On my WD MyCloudMirror Gen 1, which cannot be updated to OS5 and sits on my LAN, I have taken the following precautions:
passwords on all users - even those with low-privilege user accounts
disabling ftp server - (I understand that the FTP server would allow people to upload and then run files using the default FTP passwords or anonymous remote access with write access enabled).
disabling cloud access
all backed up
But from the management app I can still use the Web File Viewer app to see the files. Does the WFV actually communicate via the web, or is it just a fancy name from browsing the NAS over the LAN?
You may want to post (or see) the dedicated OS3 My Cloud Mirror subforum where users more familiar with that device may have additional answers or suggestions.
One should also see if their local network router/firewall can block inbound/outbound broadband traffic to the My Cloud in addition to the various steps youâve already taken. There are many other steps one can and should take to harden their local network to prevent general intrusion.
Oh it is definitely a firmware problem, but there really isnât a subform for just the firmware itself. Rather WD set this up such that each subform generally covers specific devices. Typically and generally this subform (My Cloud) tends to discuss the single bay/single drive My Cloud and itâs issues. The multi bay My Cloud units like the My Cloud Mirror may have additional features and options (including additional access options) not found on the single bay/single drive My Cloud units.
Right now WD recommends those devices affected, to disconnect them from the Internet. One way to do so is access oneâs local network router and block inbound/outbound traffic to the My Cloud so only local network devices have access and there is no remote access.
Thanks Bennor. I do find the subforms confusing.
I have taken your advice and in my router settings have blocked inbound internet access to my NAS.
So with the precautions I listed I am feeling secure again.
So I went into my Plusnet router and to the Access Controls page and it showed me a list of connected equipment including the âWDMyCloud Mirrorâ plus its MAC address. I chose that to block and it confirmed that âWDMyCloud Mirrorâ with MAC addres âŠetc is now blocked.
Excellent I thought cos I did not have to specify an IP address - which can change.
But it could be that the router blocks by IP address but communicates to me what it is doing by using the device name and MAC address. So I would be vulnerable if the IP address changed.
Any thoughts?
It depends on how exactly the router is blocking the traffic. Some routers base the block on the deviceâs MAC address. Others may do it by IP address. If by MAC address then it shouldnât matter if the IP address changes the block is being done by MAC address not by IP address. If a router does the block by IP address then one should configure the router to issue a static/reserved IP address to the My Cloud.
