Hi, mybooklive 1TB simply doesn’t show up anywhere.
Leds on back are ok (green solid and blinking) but i can’t connect to the drive no matter what. done reboot (router; iMac; Mybook), done reset with paper clip… nothing!
Its frustrating
Pls help!
Update on PhotoRec recovery:
I am 12 hours into it using a low-powered Linux box, and I still have 24 more hours to go. So far it has found 150k+ files.of mixed results. All files get random file names assigned, except for PDF and HTML. Weird.
JPGs: a mix of original pictures and thumbnails. Oh it’s so annoying to see 1kb thumbnail JPGs mixed in with the real JPGs.
MP3: good. Unable to tell which file is which, do I listen to all of them to determine what songs I have?
MPG: useless. Recovered 18k MPGs, all of them 65.5kb.
And I got a bunch other miscellaneous files like .docx or .txt or .xml.
I don’t see any camera raw files yet (CRW, CR2, or DNG).
Well, I’ve been lucky to not having being hacked, but I couldn’t live in this way.
Having a device with no support, with vulnerabilities and without upgrades is just unthinkable for me.
Just to share with you, I switched to OpenWRT yesterday, and every thing I need is here :
FTP with secure protocol (TLS)
SAMBA share
DLNA
Updated transmission (3.0)
Support of higher capacity drive (4 TB with MBL single, thanks to GPT partitions conversion)
Tons of addons
Last version of patches and security fixes
An advice : try it ! Don’t wait for a miracle from WD ! They won’t publish any firmware upgrade for a ten years device !
I don’t know anything about networking, I basically bought this years ago to store movies and stupidly stored some sensitive info on it as well. What I’m worried about now is could this mean they have access to other devices on my network? Should I be changing credit card and bank passwords? (None of that was stored on the drive I do have them saved in Chrome which maybe isn’t smart?)
Me, too.
All data has deleted.
Photos and videos.
All my precious memories…
I’m so sad that I don’t even cry.
Please do something about it.
Thank you very much for all your help and fix! I haven’t run your fix yet but did want to check to see if anything is fishy first in the logs, etc.
I tried this in ssh:
What specific commands should I use in ssh to check for wget
or whatnot to see if my device was perhaps fiddled with but not factory restored and erased yet?
Thank you.
Dear Sunpeak / other users,
I have reset the password with the button on the back. According to the shares overview the system is empty. However in the past I created a networkconnection (letter N) directly to the share.
When clicking on this share I only get to see one folder where each subfolder is marked with an ‘X’.
But my main question is; is there any chance that the data is still there? Because the properties of the driveletter ‘N’ still shows that 80gb is used an 2.2tb is available. Or is this still in the ‘memory’ of my computer and is this information false?
Thank you for your reply…
Kind regards,
Sander
Bad news is they had root access and could have looked at sensitive files stored on your machine. The good news is there’s a report from someone that watched for traffic and it doesn’t show them moving a large amount of data that would be a telltale sign of downloading files. WD isn’t being very proactive so unfortunately all we can do at this point is guess what happened ourselves. YMMV, of course.
Reference:
From what is currently known about the attack, very very unlikely. How you proceed should depends on how sensitive your information is. If you’ve got nation state level security on your network you should take even a 0,1% chance seriously. Otherwise, you’ll be fine.
As several others here have confirmed and tried: You can recover certain filetypes like pictures and mp3s with software like photorec (and other software that does something similar - scan the drive for known filetypes). What you will get is a folder with thousands of jpegs without name or folder structure - you will then need to sort this mess out yourself (Pro tip: EXIF information if present in the photos can help with sorting!). This is not a great solution but if your memories were fotos, you will most likely be able to recover a lot. Videos are more critical, because the larger the file, the more likely that is was stored in fragments and this cannot be recovered. Someone here posted a link to a commercial software that claimed to be better at recovering those fragmented bits - I don’t know if this claim is true. Perhaps there exists better software if you had camera RAW files? For small files, especially jpeg photorec is very good, just don’t expect a 8GB mp4 file to come out ok.
If somebody has compromised the device, they could have replaced any file on the device. For example they could replace a innocent looking file somewhere in the system dir that gets called regularly. (Just checking crontab is not enough. You should at least also check /etc/init.d and /etc/crontab.d ).
