Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[resch60]

i saw here in the forum that the firmware 2.02b1 the problem with the user Nobody fix.

so i download it the update from the

http://www.dlink.ca/products/?pid=DNS-320

page..

i still have the problem that someone is login in on my nas every day! I am here in canada! And i can't change my IP.. So the person is just looking around but i don't like that i turned the ftp down for 2 weeks but after i turn it on ! it happen again after 1 day...


Did i install the wrong firmware??

Everything else is great ! just that little problem.. thx for help

[albert]

After upgrading to firmware 2.02 (aka 2.02b1) does the NAS webUI allow login using nobody username? If it allow, did it prompt for password?

When I was still using firmware 2.00, I simply changed the nobody password via remote shell after I came to know about this issue.

[ChrisSutherland]

After upgrading to firmware 2.02 (aka 2.02b1) does the NAS webUI allow login using nobody username? If it allow, did it prompt for password?

When I was still using firmware 2.00, I simply changed the nobody password via remote shell after I came to know about this issue.

could you share how this is done please? I've logged into the web UI, and have no users listed under that name? by creating one called "nobody", does it override the current "nobody" user?

Just checked my logs and I have "nobody" also logging in, slightly worrying.

[albert]

could you share how this is done please? I've logged into the web UI, and have no users listed under that name? by creating one called "nobody", does it override the current "nobody" user?

Just checked my logs and I have "nobody" also logging in, slightly worrying.

So am I right to said that it's still not fix in 2.02?

What I did as stated earlier was to remote into the NAS via telnet/ssh (FFP is needed) and use the command passwd nobody and assign a password to it.

[ChrisSutherland]

remote into the NAS via telnet/ssh (FFP is needed)

Sorry but this means very little to me. I don't understand.

[albert]

Sorry but this means very little to me. I don't understand.

Which part, remote shell access or FFP? FFP = Fonz Fun_plug is needed because DNS-320 doesn't provide shell access.

[resch60]

thx i will just change the password than!

[cable2]

Hi Chris,
Albert is referring to the linux fonzfun_plug install which is, at this time, a bit over your head.  Given where you are at, how about simply adding "nobody" or "Nobody" or both as user(s) with rather secure passwords and then use the "deny access" as rights on top of this.  You could do this quickly with the 320's GUI without any further knowledge and then just keep checking the logs to see if you are still being breached.  Good luck

[resch60]

no that did not work! i tried that already, i can't create a user Nobody or nobody!


How do i play the ffp on the nas?? with out the access ??

[albert]

The user account nobody already exist by default and is now flagged as "invalid users" in samba conf file (in v2.02). What this meant is that it's not possible to login using this user account even if there is no password assigned to it. I have re-confirm this so there shouldn't be any undue worry over this issue.

But do take note that logs entries (recent activities) doesn't capture invalid login attempt from nobody so if your show otherwise then something is not right.

[resch60]

hmm i just see that nobody logs in but is not downloading....

ok i deleted the user Nobody from the "/home" so it just shows....

Problem gone... bot you said something from a samba server...
 

i will open a new topic  for that

[albert]

hmm i just see that nobody logs in but is not downloading....

So, are able to login using nobody account? Leave password as blank.