Hi,
i got ransomwares/cryptowares last week, they have encrypted the nas files too. They use passwords stored in windows to access to nas file getting full rights. So, I’d like to switch off SMB protocol and all others active protocols like nfs etc, but maintaining active ONLY FTP access. I found a strategy to totally skip that attacks using using any schedulable backup software that works on FTP, for instance, cobian backup. To get this result at first I need to close smb, nfs, afp protocols. If my strategy will be affordable and sure like I believe, I’ll share the ‘trick’ with you. I also would like to know if it is possible to access to nas using ftps or sftp. Thanks for reading. Paolo
My nas device: WD MY CLOUD 3TB (Firmware Version 04.04.05-101
2015 Western Digital Corporation. All Rights Reserved)
It may be potentially possible to disable SMB within the My Cloud. And it might even be possibly within the Windows OS (Windows 10) to disable SMB. See Windows 10 Specific Method 6 in the following post that may have further relevant information on modifying SMB:
i agree with You that ftp is not totally secure seen that user and psw are sent w/o encryption. However, my anti-cryptolocker ‘strategy’ can make secure backups even on a ftp connection. Unfortunately i can’t disable the smb on windows because my soho customers use smb shared sources. The only way to apply my ‘method’ needs to disable smb and all the others protocols on the nas side, keeping active only the ftp server. Have You idea how to disable that services? I was thinking to access via ssh and disable the daemons or maybe uninstall/remove the servers packages. Seen WD my cloud is not based on apt or rpm package manager, i’d need to now the syntax, the commands and the options to use to make those changes. Should be interesting just modify the init levels to keeping all daemons installed but not active/non running. In more, before to start i’d like to know if in case of errors pressing the reset button i’ll get back the defult WD Cluod settings.
Samba can typically be stopped using SSH to issue the following command:
service samba stop
or
/etc/rc2.d/S20samba stop
Problem is that upon next restart or power on the Samba service may be restarted. Because you are using the v4.x firmware, one may able to modify the /etc/rc2.d/S98user-start file to include one of the above commands to stop Samba upon My Cloud v4.x startup/power on.
Why not patch your security hole. Find your weakest point, pc, laptop , server etc, and fortify that instead. Better antimalware, better anti-virus, better firewall, better usage policy (do not click on that attachment for Christ’s sake ), better usage awareness, better email filtering, , do not click randomly and visit suspicious sites.) better education, Use the Cryptolocker Prevention Kit … just saying. here is a list of what you an do:
It has pretty good advice plus your own common sense. Just saying …
Thank You for the suggestions. I think that Your hints and the ones suggested by PhatTrance, will allow me to stop smb, and this is a great step. Now I need to do the same on nfs and afp. Have You some idea to get this result? Thanks again and congratulations for Your knowhow on *nix
), better usage awareness, better email filtering, , do not click randomly and visit suspicious sites.) better education, Use the 