Urgent Notification about TNAS being Attacked by Ransomware

Official announcements and latest news, awards from medias, and sucess stories.
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

maybe you can see some things like the source codes. Web pages. but finally the system blocked you. here I leave your feat

IP Address-Already Blocked: ✔️ 122.155.174.169
Detecting Scanning Warning URL: ⛔ http://larry.serveftp.com/home.html
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

Timeline of what you have presented. to the other readers.
That's the idea. that you see what I want. and not what you want to see.

this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/robot.php
Note: Do not enter here it will block you.

this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/index.php
Note: Do not enter here it will block you.

/sitemap/ is to get the bots there so that intruders who think they know a lot are also blocked.
http://larry.serveftp.com/sitemap/
Note: Do not enter here it will block you.

this is a .js that does exist but with that you do nothing
http://larry.serveftp.com/ayuda/js/categorias.js
Note: Do not enter here it will block you.

This does not exist either, therefore if you enter they block you. and you will have my page 404
http://larry.serveftp.com/404/css/scrip ... iew-source
Note: Do not enter here it will block you.

This page does not exist either and if you enter it you will be blocked
http://larry.serveftp.com/index
Note: Do not enter here it will block you.

this page does not exist. on the server. it's just a fake. but in any case it corresponds to my page 404
view-source:http://larry.serveftp.com/home.html
Note: Do not enter here it will block you.

---------
---------

this is the right page to see what you need to see. and what I want to show you.

http://larry.serveftp.com/ayuda/

--------
--------
User avatar
Charlie_Croker
Posts: 108
Joined: 07 Oct 2020, 19:05
Saudi Arabia

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

It doesn't block me though :), it blocks an IP address. So if I change my IP I'm back in there. And that's easy to achieve with a VPN, or if you have a dynamic IP.

The best solution is a proper firewall with Intrusion Protection System, a good budget one os the Unifi Security Gateway (For around £100) which is a wired router and with DPI and IPS on, unfortunately WAN throughput drops to around 80-100Mbps. But if your internet speed is around that or lower it will work brilliantly and will blacklist any attempts not just at accessing your site on ports 80/8080, but all other ports.
User avatar
LaMosca
Posts: 0
Joined: 23 Jan 2022, 11:23

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by LaMosca »

Charlie_Croker wrote:
> It doesn't block me though :), it blocks an IP address. So if I change my
> IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> a dynamic IP.
>
> The best solution is a proper firewall with Intrusion Protection System, a
> good budget one os the Unifi Security Gateway (For around £100) which is a
> wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> around 80-100Mbps. But if your internet speed is around that or lower it
> will work brilliantly and will blacklist any attempts not just at accessing
> your site on ports 80/8080, but all other ports.

my answer.
In what you say you are right. but the idea is that you do not buy anything. and at least you can save where the attacks are coming from. In addition, if every time you update the htaccess there is, at least you will be quite protected. and you have not needed to buy anything.

the idea is to update a database. in htaccess when you can. You can also put a link. that I will leave you next. and you put it on your main page and every scan. What you do on your server will block the ip address on the other server.
User avatar
Charlie_Croker
Posts: 108
Joined: 07 Oct 2020, 19:05
Saudi Arabia

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Charlie_Croker »

LaMosca wrote:
> Charlie_Croker wrote:
> > It doesn't block me though :), it blocks an IP address. So if I change my
> > IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> > a dynamic IP.
> >
> > The best solution is a proper firewall with Intrusion Protection System, a
> > good budget one os the Unifi Security Gateway (For around £100) which is a
> > wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> > around 80-100Mbps. But if your internet speed is around that or lower it
> > will work brilliantly and will blacklist any attempts not just at accessing
> > your site on ports 80/8080, but all other ports.
>
> my answer.
> In what you say you are right. but the idea is that you do not buy anything. and at
> least you can save where the attacks are coming from. In addition, if every time you
> update the htaccess there is, at least you will be quite protected. and you have not
> needed to buy anything.
>
> the idea is to update a database. in htaccess when you can. You can also put a link.
> that I will leave you next. and you put it on your main page and every scan. What you
> do on your server will block the ip address on the other server.


Well good luck with your project.
User avatar
oscar
Posts: 4
Joined: 19 Nov 2020, 05:38

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by oscar »

hgvandy wrote:
> Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> I have never purchased crypto, but before I do, I want to make sure this
> will unlock my data. I will be doing things much different in the future.
> Thanks!

You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto, especially a ransomware attack author.
User avatar
jani7
Posts: 0
Joined: 01 Mar 2022, 04:24

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by jani7 »

oscar wrote:
> hgvandy wrote:
> > Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> > I have never purchased crypto, but before I do, I want to make sure this
> > will unlock my data. I will be doing things much different in the future.
> > Thanks!
>
> You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto,
> especially a ransomware attack author.

100% correct!
Makes it worthwhile for them to improve their attacks going forward.
User avatar
jani7
Posts: 0
Joined: 01 Mar 2022, 04:24

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by jani7 »

{L_BUTTON_AT}fpsking
alexinwonderland wrote:
> TMroy wrote:
> > > >
> > You are the one who exposes your device to the internet but doesn't want to
> > do anything.
>
> I don't think that's a good / correct answer to this specific customer (fpsking
> listed all the things he did) or to your customers in general. Do you really think
> that, if your customers had received detailed step-to-step instructions from
> TerraMaster on how to avoid this issue, they would have not "wanted to do
> anything" about it? Your first instructions were as generic as "change
> this port" (to what?), "install an anti-virus" (which one? there's
> only one on the app store and it won't defend you against ransomware) or
> "disable the admin user" (the OS that most people have installed does NOT
> allow you to disable it).
>
> Furthermore, blaming people for using standard ports or having FTP enabled is quite
> hypocritical, considering that Terramaster ships with telnet and FTP options enabled
> by default and with all the standard ports enabled. Terra Master units should be
> SECURE BY DEFAULT. The users should then have the OPTION TO REDUCE SECURITY at their
> own risk (with proper warning messages popping up). NOT THE OTHER WAY AROUND.

I agree 100%

So, going forward, is there a guide/recommended configuration document here that us less than technical genius's can set up that gives us an improved chance of not getting hacked again?
Roccia7
Posts: 62
Joined: 05 Mar 2020, 05:02
Italy

Re: Urgent Notification about TNAS being Attacked by Ransomware

Post by Roccia7 »

I tried to configure the firewall, allowing some incoming ip from my network. But when the filter is active in the system bar is displayed that Internet is not connected. I have allowed all protocols.
What am I doing wrong?
Also can I configure the firewall so that it allows me to use my ddns incoming address? Is it possible to have detailed tutorial with explanation so we understand what we are doing?
Post Reply

Return to “News and Announcements”