chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1142353e1e'
${ noResults }
hugo_backup/themes/public/article/e7-ad-86-e8-a8-98-synology-.../index.html

536 lines
19 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Lednerb">
<meta name="description" content="Bilberry Premium Theme for Hugo.">
<meta name="keywords" content="blog,personal,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
<meta name="generator" content="Hugo 0.50" />
<title> [筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊.. | My cool new Blog</title>
<meta name="description" content="[筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊.. - Bilberry Premium Theme for Hugo.">
<meta itemprop="name" content="[筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊..">
<meta itemprop="description" content="[筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊.. - Bilberry Premium Theme for Hugo.">
<meta property="og:title" content="[筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊..">
<meta property="og:description" content="[筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊.. - Bilberry Premium Theme for Hugo.">
<meta property="og:image" content="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?size=200">
<meta property="og:url" content="https://h.cowbay.org/article/e7-ad-86-e8-a8-98-synology-nas-e7-96-91-e4-bc-bc-e8-a2-ab-e5-85-a5-e4-be-b5-ef-bc-8c-e7-be-a4-e6-9a-89-e7-9c-9f-e7-9a-84-e8-a6-81-e5-8a-a0-e5-8a-a0-e6-b2-b9-e5-95-8a/">
<meta property="og:site_name" content="My cool new Blog">
<meta property="og:type" content="article">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">
<link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.717098cb5503581e75f12e486a847ca410bf8367d4d8713f4c37affc868c5a1d.css">
</head>
<body class="bilberry-hugo-theme">
<nav>
<div class="container">
<ul class="topnav">
<li><a href="/page/about-bilberry/">About Bilberry</a></li>
<li><a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Github</a></li>
</ul>
<div id="search-box" class="search">
<i class="fa fa-search"></i>
<input id="search" type="text" placeholder="Search ...">
</div>
</div>
</nav>
<header>
<div class="container">
<div class="logo">
<a href="/" class="logo">
<img src="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?d=mm&size=200" alt="">
<span class="overlay"><i class="fa fa-home"></i></span>
</a>
</div>
<div class="titles">
<h3 class="title"><a href="/">My cool new Blog</a></h3>
<span class="subtitle">Hello World! This is the most epic subtitle ever.</span>
</div>
<div class="languages">
<a href="/en" class="active">en</a>
<a href="/de">de</a>
</div>
<div class="toggler">
<i class="fa fa-bars" aria-hidden="true"></i>
</div>
</div>
</header>
<div class="main container">
<div class="article-wrapper u-cf single">
<a class="bubble" href="/article/e7-ad-86-e8-a8-98-synology-nas-e7-96-91-e4-bc-bc-e8-a2-ab-e5-85-a5-e4-be-b5-ef-bc-8c-e7-be-a4-e6-9a-89-e7-9c-9f-e7-9a-84-e8-a6-81-e5-8a-a0-e5-8a-a0-e6-b2-b9-e5-95-8a/">
<i class="fa fa-fw fa-pencil"></i>
</a>
<article class="default article">
<div class="content">
<h3><a href="/article/e7-ad-86-e8-a8-98-synology-nas-e7-96-91-e4-bc-bc-e8-a2-ab-e5-85-a5-e4-be-b5-ef-bc-8c-e7-be-a4-e6-9a-89-e7-9c-9f-e7-9a-84-e8-a6-81-e5-8a-a0-e5-8a-a0-e6-b2-b9-e5-95-8a/">[筆記] Synology NAS 疑似被入侵,群暉真的要加加油啊..</a></h3>
<div class="meta">
<span class="date moment">2014-08-08</span>
<span class="categories">
<a href="/categories/%E6%9C%AA%E5%88%86%E9%A1%9E">未分類</a>
</span>
</div>
<p>繼前陣子群暉NAS被拿來挖礦的問題之後 請參閱 <a href="http://forum.synology.com/enu/viewtopic.php?f=7&amp;t=78993">http://forum.synology.com/enu/viewtopic.php?f=7&amp;t=78993</a></p>
<p>七月底八月初群暉的NAS又出包了這次是被駭客入侵後把NAS上的檔案加密並要求付出比特幣做為贖金(大概台幣 12000左右)</p>
<p>不然資料就會被保留在加密的狀態,無法使用。</p>
<p>詳情請參閱: <a href="http://www.pcdiy.com.tw/webroot/article.php?art=544">http://www.pcdiy.com.tw/webroot/article.php?art=544</a></p>
<p>&nbsp;</p>
<p>事情發生之後群暉也發出了信件通知USER應該怎麼處理信件內容如下</p>
<p>&nbsp;
&gt; ## Dear Synology users,
&gt;
&gt; We would like to inform you that a ransomware called &ldquo;SynoLocker&rdquo; is currently affecting some Synology NAS users. This ransomware locks down affected servers, encrypts users files, and demands a fee to regain access to the encrypted files.
