Urgent Notification about TNAS being Attacked by Ransomware
- Charlie_Croker
- Posts: 108
- Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware
LaMosca wrote:
>
http://larry.serveftp.com/simulador/robot.php
http://larry.serveftp.com/simulador/index.php
http://larry.serveftp.com/sitemap/
http://larry.serveftp.com/ayuda/js/categorias.js
http://larry.serveftp.com/404/css/scrip ... iew-source:
http://larry.serveftp.com/index
view-source:http://larry.serveftp.com/home.html
All viewable despite being blocked.
>
http://larry.serveftp.com/simulador/robot.php
http://larry.serveftp.com/simulador/index.php
http://larry.serveftp.com/sitemap/
http://larry.serveftp.com/ayuda/js/categorias.js
http://larry.serveftp.com/404/css/scrip ... iew-source:
http://larry.serveftp.com/index
view-source:http://larry.serveftp.com/home.html
All viewable despite being blocked.
Re: Urgent Notification about TNAS being Attacked by Ransomware
maybe you can see some things like the source codes. Web pages. but finally the system blocked you. here I leave your feat
IP Address-Already Blocked: ✔️ 122.155.174.169
Detecting Scanning Warning URL: ⛔ http://larry.serveftp.com/home.html
IP Address-Already Blocked: ✔️ 122.155.174.169
Detecting Scanning Warning URL: ⛔ http://larry.serveftp.com/home.html
Re: Urgent Notification about TNAS being Attacked by Ransomware
Timeline of what you have presented. to the other readers.
That's the idea. that you see what I want. and not what you want to see.
this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/robot.php
Note: Do not enter here it will block you.
this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/index.php
Note: Do not enter here it will block you.
/sitemap/ is to get the bots there so that intruders who think they know a lot are also blocked.
http://larry.serveftp.com/sitemap/
Note: Do not enter here it will block you.
this is a .js that does exist but with that you do nothing
http://larry.serveftp.com/ayuda/js/categorias.js
Note: Do not enter here it will block you.
This does not exist either, therefore if you enter they block you. and you will have my page 404
http://larry.serveftp.com/404/css/scrip ... iew-source
Note: Do not enter here it will block you.
This page does not exist either and if you enter it you will be blocked
http://larry.serveftp.com/index
Note: Do not enter here it will block you.
this page does not exist. on the server. it's just a fake. but in any case it corresponds to my page 404
view-source:http://larry.serveftp.com/home.html
Note: Do not enter here it will block you.
---------
---------
this is the right page to see what you need to see. and what I want to show you.
http://larry.serveftp.com/ayuda/
--------
--------
That's the idea. that you see what I want. and not what you want to see.
this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/robot.php
Note: Do not enter here it will block you.
this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/index.php
Note: Do not enter here it will block you.
/sitemap/ is to get the bots there so that intruders who think they know a lot are also blocked.
http://larry.serveftp.com/sitemap/
Note: Do not enter here it will block you.
this is a .js that does exist but with that you do nothing
http://larry.serveftp.com/ayuda/js/categorias.js
Note: Do not enter here it will block you.
This does not exist either, therefore if you enter they block you. and you will have my page 404
http://larry.serveftp.com/404/css/scrip ... iew-source
Note: Do not enter here it will block you.
This page does not exist either and if you enter it you will be blocked
http://larry.serveftp.com/index
Note: Do not enter here it will block you.
this page does not exist. on the server. it's just a fake. but in any case it corresponds to my page 404
view-source:http://larry.serveftp.com/home.html
Note: Do not enter here it will block you.
---------
---------
this is the right page to see what you need to see. and what I want to show you.
http://larry.serveftp.com/ayuda/
--------
--------
- Charlie_Croker
- Posts: 108
- Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware
It doesn't block me though :), it blocks an IP address. So if I change my IP I'm back in there. And that's easy to achieve with a VPN, or if you have a dynamic IP.
The best solution is a proper firewall with Intrusion Protection System, a good budget one os the Unifi Security Gateway (For around £100) which is a wired router and with DPI and IPS on, unfortunately WAN throughput drops to around 80-100Mbps. But if your internet speed is around that or lower it will work brilliantly and will blacklist any attempts not just at accessing your site on ports 80/8080, but all other ports.
The best solution is a proper firewall with Intrusion Protection System, a good budget one os the Unifi Security Gateway (For around £100) which is a wired router and with DPI and IPS on, unfortunately WAN throughput drops to around 80-100Mbps. But if your internet speed is around that or lower it will work brilliantly and will blacklist any attempts not just at accessing your site on ports 80/8080, but all other ports.
Re: Urgent Notification about TNAS being Attacked by Ransomware
Charlie_Croker wrote:
> It doesn't block me though :), it blocks an IP address. So if I change my
> IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> a dynamic IP.
>
> The best solution is a proper firewall with Intrusion Protection System, a
> good budget one os the Unifi Security Gateway (For around £100) which is a
> wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> around 80-100Mbps. But if your internet speed is around that or lower it
> will work brilliantly and will blacklist any attempts not just at accessing
> your site on ports 80/8080, but all other ports.
my answer.
In what you say you are right. but the idea is that you do not buy anything. and at least you can save where the attacks are coming from. In addition, if every time you update the htaccess there is, at least you will be quite protected. and you have not needed to buy anything.
the idea is to update a database. in htaccess when you can. You can also put a link. that I will leave you next. and you put it on your main page and every scan. What you do on your server will block the ip address on the other server.
> It doesn't block me though :), it blocks an IP address. So if I change my
> IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> a dynamic IP.
