smbd: CIFS: Authentication for user [guest] has FAILED.
Jan  9 02:30:07 dlink-AEB207 rtc: Set System Time.
Jan  8 17:00:52 dlink-AEB207 smbd: CIFS: Authentication for user [muie] has FAILED.
Jan  8 17:00:52 dlink-AEB207 smbd: CIFS: Authentication for user [golf] has FAILED.
Jan  8 17:00:51 dlink-AEB207 smbd: CIFS: Authentication for user [reg] has FAILED.
Jan  8 17:00:51 dlink-AEB207 smbd: CIFS: Authentication for user [cashin] has FAILED.
Jan  8 17:00:51 dlink-AEB207 smbd: CIFS: Authentication for user [backoffice] has FAILED.
Jan  8 17:00:51 dlink-AEB207 smbd: CIFS: Authentication for user [pos] has FAILED.
Jan  8 17:00:51 dlink-AEB207 smbd: CIFS: Authentication for user [sms] has FAILED. "

Am I missing something in configuration so someone is trying to hack me and how? Is anything that I can do to double check settings?
Please excuse me for bad English (not my native language) and also if you need more info I will provide.

[FurryNutz]

Link>Welcome!

• What Hardware version is your DNS? Look at the sticker behind or under the device.
• Link>What Firmware version is currently loaded? Found on the DNSs web page under status.
• What region are you located?

What browser are you using to upgrade FW? We recommend using IE11 or FF.
Be sure to clear all browser caches before and after attempting to load FW.

[ivan]

Looking at the log it appears that someone is trying to access your NAS.

All the FAILED attempts are to well known users logins.  It also looks as if the same person logged in as 'nobody' and had a poke around for about 10 minutes.

I would advise you to first check that there is nothing on the NAS that you didn't put there and then make sure that you have a strong password to cover access to Volume_1.

You should also check if your new router has a built in firewall and if so make sure that it blocks anything (ports and protocols) you are not using.

[mickey599]

Hi all,
To reply FurryNutz
Thanks for welcoming me.
H/W Ver:A3 and firmware is 1.08 located in Serbia-southeast Europe

And for Ivan, i ran Kaspersky to scan it ti will take a while, i will post result later.
My new router does not alow me to change port forward options, it has firewall but to access NAS from outside i had to put it address DMZ because there is no port forward options.
Also when I try to access NAS from other devices (I installed AndSMB on my phone and connect via 4G and dlinkddns address) it ask me for user/password and i enter anything, it passes trough, open Volume_1, recycle bin and P2P, although i set users and groups password for Volume_1.
Where I am doing wrong?

[ivan]

I am not sure what the problem with access to Volume_1 via dlinkddns is because we don't use that service.

Check that you have set a username and password for access to Volume_1 and closed off the guest and nobody logins.  Again I can't say how you disable those logins using the default firmware (we use secure telnet) plus all our NAS boxes are behind our firewall, managed switch and everyone has to log in to the system if trying to connect from outside our local network.

[mickey599]

Hi again,
Yes, Kaspersky found 1 virus in root of Volume_1 created 09.01.2017 so that is no good. Had to turn it off until I resolve how to protect it.
I do have password on Volume_1 and I changed it again few days ago but I think that is not problem.

Is there any way to reset it to complete factory default? I did recently used reset button and also tried via web interface but it only erased users groups and set default IP but all apps that were installed via app center are still there.

[FurryNutz]

Users can do a factory reset on the DNS and this will erase any user configurations you have setup including any user accounts you added. All data on the drives will remain intact.