How to tell if My Cloud is Hacked

Every time I hook-up My Cloud 2tb to my Wireless Internet, it constantly streams something.

The light is blinking very fast at the data-port, that make me think data is being read or leaving the Cloud.

Is there a way to watch what is being accessed?
I don’t have anything Publicly shared, only to a few clients.
However I have 2 users with very strong pw’s (1 user never accesses the cloud, my wife).
All pw’s were changed recently, but that didn’t stop the flow.

I have data that I don’t want stolen (like most people), but the constant streaming is very suspicious…

Hope someone can help.

D

What do you mean by every time you hook it up? How often do you shut it down and then reconnect/reboot?

Mine stays on 24/7 except for weekly maintenance. When I reboot it will rescan meaning the lights (LED’s) will be functioning.

What device/operating system are you using? Mine are a laptop and desktop with Windows 10, all updates. I also have my cell phone.

When you reconnect have you looked at the Dashboard to see if it is Scanning?

There are several ways to see how much activity is going on, one is to look on your router if it will show the activity. An Example photo is below.

One way is to use Microsoft network monitor to see where the traffic is going.

This needs more explanation on what you have the My Cloud hooked up too. Depending on the My Cloud configuration the device WILL send traffic all by itself to the internet/broadband.

The lights on the Networking port indicate several things. The My Cloud User Manual explains what each of the light’s/LED’s actions mean.

There generally will always be some local network traffic as devices respond to various queries by other devices or initiate queries to other devices.

To find out if you really been hacked you need to monitor the traffic going to the My Cloud as previous poster’s indicated.

There are a number of general steps one can take to limit the ability of hackers accessing the My Cloud. First is to disable Cloud Access/Remote Access and FTP access to the My Cloud. Second is to disable certain services on the My Cloud through SSH. And one can also access their network router to block broadband traffic to their My Cloud’s IP address.

Thanks rac8006.
I’ll look into that option.

Thanks Bennor,

My cloud is hook up to my home network.
At 1st I had some songs on public, then I took them off because of traffic concerns.
I use to keep it online 24/7/360, but had doubts about being hacked.
I am currently the only user, but I have a section where a few of my clients can access jobs I’ve done for them.
They don’t have access right now because I’ve changed all pw’s (they don’t need access until I do a new job for them).

I backup 2 computers, but one is only on-line for a short time once or twice a week.

Besides that, I access songs from connected devices, but they are in folders that aren’t accessible to the public (private).

Thanks for the advise & help…

D

Hi Dansmark,

Via SSH one can also check the timestamp of the history file in My Cloud device. If timestamp is changed without you knowing about it, one can check the content of the file to see what the hacker has done in your terminal.

Via a crontab entry, a program I’ve written, and SendMail, My Cloud sends me an email every morning, telling me if the device has been tampered with.

I am fairly sure that with cloud access on, your cloud is being scanned by the OS for building thumbnails, photo resizing and so on.

Turn Cloud access off to check if this is the case. All cloud activities should stop.

Since you have clients as well as yourself wishing to access the cloud outside your local network, simply let the Cloud finish scanning which should take between a few hours to a few days depending on the amount of photos and other media data that you have on the cloud.

Other scanning and indexing functions are DLNA, iTunes Server of which you can turn those off if you are not using them.

Good luck…