&gt;
&gt; We have confirmed that the ransomware only affects Synology NAS servers running older versions of DiskStation Manager by exploiting a security vulnerability that was fixed and patched in December, 2013.
&gt;
&gt; Affected users may encounter the following symptoms:
&gt;
&gt; * When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
&gt; * Abnormally high CPU usage or a running process called “synosync” (which can be checked at <strong>Main Menu</strong> &gt; <strong>Resource Monitor</strong>).
&gt; * <span style="color: #ff0000;">DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at <strong>Control Panel</strong> &gt; <strong>DSM Update</strong>.</span>
&gt;
&gt;
&gt; If you have encountered the above symptoms, please shutdown the system immediately and contact our technical support here: <a href="https://myds.synology.com/support/support_form.php">https://myds.synology.com/support/support_form.php</a>
&gt;
&gt; If you have not encountered the above symptoms, we strongly recommend downloading and installing DSM 5.0, or any version below:
&gt;
&gt; * DSM 4.3-3827 or later
&gt; * DSM 4.2-3243 or later
&gt; * DSM 4.0-2259 or later
&gt; * DSM 3.x or earlier is not affected
&gt;
&gt;
&gt; You can manually download the latest version from our <a href="http://www.synology.com/en-global/support/download">Download Center</a> and install it at <strong>Control Panel</strong> &gt; <strong>DSM Update</strong> &gt; <strong>Manual DSM Update</strong>.
&gt;
&gt; If you notice any strange behavior or suspect your Synology NAS server has been affected by the above issue, please contact us at <a href="mailto:security@synology.com">security@synology.com</a>.
&gt;
&gt; We sincerely apologize for any problems or inconvenience this issue has caused our users. Well keep you updated with the latest information as we continue to address this issue.
&gt;
&gt; Thank you for your continued patience and support.
&gt;
&gt; Sincerely,
&gt;
&gt; Synology Development Team</p>
<p>在知道這件事情之後我從外部連回公司先把FW上面跟NAS相關、而且有開啟的port forward policy先關閉。(5000 我是已經關閉很久了,但是還有開一個 SSH 給群暉連進來)</p>
<p>隔天進公司之後把NAS叫出來看本來還以為沒事的結果檢查到第三條</p>
<blockquote>
<p><span style="color: #ff0000;">DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at <strong>Control Panel</strong> &gt; <strong>DSM Update</strong>.</span></p>
</blockquote>
<p>啊,系! 我的版本還在 4.2 ,而且也的確顯示為已經是最新版本。</p>
<p>跟群暉確認過之後,群暉建議還是依照他們的方法來處理</p>
<p>1.關機</p>
<p>2.把原有的硬碟抽出來</p>
<p>3.裝一顆新的硬碟進去</p>
<p>4.安裝 DSM 4.3-3810之後的版本</p>
<p>5.關機</p>
<p>6.接回原本的硬碟</p>
<p>7.開機</p>
<p>8.重新安裝DSM到 4.3-3810以後的版本</p>
<p>以上是我簡述過的步驟,原文是</p>
<blockquote>
<p>1. Shut down the NAS</p>
<p>2. Remove all the hard drives from the NAS</p>
<p>3. Find a spare hard drive that you will not mind wiping and insert it into</p>
<p>the NAS</p>
<p>4. Use Synology Assistant to find the NAS and install the latest DSM onto</p>
<p>this spare hard drive (use the latest DSM_file.pat from Synology)</p>
<p>5. When the DSM is fully running on this spare hard drive, shut down the NAS</p>
<p>from the web management console.</p>
<p>6. Remove the spare drive and insert ALL your original drives.</p>
<p>7. Power up the NAS and wait patiently. If all goes well after about a minute</p>
<p>you will hear a long beep and the NAS will come online.</p>
<p>8. Use Synology Assistant to find the NAS. It should now be visible with the</p>
<p>status &ldquo;migratable&rdquo;.</p>
<p>9. From Synology Assistant choose to install DSM to the NAS, use the same</p>
<p>file you used in step 4 and specify the same name and IP address as it was</p>
<p>before the crash.</p>
<p>10. Because the NAS is recognized as &ldquo;migratable&rdquo;, the DSM installation will</p>
<p>NOT wipe out the data on either the system partition nor the data partition.</p>
<p>11. After a few minutes, the installation will finish and you will be able to</p>
<p>log in to your NAS with your original credentials.</p>
</blockquote>
<p>在這之前,因為我手邊還有一台退役的 RS810+ ,想說先問問客服,我能不能把資料從現役的 DS 轉到 RS 上,做個備份比較安心</p>
<p>結果客服居然回說:「那你這樣是不相信我們的作法囉???」</p>
<p>好吧既然你客服都這樣說了反正我本來就有備份到USB頂多就損失一天的資料唄</p>