But I have a better solution: Do a firmware update. Even if you install the same version, your system files will be wiped and completely replaced. Your data will stay fine.
But don’t forget to re-do the bugfix, since it gets reverted too!
I registered and wasn’t breached, so it may not be that. I also had auto-update enabled. Then again, we’re all shooting in the dark here and the cold reality may be that it was all luck of the draw who got hit or not.
That said, WD is saying it was from a port scan. Because I didn’t trust the MBL security, I did have UPnP disabled on both the MBL and on my router. I had remote access off. Also, running NAT on my ISP’s router/modem along with its built-in firewall set to ‘medium’ for whatever that was worth. I had no ports forwarded manually on the router either and the DMZ was off. Remote access to my router is also off. If any one of those settings weren’t correct, it may have led to me being a victim of the port scan perhaps, but who knows? Again, perhaps I was/am just lucky and randomly wasn’t targeted.
Like many others, I’ve lost everything that I had backed up to the MyBookLiveDuo.
I’m not a network expert; but I did check my traffic for last week, and there was a HUGE increase on June 21. It was almost triple what I normally see. Now I’m feeling physically ill once again over this entire mess.
That’s a great idea, I will do that after snooping around with ssh to see if anything looks funky. I’d just like to know if they got access and perhaps changed things before I erase it.
Okay thanks, that eases some anxiety. I was here worrying my network was compromised and unsafe. I’ve since changed my wifi name and password and well as passwords to sensitive accounts like my bank just to be overly cautious. And now I guess I just wait, and monitor things and pray they didn’t steal my tax documents off that drive. I can’t believe I’m praying for it just be a malicious act of deletion.
Unfortunately, there is no easy way to check if an attacker has compromised something.
You might have luck finding that an attacker has inserted something to /etc/crontab (that’s a file) or /etc/init.d (thats a directory) or /etc/crontab.d (thats also a directory). But they could also have changed something completely different!
You could do this:
ls -la /etc/crontab
ls -la /etc/init.d/
ls -la /etc/cron*/
and look at the file modify dates. Since the firmware is old, the files should all be dated 2010-2015 .
If you find a file with an odd modify date, it needs to be carefully inspected.
But again, you cannot completely check everything by hand, this might only find a bit
I got these results from those commands:
MyBookLive:~# ls -la /etc/crontab
-rwxr-xr-x 1 root root 723 Jun 15 2012 /etc/crontab
MyBookLive:~# ls -la /etc/init.d/
total 472
drwxr-xr-x 2 root root 4096 May 7 2015 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 0 Jan 8 2013 .legacy-bootordering
-rw-r--r-- 1 root root 1510 Mar 4 2010 README
-rwxr-xr-x 1 root root 4377 Sep 4 2012 access
-rwxr-xr-x 1 root root 6710 Jun 1 2012 apache2
-rwxr-xr-x 1 root root 2359 Jul 30 2010 avahi-daemon
