In recently issue mentioned in Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program, QNAP quickly release Malware Remover 2.1.0 to help. Let’s take a look at this program and go detail.
I follow suggestions on 2.8.2 very slow to launch on OS X 10.6.8 on GIMP on OS X suggest to turn off network. It does help to speed up GIMP but LibreOffice.
When trying to improve ZurmoCRM performance on NAS, I have separate PHP programs and MySQL running on different machine. It is a good idea to run MySQL with RAID 1 to protect data from hardware failure.
I also explain how to harden your NAS to protect MySQL service from remote connection.
It’s quit busy in Synology forum about a coin miner started on 2014/2/8 by Joakim Lotsengard on Synology Page in Facebook. Someone use CVE-2013-6955 and CVE-2013-6987 to insert a coin miner program running in the background. It takes all CPU resource and slow down your access to NAS.
UPDATE @ 2014/8/6 – SynoLocker use the same vulnerability to encrypt files and ask for money. Y-Combinator has a threaded discussion. You need to upgrade your DSM manually. It is not found by auto-update. Please refer to Downgrade Synology DSM for detail instructions.
UPDATE @ 2015/4/1 – Add security on ThecusOS 6.
For non-expandable NAS, there might be some hidden services open but not shown in web admin. You may use nmap to explore.
Buffalo HD-LX2TU3 is my first secured external HDD box. Because I am not comfortable with the high operation temperature and the small power adapter, I decide to open the case, move the hard drive to QNAP TS-112, and use the SATA to USB 3.0 bridge as a quick connector.
I use the bridge to clone the hard drive in my Lenovo C440 AIO to a new SSHD. When I swap them, it never boot up.
It is easy to setup and run your WordPress Site but difficult to protect from hackers and spam. That’s why I choose to adopt the free WordPress.com which helps me to focus on contents.
When I setup WordPress for my customers, I will secure wp-config.php and limit the database account to current WordPress database only. It prevent access to the WordPress configuration file which contains the database account and password in non-encrypted format. Even if they get the file, the database user account is limited to access the WordPress database.