>
> The best solution is a proper firewall with Intrusion Protection System, a
> good budget one os the Unifi Security Gateway (For around £100) which is a
> wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> around 80-100Mbps. But if your internet speed is around that or lower it
> will work brilliantly and will blacklist any attempts not just at accessing
> your site on ports 80/8080, but all other ports.
my answer.
In what you say you are right. but the idea is that you do not buy anything. and at least you can save where the attacks are coming from. In addition, if every time you update the htaccess there is, at least you will be quite protected. and you have not needed to buy anything.
the idea is to update a database. in htaccess when you can. You can also put a link. that I will leave you next. and you put it on your main page and every scan. What you do on your server will block the ip address on the other server.
- Charlie_Croker
- Posts: 108
- Joined: 07 Oct 2020, 19:05

Re: Urgent Notification about TNAS being Attacked by Ransomware
LaMosca wrote:
> Charlie_Croker wrote:
> > It doesn't block me though :), it blocks an IP address. So if I change my
> > IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> > a dynamic IP.
> >
> > The best solution is a proper firewall with Intrusion Protection System, a
> > good budget one os the Unifi Security Gateway (For around £100) which is a
> > wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> > around 80-100Mbps. But if your internet speed is around that or lower it
> > will work brilliantly and will blacklist any attempts not just at accessing
> > your site on ports 80/8080, but all other ports.
>
> my answer.
> In what you say you are right. but the idea is that you do not buy anything. and at
> least you can save where the attacks are coming from. In addition, if every time you
> update the htaccess there is, at least you will be quite protected. and you have not
> needed to buy anything.
>
> the idea is to update a database. in htaccess when you can. You can also put a link.
> that I will leave you next. and you put it on your main page and every scan. What you
> do on your server will block the ip address on the other server.
Well good luck with your project.
> Charlie_Croker wrote:
> > It doesn't block me though :), it blocks an IP address. So if I change my
> > IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> > a dynamic IP.
> >
> > The best solution is a proper firewall with Intrusion Protection System, a
> > good budget one os the Unifi Security Gateway (For around £100) which is a
> > wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> > around 80-100Mbps. But if your internet speed is around that or lower it
> > will work brilliantly and will blacklist any attempts not just at accessing
> > your site on ports 80/8080, but all other ports.
>
> my answer.
> In what you say you are right. but the idea is that you do not buy anything. and at
> least you can save where the attacks are coming from. In addition, if every time you
> update the htaccess there is, at least you will be quite protected. and you have not
> needed to buy anything.
>
> the idea is to update a database. in htaccess when you can. You can also put a link.
> that I will leave you next. and you put it on your main page and every scan. What you
> do on your server will block the ip address on the other server.
Well good luck with your project.
Re: Urgent Notification about TNAS being Attacked by Ransomware
hgvandy wrote:
> Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> I have never purchased crypto, but before I do, I want to make sure this
> will unlock my data. I will be doing things much different in the future.
> Thanks!
You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto, especially a ransomware attack author.
> Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> I have never purchased crypto, but before I do, I want to make sure this
> will unlock my data. I will be doing things much different in the future.
> Thanks!
You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto, especially a ransomware attack author.
Re: Urgent Notification about TNAS being Attacked by Ransomware
oscar wrote:
> hgvandy wrote:
> > Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> > I have never purchased crypto, but before I do, I want to make sure this
> > will unlock my data. I will be doing things much different in the future.
> > Thanks!
>
> You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto,
> especially a ransomware attack author.
100% correct!
Makes it worthwhile for them to improve their attacks going forward.
> hgvandy wrote:
> > Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> > I have never purchased crypto, but before I do, I want to make sure this
> > will unlock my data. I will be doing things much different in the future.
> > Thanks!
>
> You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto,
> especially a ransomware attack author.
100% correct!
Makes it worthwhile for them to improve their attacks going forward.
Re: Urgent Notification about TNAS being Attacked by Ransomware
{L_BUTTON_AT}fpsking
> TMroy wrote:
> > > >
> > You are the one who exposes your device to the internet but doesn't want to
> > do anything.
>
> I don't think that's a good / correct answer to this specific customer (fpsking
> listed all the things he did) or to your customers in general. Do you really think
> that, if your customers had received detailed step-to-step instructions from
> TerraMaster on how to avoid this issue, they would have not "wanted to do
> anything" about it? Your first instructions were as generic as "change
> this port" (to what?), "install an anti-virus" (which one? there's
> only one on the app store and it won't defend you against ransomware) or
> "disable the admin user" (the OS that most people have installed does NOT
> allow you to disable it).
>
> Furthermore, blaming people for using standard ports or having FTP enabled is quite
> hypocritical, considering that Terramaster ships with telnet and FTP options enabled
> by default and with all the standard ports enabled. Terra Master units should be
> SECURE BY DEFAULT. The users should then have the OPTION TO REDUCE SECURITY at their
> own risk (with proper warning messages popping up). NOT THE OTHER WAY AROUND.
I agree 100%
So, going forward, is there a guide/recommended configuration document here that us less than technical genius's can set up that gives us an improved chance of not getting hacked again?
Re: Urgent Notification about TNAS being Attacked by Ransomware
I tried to configure the firewall, allowing some incoming ip from my network. But when the filter is active in the system bar is displayed that Internet is not connected. I have allowed all protocols.
What am I doing wrong?
Also can I configure the firewall so that it allows me to use my ddns incoming address? Is it possible to have detailed tutorial with explanation so we understand what we are doing?
What am I doing wrong?
Also can I configure the firewall so that it allows me to use my ddns incoming address? Is it possible to have detailed tutorial with explanation so we understand what we are doing?