-rwxr-xr-x 1 root root 2155 Mar 4 2010 bootlogd
-rwxr-xr-x 1 root root 1988 Mar 4 2010 bootmisc.sh
-rwxr-xr-x 1 root root 3004 Mar 4 2010 checkfs.sh
-rwxr-xr-x 1 root root 9831 Mar 4 2010 checkroot.sh
-rwxr-xr-x 1 root root 777 Oct 14 2014 commgrd
-rwxr-xr-x 1 root root 2602 Jun 16 2010 cron
-rwxr-xr-x 1 root root 4695 Oct 25 2011 dbus
-rwxr-xr-x 1 root root 820 May 24 2012 emi-patch-check.sh
-rwxr-xr-x 1 root root 2826 May 14 2012 forked-daapd
-rwxr-xr-x 1 root root 1645 Jan 29 2013 halt
-rwxr-xr-x 1 root root 10572 Sep 30 2010 hdparm
-rwxr-xr-x 1 root root 1287 Mar 4 2010 hostname.sh
-rwxr-xr-x 1 root root 5061 Jul 9 2010 hwclock.sh
-rwxr-xr-x 1 root root 5079 Jul 9 2010 hwclockfirst.sh
-rwxr-xr-x 1 root root 3117 May 13 2010 ifplugd
-rwxr-xr-x 1 root root 2518 Mar 4 2010 ifupdown
-rwxr-xr-x 1 root root 1046 Mar 4 2010 ifupdown-clean
lrwxrwxrwx 1 root root 12 May 7 2015 itunes -> forked-daapd
-rwxr-xr-x 1 root root 1484 Mar 4 2010 killprocs
-rwxr-xr-x 1 root root 1215 Mar 28 2013 lltd
-rwxr-xr-x 1 root root 1866 Aug 8 2011 mDNSResponder
-rwxr-xr-x 1 root root 1914 Sep 3 2010 mdadm
-rwxr-xr-x 1 root root 6226 Sep 3 2010 mdadm-raid
-rwxr-xr-x 1 root root 1793 Mar 4 2010 module-init-tools
-rwxr-xr-x 1 root root 1477 May 20 2012 monitorTemperature
-rwxr-xr-x 1 root root 1910 Jan 8 2013 monitorio
-rwxr-xr-x 1 root root 4202 Jan 17 2013 mountDataVolume.sh
-rwxr-xr-x 1 root root 620 Mar 4 2010 mountall-bootclean.sh
-rwxr-xr-x 1 root root 1956 Mar 4 2010 mountall.sh
-rwxr-xr-x 1 root root 2194 Mar 4 2010 mountdevsubfs.sh
-rwxr-xr-x 1 root root 2476 Mar 4 2010 mountkernfs.sh
-rwxr-xr-x 1 root root 618 Mar 4 2010 mountnfs-bootclean.sh
-rwxr-xr-x 1 root root 2330 Mar 4 2010 mountnfs.sh
-rwxr-xr-x 1 root root 1321 Mar 4 2010 mountoverflowtmp
-rwxr-xr-x 1 root root 3668 Mar 4 2010 mtab.sh
-rwxr-xr-x 1 root root 1679 Apr 22 2013 netatalk
-rwxr-xr-x 1 root root 2757 Jan 17 2012 networking
-rwxr-xr-x 1 root root 5964 Mar 4 2010 nfs-common
-rwxr-xr-x 1 root root 4563 Mar 18 2010 nfs-kernel-server
-rwxr-xr-x 1 root root 1600 Jun 15 2011 ntpdate
-rwxr-xr-x 1 root root 7319 Apr 10 2010 openvpn
-rwxr-xr-x 1 root root 1016 Oct 18 2012 orion
-rwxr-xr-x 1 root root 2066 Mar 4 2010 portmap
-rwxr-xr-x 1 root root 1247 Mar 4 2010 procps
-rwxr-xr-x 1 root root 1613 Jan 25 2012 purgelogs.sh
-rwxr-xr-x 1 root root 29492 May 26 2010 ramlog
-rwxr-xr-x 1 root root 10124 May 25 2012 rc
-rwxr-xr-x 1 root root 117 Mar 4 2010 rcS
-rwxr-xr-x 1 root root 639 Mar 4 2010 reboot
-rwxr-xr-x 1 root root 1710 Jan 8 2013 reset_button_mon
-rwxr-xr-x 1 root root 796 Jan 22 2013 restoreSettings.sh
-rwxr-xr-x 1 root root 941 Mar 4 2010 rmnologin
-rwxr-xr-x 1 root root 5108 Mar 4 2010 rsync
-rwxr-xr-x 1 root root 2850 Mar 4 2010 rsyslog
-rwxr-xr-x 1 root root 2992 May 10 2012 samba
-rwxr-xr-x 1 root root 915 Jun 15 2011 saveclock.sh
-rwxr-xr-x 1 root root 2283 Mar 4 2010 sendsigs
-rwxr-xr-x 1 root root 590 Mar 4 2010 single
-rw-r--r-- 1 root root 4167 Mar 4 2010 skeleton
-rwxr-xr-x 1 root root 3364 Mar 4 2010 smartmontools
-rwxr-xr-x 1 root root 3845 Aug 2 2010 ssh
-rwxr-xr-x 1 root root 525 Mar 4 2010 stop-bootlogd
-rwxr-xr-x 1 root root 1096 Mar 4 2010 stop-bootlogd-single
