Mycloud security risk?

Since I installed the My Cloud drive, I see on my router firewall logs, a lot of entries of accepted incoming packets to the IP of the Mycloud drive, and when I trace back to the IP that originated that connection, to my surprise on the other side, I see another Mycloud login page??? How is this possible? I have turned of clue access for the moment until I get an answer, and I’m considering returning it if I can’t get this sorted out.

Also, the lack of a LOG for the connections, I think is not a good thing for a device with cloud access, you want to know which files were accessed and by who…

the IP address that is trying to coect to my My Cloud device is 192.107.148.237 and otherd from the first 192.107.148 and if I go to that address, I see a MyCloud Login, but looks different than my MyCloud logi… looks older. A whois of the IP reveals its from a compay called Williams-int…

this attempt of contact to my My Cloud happens every few minutes from this address…   how is possible that they know I have this connected ad that they have also another MyCloud connected in there??? or is it a fake MyCloud and are trying to capture usernames and passwords by people trying to log in into theirs thinking is their own unit???

I’d like a response to this too. My router (Netgear R6250) log shows various IPs remotely accessing my WDMyCloud. Whois shows some are from WD, to be expected I guess, but others have included University of Michigan and a site in Romania. The accesses are all, except for the WD ones, for port 443.

Ian

Victorwol wrote:
Since I installed the My Cloud drive, I see on my router firewall logs, a lot of entries of accepted incoming packets to the IP of the Mycloud drive,

How do you see that?   In most user’s cases, the incoming packets can’t  be addressed to your cloud directly because the Cloud is using “Private” IP space inside your LAN.

If anything, they’d be going to your outside (router’s) IP address.

ian_in_pompey wrote:

I’d like a response to this too. My router (Netgear R6250) log shows various IPs remotely accessing my WDMyCloud. Whois shows some are from WD, to be expected I guess, but others have included University of Michigan and a site in Romania. The accesses are all, except for the WD ones, for port 443.

Ian

There’s tons of “bots” on the internet that just randomly scan IP addresses looking for things.

I have about 20 ports forwarded into my network – I see thousands of hits an hour of hackers trying to get into my Linux workstation thru anonymous FTP or SSH…

But they’re denied, so I don’t care.

Victorwol wrote:

the IP address that is trying to coect to my My Cloud device is 192.107.148.237 and otherd from the first 192.107.148 and if I go to that address, I see a MyCloud Login, but looks different than my MyCloud logi… looks older.

The My Cloud doesn’t have an external web page.   So I can’t imagine what you saw.   An external connection attempt to the My Cloud server is met immediately with a 403 – Access Denied error.

I’ve tried connecting to the address above… there’s nothing responding there.

Nmap scan report for 192.107.148.237
Host is up (0.011s latency).
All 1000 scanned ports on 192.107.148.237 are filtered

Turning off upnp in the router seems to stop the “foreign” accesses (they stop appearing in the router log), though the downside may be a performance hit for legit remote access.

Ian

Tonyph12345, the router log shows the accesses to the local address (192.168.xx.xx) of MyCloud.

Ian

ian_in_pompey wrote:

Turning off upnp in the router seems to stop the “foreign” accesses (they stop appearing in the router log), though the downside may be a performance hit for legit remote access.

Ian

Correct.  If your My Cloud is set to “Auto”-configure remote access, turning off UPnP will force the cloud into “Relay Mode” which uses VPN connections thru WD’s servers.

I can see every second in my ssh log how some bots from China and USA trying to get into my ssh. I didn’t had time to do some research. But if anybody has the same problem. Is there any way to allow connection only from some countries?

Thanks.

I do not use VPN. I have static and public IP address and I have SSH enabled with opened ports trough port forwarding to be able to connect to my router wherever I am.

EDIT: I just changed the default port for SSH to some random and bots stopped attacking. :robothappy:

Depending on your router, you could filter out all the IP ranges you want to…