Urgent Notification about TNAS being Attacked by Ransomware

[Charlie_Croker]

LaMosca wrote:
>


http://larry.serveftp.com/simulador/robot.php
http://larry.serveftp.com/simulador/index.php
http://larry.serveftp.com/sitemap/
http://larry.serveftp.com/ayuda/js/categorias.js
http://larry.serveftp.com/404/css/scrip ... iew-source:
http://larry.serveftp.com/index
view-source:http://larry.serveftp.com/home.html

All viewable despite being blocked.

[LaMosca]

maybe you can see some things like the source codes. Web pages. but finally the system blocked you. here I leave your feat

IP Address-Already Blocked: ✔️ 122.155.174.169
Detecting Scanning Warning URL: ⛔ http://larry.serveftp.com/home.html

[LaMosca]

Timeline of what you have presented. to the other readers.
That's the idea. that you see what I want. and not what you want to see.

this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/robot.php
Note: Do not enter here it will block you.

this page is to block you instantly. and that gives me all the necessary information. about your isp
http://larry.serveftp.com/simulador/index.php
Note: Do not enter here it will block you.

/sitemap/ is to get the bots there so that intruders who think they know a lot are also blocked.
http://larry.serveftp.com/sitemap/
Note: Do not enter here it will block you.

this is a .js that does exist but with that you do nothing
http://larry.serveftp.com/ayuda/js/categorias.js
Note: Do not enter here it will block you.

This does not exist either, therefore if you enter they block you. and you will have my page 404
http://larry.serveftp.com/404/css/scrip ... iew-source
Note: Do not enter here it will block you.

This page does not exist either and if you enter it you will be blocked
http://larry.serveftp.com/index
Note: Do not enter here it will block you.

this page does not exist. on the server. it's just a fake. but in any case it corresponds to my page 404
view-source:http://larry.serveftp.com/home.html
Note: Do not enter here it will block you.

---------
---------

this is the right page to see what you need to see. and what I want to show you.

http://larry.serveftp.com/ayuda/

--------
--------

[Charlie_Croker]

It doesn't block me though :), it blocks an IP address. So if I change my IP I'm back in there. And that's easy to achieve with a VPN, or if you have a dynamic IP.

The best solution is a proper firewall with Intrusion Protection System, a good budget one os the Unifi Security Gateway (For around £100) which is a wired router and with DPI and IPS on, unfortunately WAN throughput drops to around 80-100Mbps. But if your internet speed is around that or lower it will work brilliantly and will blacklist any attempts not just at accessing your site on ports 80/8080, but all other ports.

[LaMosca]

Charlie_Croker wrote:
> It doesn't block me though :), it blocks an IP address. So if I change my
> IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> a dynamic IP.
>
> The best solution is a proper firewall with Intrusion Protection System, a
> good budget one os the Unifi Security Gateway (For around £100) which is a
> wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> around 80-100Mbps. But if your internet speed is around that or lower it
> will work brilliantly and will blacklist any attempts not just at accessing
> your site on ports 80/8080, but all other ports.

my answer.
In what you say you are right. but the idea is that you do not buy anything. and at least you can save where the attacks are coming from. In addition, if every time you update the htaccess there is, at least you will be quite protected. and you have not needed to buy anything.

the idea is to update a database. in htaccess when you can. You can also put a link. that I will leave you next. and you put it on your main page and every scan. What you do on your server will block the ip address on the other server.

[Charlie_Croker]

LaMosca wrote:
> Charlie_Croker wrote:
> > It doesn't block me though :), it blocks an IP address. So if I change my
> > IP I'm back in there. And that's easy to achieve with a VPN, or if you have
> > a dynamic IP.
> >
> > The best solution is a proper firewall with Intrusion Protection System, a
> > good budget one os the Unifi Security Gateway (For around £100) which is a
> > wired router and with DPI and IPS on, unfortunately WAN throughput drops to
> > around 80-100Mbps. But if your internet speed is around that or lower it
> > will work brilliantly and will blacklist any attempts not just at accessing
> > your site on ports 80/8080, but all other ports.
>
> my answer.
> In what you say you are right. but the idea is that you do not buy anything. and at
> least you can save where the attacks are coming from. In addition, if every time you
> update the htaccess there is, at least you will be quite protected. and you have not
> needed to buy anything.
>
> the idea is to update a database. in htaccess when you can. You can also put a link.
> that I will leave you next. and you put it on your main page and every scan. What you
> do on your server will block the ip address on the other server.


Well good luck with your project.

[oscar]

hgvandy wrote:
> Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> I have never purchased crypto, but before I do, I want to make sure this
> will unlock my data. I will be doing things much different in the future.
> Thanks!

