phpinfo() Reports on NAS

For LAMP developers, it is important to know the target environment. Because I am currently porting ZurmoCRM onto different NAS, I collect these environment and shared here. It should also ease me to port other LAMP applications in the future. I will maintain and update this list regularly.

Continue reading “phpinfo() Reports on NAS”

Synology Security Issue and How-to Harden your NAS

It’s quit busy in Synology forum about a coin miner started on 2014/2/8 by Joakim Lotsengard on Synology Page in Facebook. Someone use CVE-2013-6955 and CVE-2013-6987 to insert a coin miner program running in the background. It takes all CPU resource and slow down your access to NAS.

You may see the the press from Synology if you want to learn more about this issue. Please follow the instruction to remove the unwanted program by reinstall DSM and update manually.

UPDATE @ 2014/8/6SynoLocker use the same vulnerability to encrypt files and ask for money. Y-Combinator has a threaded discussion. You need to upgrade your DSM manually. It is not found by auto-update. Please refer to Downgrade Synology DSM for detail instructions.

I am going to show you how to check yourself and harden your NAS covering Asustor ADM, QNAP QTS, Synology DSM and ThecusOS 6.

UPDATE @ 2015/4/1 – Add security on ThecusOS 6.

Continue reading “Synology Security Issue and How-to Harden your NAS”