-rwxr-xr-x 1 root root 551 Mar 18 2010 sudo
-rwxr-xr-x 1 root root 1603 Mar 23 2010 sysstat
-rwxr-xr-x 1 root root 7473 May 13 2010 udev
-rwxr-xr-x 1 root root 1001 May 13 2010 udev-mtab
-rwxr-xr-x 1 root root 3175 Mar 4 2010 umountfs
-rwxr-xr-x 1 root root 2140 Mar 4 2010 umountnfs.sh
-rwxr-xr-x 1 root root 1456 Mar 4 2010 umountroot
-rwxr-xr-x 1 root root 2137 Aug 5 2011 upnp_nas
-rwxr-xr-x 1 root root 1815 Mar 4 2010 urandom
-rwxr-xr-x 1 root root 1403 Mar 14 2013 vftd
-rwxr-xr-x 1 root root 2516 Aug 2 2010 vsftpd
-rwxr-xr-x 1 root root 986 May 9 2012 wdAdminEntry
-rwxr-xr-x 1 root root 1078 May 9 2012 wdAdminFinalize
-rwxr-xr-x 1 root root 1032 May 9 2012 wdAppEntry
-rwxr-xr-x 1 root root 1876 Oct 18 2012 wdAppFinalize
-rwxr-xr-x 1 root root 1018 May 9 2012 wdEmergencyEntry
-rwxr-xr-x 1 root root 1046 May 9 2012 wdEmergencyFinalize
-rwxr-xr-x 1 root root 2048 May 20 2012 wdInitEntry
-rwxr-xr-x 1 root root 7331 Feb 7 2013 wdInitFinalize
-rwxr-xr-x 1 root root 1196 Mar 11 2013 wdPreBoot.sh
-rwxr-xr-x 1 root root 940 May 9 2012 wdVftEntry
-rwxr-xr-x 1 root root 1008 May 9 2012 wdVftFinalize
-rwxr-xr-x 1 root root 1777 Mar 4 2010 x11-common
MyBookLive:~# ls -la /etc/cron*/
/etc/cron.d/:
total 40
drwxr-xr-x 2 root root 4096 Jun 24 19:06 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 102 Mar 4 2010 .placeholder
-rwxr-xr-x 1 root root 130 May 20 2012 20-checkRAID
-rwxr-xr-- 1 root root 0 Dec 8 2020 WDSAFE
-rwxr-xr-x 1 root root 430 May 1 2012 access
-rw-r--r-- 1 root www-data 115 Jun 24 19:06 auto_update
-rw-r--r-- 1 root root 589 Sep 3 2010 mdadm
-rwxr-xr-x 1 root root 524 Apr 10 2012 php5
-rw-r--r-- 1 root root 396 Mar 24 2010 sysstat
-rwxr-xr-x 1 root root 408 May 9 2012 system_monitor
/etc/cron.daily/:
total 64
drwxr-xr-x 2 root root 4096 May 7 2015 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 102 Mar 4 2010 .placeholder
-rwxr-xr-x 1 root root 633 Mar 4 2010 apache2
-rwxr-xr-x 1 root root 7482 Mar 4 2010 apt
-rwxr-xr-x 1 root root 314 Mar 4 2010 aptitude
-rwxr-xr-x 1 root root 502 Mar 4 2010 bsdmainutils
-rwxr-xr-x 1 root root 384 Mar 4 2010 cracklib-runtime
-rwxr-xr-x 1 root root 73 Jun 29 2011 fw_check
-rwxr-xr-x 1 root root 539 Sep 3 2010 mdadm
-rwxr-xr-x 1 root root 1154 Mar 4 2010 ntp
-rwxr-xr-x 1 root root 75 May 26 2010 ramlog
-rwxr-xr-x 1 root root 383 Jun 11 2012 samba
-rwxr-xr-x 1 root root 3349 Mar 4 2010 standard
-rwxr-xr-x 1 root root 469 Mar 24 2010 sysstat
/etc/cron.hourly/:
total 12
drwxr-xr-x 2 root root 4096 May 7 2015 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 102 Mar 4 2010 .placeholder
/etc/cron.monthly/:
total 16
drwxr-xr-x 2 root root 4096 May 7 2015 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 102 Mar 4 2010 .placeholder
-rwxr-xr-x 1 root root 129 Mar 4 2010 standard
/etc/cron.weekly/:
total 12
drwxr-xr-x 2 root root 4096 May 7 2015 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 102 Mar 4 2010 .placeholder
MyBookLive:~#
Are these lines fishy or is that just me logging into ssh and stuff? It does seem to coincide with when I logged into SSH on it I think yesterday, etc. - How could I dig further?
MyBookLive:~# ls -la /etc/init.d/
total 472
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
MyBookLive:~# ls -la /etc/cron*/
/etc/cron.d/:
total 40
drwxr-xr-x 2 root root 4096 Jun 24 19:06 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 ..
-rw-r--r-- 1 root root 102 Mar 4 2010 .placeholder
-rwxr-xr-x 1 root root 130 May 20 2012 20-checkRAID
-rwxr-xr-- 1 root root 0 Dec 8 2020 WDSAFE
-rwxr-xr-x 1 root root 430 May 1 2012 access
-rw-r--r-- 1 root www-data 115 Jun 24 19:06 auto_update
I think I turned off auto update on June 24th, so that might be that one above?
/etc/cron.daily/:
total 64
drwxr-xr-x 2 root root 4096 May 7 2015 .
drwxr-xr-x 78 root root 4096 Jun 26 01:59 .
Only thing that’s relatively recent aside from stuff above I picked out was this from 2020:
-rwxr-xr-- 1 root root 0 Dec 8 2020 WDSAFE
Is there a way to look into what happened Dec 8 2020 to WDSAFE with ssh?
Edit: I dug into WDSAFE on the system report I downloaded. WDSAFE is 0 bytes and the .info file doesn’t look like much to me.
Aside from what I’ve plucked out everything else is many years old in the results. So I guess that looks good or at least better than anything showing up for Jun 23rd when the hacks seemed to take place for most everyone? So far as I can tell, they didn’t modify anything so I might be in the clear?
Thank you again for all your help. It’s deeply appreciated.
This is for a mybook live nas and i will post another secondary one, neither solved anything.
So having immediately powered off my mybook, with unknown state (yes not ideal)
I think this was bad, really bad, advice. It should of been disconnect your network
from the internet and backup the data on the drive immediately, if it was there.
I’m left with a few options:
- power it back on again and see what i have.
- leave it off forever
- install the disk in an external usb enclosure and have a look.
- install disk in a desktop linux system, don’t own a desktop.
Option 1 doesn’t seem sane as the drive may initialise on boot.
Option 2 doesn’t make sense, write only drive?
Option 3.
Tried two different usb sata drive devices.
The first device always used 4k block sizes so nothing at all worked.
Product: USB to ATA/ATAPI bridge
usb 1-1: Manufacturer: JMicron
The second, a sabrent EC-DFLT-EU kind of worked as far as seeing the disk.
It required a driver update, and it’s a bit touchy - at least 4 blue screens on windows 10.
Didn’t have any luck with windows software for looking at the drive, tried the free
diskinternals programme, but it wouldn’t look at the drive correctly.
I have a debian (bullseye) running in a VirtualBox VM:
Bit hit or miss but got this far:
[ 87.141058] usb 2-1: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[ 87.163428] usb 2-1: New USB device found, idVendor=152d, idProduct=1561, bcdDevice= 1.14
[ 87.163430] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 87.163431] usb 2-1: Product: SABRENT
[ 87.163432] usb 2-1: Manufacturer: SABRENT
[ 87.163433] usb 2-1: SerialNumber: DB98765432143
[ 87.194279] usb 2-1: USB controller 0000:00:0c.0 does not support streams, which are required by the UAS driver.
[ 87.194280] usb 2-1: Please try an other USB controller if you wish to use UAS.