You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto, especially a ransomware attack author.

[jani7]

oscar wrote:
> hgvandy wrote:
> > Has anyone paid the ransom and how do you buy .03 of bitcoin and transfer?
> > I have never purchased crypto, but before I do, I want to make sure this
> > will unlock my data. I will be doing things much different in the future.
> > Thanks!
>
> You NEVER, NEVER, NEVER pay someone blackmailing you. Especially in crypto,
> especially a ransomware attack author.

100% correct!
Makes it worthwhile for them to improve their attacks going forward.

[jani7]

{L_BUTTON_AT}fpsking

alexinwonderland wrote:
> TMroy wrote:
> > > >
> > You are the one who exposes your device to the internet but doesn't want to
> > do anything.
>
> I don't think that's a good / correct answer to this specific customer (fpsking
> listed all the things he did) or to your customers in general. Do you really think
> that, if your customers had received detailed step-to-step instructions from
> TerraMaster on how to avoid this issue, they would have not "wanted to do
> anything" about it? Your first instructions were as generic as "change
> this port" (to what?), "install an anti-virus" (which one? there's
> only one on the app store and it won't defend you against ransomware) or
> "disable the admin user" (the OS that most people have installed does NOT
> allow you to disable it).
>
> Furthermore, blaming people for using standard ports or having FTP enabled is quite
> hypocritical, considering that Terramaster ships with telnet and FTP options enabled
> by default and with all the standard ports enabled. Terra Master units should be
> SECURE BY DEFAULT. The users should then have the OPTION TO REDUCE SECURITY at their
> own risk (with proper warning messages popping up). NOT THE OTHER WAY AROUND.

I agree 100%

So, going forward, is there a guide/recommended configuration document here that us less than technical genius's can set up that gives us an improved chance of not getting hacked again?

[LaMosca]

jani7 wrote:
>

Bye-bye, Crawler: Blocking the Parasites

más de 30 ataques web. en menos de 12 horas. ¿Crees que tu tnass mantendrá ese ritmo?

algunos ataques provienen directamente de google-user-content... jajaja y luego tienes que confiar en Google.

Otros ataques buscaron la contraseña. ejemplo, etc./contraseña y luego la papelera de Google dice esto...

Expanse, una empresa de Palo Alto Networks, busca en el espacio IPv4 global varias veces al día para identificar a los clientes. presencias en Internet. Si desea ser excluido de nuestros escaneos, envíe direcciones IP/dominios a: scaninfo@paloaltonetworks.com

bueno, mi sistema realmente los excluye automáticamente jajaja Gracias, Google, pero yo mismo te excluyo ...

LA PREGUNTA ES ESTA. CUÁL ES EL PROPÓSITO DE ESTOS ESCANEOS. ¿ELLOS TE AYUDARÁN? ¿O QUIEREN ENTRAR EN SUS DISPOSITIVOS? ¿CONFÍAS EN ELLOS? A ESTA BASURA DEL ESCÁNER.

AQUÍ ESTÁ UN LOGOTIPO DETALLADO. DE SU ESCANEO DE ESTA BASURA... PODRÁS VER QUE NO ESTOY MINTIENDO.

http://larry.serveftp.com/404/scaneo_basura.txt

PROTEJA SU TNAS. HOY.

http://larry.serveftp.com/ayuda/

descarga el archivo. htaccess y protege tu TNAS.
Mire mi configuracion.

--------
--------

Bye-bye, Crawler: Blocking the Parasites

more than 30 web attacks. in less than 12 hours. Do you think your tnass will keep that pace?

some attacks come directly from google user content...lol and then you have to trust google.

Other attacks searched for the password. example etc/password and then google trash says this...

Expanse, a Palo Alto Networks company, searches the global IPv4 space several times a day to identify customers. presences on the Internet. If you wish to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com

well my system actually excludes them automatically lol Thanks google but i exclude you myself...

THE QUESTION IS THIS. WHAT IS THE PURPOSE OF THESE SCANS. THEY WILL HELP YOU? OR DO THEY WANT TO GET INTO YOUR DEVICES? DO YOU TRUST THEM? TO THIS SCANNER GARBAGE.

HERE IS A DETAILED LOGO. FROM HIS SCAN OF THIS GARBAGE... YOU WILL BE ABLE TO SEE THAT I AM NOT LYING.

http://larry.serveftp.com/404/scaneo_basura.txt

PROTECT YOUR TNAS. TODAY.

download the file. htaccess and protect your TNAS.
Look at my configuration.

http://larry.serveftp.com/ayuda/