<p>依照步驟操作,過程中倒是沒有發生什麼問題,但是,事情絕對不像我想的那麼簡單</p>
<p>在安裝完最新版DSM、系統重開之後我直接從我的筆電上開啟檔案總管去連NAS ,可以看到之前設定分享的目錄,但是會跳出詢問帳號密碼的視窗</p>
<p>進到NAS管理界面檢查發現沒有JOIN DOMAIN &hellip;&hellip;&hellip;.</p>
<p>手動加入網域、重開NAS還是一樣會詢問帳號密碼</p>
<p>再進入管理界面檢查發現所有目錄設定的權限包含ACL都不見了&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;&hellip;.</p>
<p>這是我第二次在操作群暉NAS升級時發生這種升級成功、資料順利保留但是權限不見的狀況</p>
<p>偏偏敝公司NAS上的權限管制又特別的多、格外的複雜想到要重設&hellip;.靠北啊,整個想哭啊&hellip;</p>
</div>
<div class="footer no-tags">
</div>
</article>
</div>
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "bilberry-hugo-theme" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<footer>
<div class="container">
<div class="recent-posts">
<strong>Latest posts</strong>
<ul>
<li>
<a href="/article/google-550-5-7-1-sloution/">寄信給google被退信 錯誤 550-5.7.1的解法</a>
</li>
<li>
<a href="/article/netdata-linux-system-performance-monitor-dashboard/">Netdata Linux System Performance Monitor Dashboard</a>
</li>
<li>
<a href="/article/linux-performance-monitor-dashboard-netdata-md/">Linux 底下極其詳細的System performace Monitor Dashboard - Netdata</a>
</li>
<li>
<a href="/article/syntax-test/">Syntax Test</a>
</li>
<li>
<a href="/article/psql-create-role-and-assign-priviledges/">psql create role and assign priviledges</a>
</li>
<li>
<a href="/article/study-url/">Study URL</a>
</li>
<li>
<a href="/article/rsync-time-backup/">[筆記] Linux 底下好用的備份工具 rsync-time-backup</a>
</li>
</ul>
</div>
<div class="categories">
<a href="/categories/"><strong>Categories</strong></a>
<ul>
<li>
<a href="/categories/%E6%9C%AA%E5%88%86%E9%A1%9E">未分類 (86)</a>
</li>
<li>
<a href="/categories/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98">工作筆記 (68)</a>
</li>
<li>
<a href="/categories/%E5%85%B6%E4%BB%96">其他 (46)</a>
</li>
<li>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記 (30)</a>
</li>
<li>
<a href="/categories/%E5%89%AA%E5%A0%B1">剪報 (18)</a>
</li>
<li>
<a href="/categories/starting">Starting (5)</a>
</li>
<li>
<a href="/categories/blog">Blog (4)</a>
</li>
</ul>
</div>
<div class="right">
<div class="external-profiles">
<strong>Social media</strong>
<a href="https://twitter.com/TheRealLednerb" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
<a href="https://github.com/Lednerb" target="_blank"><i class="fa fa-github"></i></a>
</div>
<div class="languages">
<strong>Other languages</strong>
<a href="/en" class="active">en</a>
<a href="/de">de</a>
</div>
</div>
</div>
</footer>
<div class="credits">
<div class="container">
<div class="copyright">
<a href="https://github.com/Lednerb" target="_blank">
&copy;
2017
by Lednerb
</a>
</div>
<div class="author">
<a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Bilberry Hugo Theme</a>
</div>
</div>
</div>
<script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>
<script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>
<script>
$(".moment").each(function() {
$(this).text(
moment( $(this).text() )
.locale( "en" )
.format('LL')
);
});
$(".footnote-return sup").html("");
</script>
<script>
var client = algoliasearch("Y2C4RWMPXW", "50ea7f8c41c0ad233926e0be2b769ed1");
var index = client.initIndex("default-content");
$('#search').autocomplete({ hint: false, autoselect: true, debug: false },
[
{
source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 5, filters: 'language: en' }),
displayKey: function(suggestion) {
return suggestion.title || suggestion.author
},
templates: {
suggestion: function(suggestion) {
return "<span class='entry " + suggestion.type + "'>"
+ "<span class='title'>" + suggestion.title + "</span>"
+ "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
+ "</span>"
;
},
empty: function() {
return "<span class='empty'>Nothing found.</span>"
},
footer: function() {
return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
}
},
}
])
.on('autocomplete:selected', function(event, suggestion, dataset) {
window.location = (suggestion.url);
})
.keypress(function (event, suggestion) {
if (event.which == 13) {
window.location = (suggestion.url);
}
});
</script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink