Why has my NAS been running at 100% CPU?

I have nothing active going on (no indexing, no other client actively using it, no app jobs running) …

It has been running at 100 % CPU **only when only when I enable cloud access. The status in the dashboard says “Connected”.

There might be some process that is running causing the NAS to heat up, the fan is @ 10k RPM and drive temps are in the 50’s.

Can I get some advice or help ? here is the output from the top command:

Mem: 1007936K used, 28736K free, 8960K shrd, 95072K buff, 327424K cached
CPU: 88.2% usr  6.1% sys  0.0% nic  5.0% idle  0.3% io  0.0% irq  0.0% sirq
Load average: 2.72 2.31 2.23 3/249 18998
18436 18421 root     S    1202m  118.6   1 91.5 restsdk-server -configPath /usr/local/modules/restsdk/etc/restsdk-server.toml -crashLog /var/log/rests
 5290     1 root     S     4960    0.4   0  0.5 system_daemon
 5275     1 root     S     786m   77.5   1  0.4 nasAdmin -configPath /etc/nasAdmin.toml
 3278     1 root     S     1760    0.1   1  0.4 up_read_daemon
21196  5184 root     S     250m   24.6   1  0.3 httpd -f /usr/local/apache2/conf/httpd.conf -k graceful
 5415     1 root     S    15680    1.5   1  0.2 monit
16899  5153 root     S    40000    3.8   0  0.1 php-fpm: pool www
17969  5153 root     S    40000    3.8   1  0.1 php-fpm: pool www
 6194  6190 root     S    35584    3.4   1  0.1 /mnt/HD/HD_a2/Nas_Prog/twonky/twonkyserver -D -ip XXX.XXX.XX.XX -httpport 9000 -appdata /mnt/HD/HD_a2/.t

The REST suggest internet access

The WD My Cloud is a known security risk so I suggest replacing it with a different solution that is safer,

can i kill the process restsdk-server ?

thanks for posting this.

the indexing is indeed a NAS cancer. if it exists to perk up the landscape when using the mobile app or the web to access the my cloud, it’s useless in my view.

i don’t need metadata or thumbnail icons when browsing the content of my NAS from my phone or the web.

I will explore a VPN tunnel and disabling Cloud access. A feature WD could have provided for it’s customers out of the box for NAS products

I did the VPN tunnel for awhile.

I ultimately abandoned it, as I thought there were likely to be too many backdoors into my NAS via OS/5.

I now have my NAS boxes under a tinfoil had, attached to a dedicated router that has no WAN cable provided.

hello NAS_user …

did you discover any breaches or problems when you used it ?

i was able to configure a server on my router and can connect to my network and see shares on my NAS using OpenVPN.

but for some reason, the Public share does not appear on my mobile device. All other shares (including the recycle bin and timemachine) are visible and I can browse them read-only. not sure why Public is not visible.

rather than going the route of cloud access in the Dashboard … i turned it off and instead setup a VPN Server.

from another device configured to access my VPN server, I am able to see my NAS shares except for the Public share. I cannot see that share … any thoughts about why ?

All my Private shares I have also setup as Public on the NAS, however the default Public share is not showing up via VPN server access.

I did not uncover any problems with OS/5 when I was running it.

HOWEVER, one could tell from the behavior of indexing, and how HTTPS redirect was implemented, that privacy (i.e. keep WD out of my stuff) was very much at the low end of the priority list. It seemed that OS/5 was very much very WELL CONNECTED to the internet. . . .which is diametrically opposed to MY personal goals for the device.

SO. . .the old OS/3 was far more “quiet” from an internet perspective. . .but by the same token; this software is obsolete and no longer maintained.

So I looked at the benefits and risks. . .and made the personal decision to run OS/3 on a network without internet access. That means no VPN. If I need to access files on the NAS units, I have to SWITCH my device from my primary router which has an internet connection - to the “backup” router that has the NAS boxes, but no internet.

that’s one bullet-proof way to handle NAS privacy I suppose … whatever you’re comfortable doing.

on my side, first step for some privacy was to turn off the cloud feature from the dashboard. doing that first before assigning decoy DNS info (that fully closes the back door) leaves me a bit more confident that there’s little or no connection between the NAS OS and any internet entity.

Using a vpn server on my router, and with the vpn configuration/certs applied to my client devices, i am fairly confident the NAS is safe behind my router. I use a combination of tricks and network settings on the router that ensures the NAS stays behind the firewall and that only approved clients are allowed to interact with my router in the first place.

Aside from that, i have my triple redundant backup USB drives. yes, they are physically connected to the NAS, but only powered on to do NAS → USB backup jobs (otherwise powered off). even in an unlikely event that my NAS gets sky-jacked or erased, i’d be able to do block level reformat on the internal drives, put them back in service and restore the content from one of the 3 backups. it’d be a royal pain to do this with 7TB, but i’m alright with that.

60TB is unthinkable … i would likely feel myself slowly decompose while waiting for that much data to load up onto platters …. even with ssd’s that would take considerable time to load up. ud earn sainthood in my book for waiting it out …

whats an alternative to shutting out the giant shadow then ? irrespective of vendor choice, theres some quiet traffic always in the background. one budget alternative i guess would be to switch to a non-nas array plugged directly into the router … removing the vendor from the landscape.

so. . . for a “one router” solution. . .I would block the NAS from the internet at the router level. Unfortunately, that also (in my experience) blocks access to VPN. (because the VPN subnet gets blocked from the subnet the NAS sits upon). If I wanted internet exposure (for VPN). . . .yeah, WD software is off the table. I might try one of the competitors (but need to do research) - - -or more likely go to an installation with TrueNas.

yeah. . . so as a private user. . . what’s taking 60TB? I imagine it’s lot’s of dead storage video. My personal strategy is a multi-tier approach. 250gb of high frequency backup (active projects) - - done very frequently. 4TB (mostly photos) that is backed up at a slightly lower frequency - say monthly.
Finally. . the bulk videos. Enough that I don’t actually have them on the NAS. . .just have two copies of everything, that I update infrequently (If I want to watch a quick movie; I have “shrunken” versions on the 4TB media drive; but the full res rips are on the archive drive)

depending on your router, it may by default internet block access to the USB device by default. i’ve not done this before with routers in general.

but i do see in my router i have options to setup samba, etc for the USB port.

I wasn’t assuming. . . . I was imagining. . . .

. . .I imagine I am often wrong.