Hi!
what can I do to make the WD my cloud more secure?
assign a higher port number for the cloud access, for example…
what else?
does it have a automatic ip-blocker like some other NAS devices?
d-fens wrote:
assign a higher port number for the cloud access, for example…
That does nothing.
it will not be scanned in standard port-scans.
this is also interesting:
Is there an auto IP block like this?
https://www.synology.com/en-global/support/tutorials/478
and what about somethine like synolocker?
Standard port scanning might missed those higher ports but not those determined bot scanner 1-65535. I changed my ports but still gets many unwanted sniffing.
Best bet is to secure your passwords. For ssh if you exposed them to the net, disable root logins or root with key exchange only. Don’t expose FTP. Don’t config your router to let WDMyCloud be in DMZ mode.
WDMyCloud doesn’t have such auto IP blocker, I use a personally customized perl script doing host.deny blocking from persistent unauthorized access.
https://www.shodan.io/search?query=wdmycloud
why do I see all the folders on the my cloud of other people?
are their routers not correctly configured?
I think so, because netbios and SSH should not be openend to the internet.
can someone shed some light on this?
if I am scanning for port, I should only see port 80 and 443 (or my forwarded higher number ports), saving that there apache httd behind.
@WD Is it smart to show the exact build date of the server?
hard to be sure but from posts on here there are a number of people providing tunnels to directly access their cloud and I assume that is what is shown here. If it was an issue direcly with mycloud I would assume to see much more then 350 in the US
It would be interesting if someone with a tunnel setup would try to find there mycloud
d-fens wrote:
why do I see all the folders on the my cloud of other people?
are their routers not correctly configured?
I think so, because netbios and SSH should not be openend to the internet.
can someone shed some light on this?
if I am scanning for port, I should only see port 80 and 443 (or my forwarded higher number ports), saving that there apache httd behind.
@WD Is it smart to show the exact build date of the server?
Anything that shows $IPC in the list is a user that has either connected their My Cloud directly to the internet (with no router between them) or have forwarded SMB ports in their router.
The ones that have “NetBIOS” listed, also have NMB ports forwarded – SILLY!
That’s not really “incorrect,” per se… Just a decision they made. Some people are living very dangerously…
The ones that say “HTTP/1.0 401 Unauthorized” — that’s the way it should look.
