cpt_paranoia wrote:
Yes, I’d like to know to reassure myself that it’s down to ‘user error’, and not a simple setting on the MyCloud. The fact that the search engine isn’t finding 100s of 1000s of devices shows it’s not a basic fault, but something unusual. I’d just like to know what it is so I know not to do it…
My guess is it is end user specific configuration that is causing those units to be exposed and scanned. There really are only a few basic ways to gain unauthorized remote access and most of those ways would involve the Firewall on the end user’s broadband router/gateway to forward the WAN traffic to the local LAN or a flaw in either the WD apps (or WD2Go site) or in other internet capable apps on the end user’s computer.
As we’ve seen there have been one or maybe two other threads (like this one) where people claim their My Clouds were hacked or unauthorized persons were able to gain access. Its not clear in any of those prior threads if that was really the case and if it wasn’t caused by end user specific configuration or port forwarding. I know in one thread a user claimed that simply providing a URL to a specific file generated by the WD My Cloud Desktop app provided access to all the public share contents, but it was shown that that was probably unlikely due to the nature of how the remote URL for a specific file was generated by the WD My Cloud Desktop program.