[ 87.194281] usb-storage 2-1:1.0: USB Mass Storage device detected
[ 87.194563] scsi host3: usb-storage 2-1:1.0
[ 87.195116] usbcore: registered new interface driver usb-storage
[ 87.205469] usbcore: registered new interface driver uas
[ 88.216047] scsi 3:0:0:0: Direct-Access SABRENT 0114 PQ: 0 ANSI: 6
[ 88.216504] sd 3:0:0:0: Attached scsi generic sg2 type 0
[ 91.680052] sd 3:0:0:0: [sdb] 3907029168 512-byte logical blocks: (2.00 TB/1.82 TiB)
[ 91.682171] sd 3:0:0:0: [sdb] Write Protect is off
[ 91.682173] sd 3:0:0:0: [sdb] Mode Sense: 47 00 00 08
[ 91.683147] sd 3:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 91.790084] sdb: sdb1 sdb2 sdb3 sdb4
[ 91.793916] sd 3:0:0:0: [sdb] Attached SCSI disk
# fdisk -l
Disk /dev/sda: 60 GiB, 64424509440 bytes, 125829120 sectors
Disk model: VBOX HARDDISK
.
.
.
Disk /dev/sdb: 1.84 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model:
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 868F864F-B3E6-4F38-9C79-6FF0F410D84E
Device Start End Sectors Size Type
/dev/sdb1 1032192 5031935 3999744 1.9G Linux RAID
/dev/sdb2 5031936 9031679 3999744 1.9G Linux RAID
/dev/sdb3 30720 1032191 1001472 489M Microsoft basic data
/dev/sdb4 9031680 3907028991 3897997312 1.8T Microsoft basic data
Partition table entries are not in disk order.
Try mounting sdb4:
# mount -t ext4 /dev/sdb4 /tmp/sdb4
mount: /tmp/sdb1: wrong fs type, bad option, bad superblock on /dev/sdb4, missing codepage or helper program, or other error.
# mdadm --assemble /dev/md4 /dev/sdb4
mdadm: no recogniseable superblock on /dev/sdb4
mdadm: /dev/sdb4 has no superblock - assembly aborted
my questions are:
- how do you mount sdb4 or the linux raid in linux?
- windows software that will look at the drive?
Maybe there really is no superblock or it is elsewhere?
I have an interesting asside to this, next post.
If you do “ls -lrt” for those commands, it will a time-ordered listing and you would only need to look at the bottom files vs scanning the list visually
mybook live that was in a cuboard for 6 months before i looked at late this week
Call this the backup-drive.
This is a second mybook drive i use for occasional backups of the first, restore points.
I have other backups - so i’m only going to loose around a few months of backup if i can’t
restore (if required to) my normal nas drive.
- I disconnected my house from the internet - i was popular.
- powered the backup-drive and ssh’d in. all good
- checked files were good, this is a backup drive that is more out of date than my other backups
- edited /usr/local/sbin reformat scripts to not do anything, may as well.
- removed dd from /usr/sbin ?, maybe should of removed fsck etc as well!
- powered down the drive.
As it turned out i did need to get one file off this backup, a disk imager download,
remember i’m off the internet at this point and i thought i needed the software key.
Powered this drive back up:
the backup-drive re-initialised itself !!!
web UI was saying wait intialising - it never ended.
The ssh daemon never ran, scan of ports shows no ssh port 22 open.
The web UI ssh enable page is reset to the defaults, but enabled.
Questions then are why did the drive re-initialise? (or appears to be trying)
- Did i somehow trigger an auto reinitialise due to missing dd and reformat scripts?
- Coincidence - unlikley.
- Maybe it’s not really initialising but in a loop waiting on something happening that isn’t going to happening
- a serial port on the unit would be nice, i see a J8 connector with 4 pins.
Worst case, for everyone, is that the attack vector is something else on the internal network that is initiating this.
There was no possibility that an attack from the internet happened for this drive on the day i did this and it was last used before xmas.
- my router was unplugged from the cable in the wall
Don’t assume that the vector is from the internet.
Hi there Neilj1,
You, and others, obviously have more knowledge about these things then I do.
I’m a bit lost; my compter (direct network connection with letter ‘n’) still says in the properties that 80gb is used out of 3tb. After resetting the password to default I could login but there I see that the drive is empty (only the default shares exist).
Which information can I trust?
Hope you can help me out; please see my earlier post if i’m not clear.
Thank you for your time and effort.
Kind regards,
Sander