The login page has been altered so the admin username is no longer shown. I’m also thinking about bringing back the City Sprite image that WD inexplicably decided to remove. It’s actually quite nice, and is one of the few things I like about this God-awful monstrosity of an operating system called My Cloud OS5.
However, the security benefits are minimal because the admin username can still be found via a special URL, thanks to the stupid
nasAdmin proxy server WD decided to force as a middleman between clients and the
httpd (Apache) web server.
httpd <--> nasAdmin <--> client
nasAdmin proxy server listens on port
80 (HTTP) and
8543 (HTTPS), then redirects all web traffic to the
httpd (Apache) web server, which listens on port
8000 and is restricted to
127.0.0.1 (localhost) only. It’s the source of the unwanted HTTPS redirects so many people (myself included) were bitching about a few firmware versions back. For comparison, the SSH, Samba and SQL Server (MariaDB) processes and the ports they listen on are also shown below.
Proto Local Address Foreign Address State PID/Program
tcp 127.0.0.1:8000 0.0.0.0:* LISTEN 4201/httpd
tcp6 :::80 :::* LISTEN 4314/nasAdmin
tcp6 :::8543 :::* LISTEN 4314/nasAdmin
tcp6 :::22 :::* LISTEN 3778/sshd
tcp6 :::139 :::* LISTEN 5890/smbd
tcp6 :::3306 :::* LISTEN 15778/mysqld
In response to the avalanche of complaints about the unwanted HTTPS redirects, WD added a dashboard section and called it “Web Dashboard Services”, where the word “services” is intended to make it appear as if something good is being provided.
What that friendly-sounding “Web Dashboard Services” title neglects to mention, is the fact that the
nasAdmin proxy server is still funneling all web traffic to the
httpd (Apache) web server and it’s bastardized configuration. WD obviously went through a great deal of trouble to make the
nasAdmin proxy server difficult to remove, and all things considered, I believe the reasons can’t be good.
Eventually, I plan to remove the
nasAdmin proxy server and restore the
httpd (Apache) web server to a more traditional configuration, but the process won’t be easy, and will likely require much more extensive firmware modifications than a simple dashboard redesign.