Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
QNAP ³Q®I¤J¤ñ¯S¹ô«õÄq¾÷¨Æ¥ó¡G§PÂ_¬O§_³Q®I³]«õÄqµ{¦¡¡Bµ{¦¡¦p¦ó¹B§@»P¨Ó·½¡B¸Ñ¨M¤è®×
Hi,
³Ìªñ¤ñ¯S¹ô«õÄqµ{¦¡¡A´N¬OºÃ¦ü¦b©|¥¼¦w¸Ë March 21, 2017 µo¥¬ Security Vulnerabilities Addressed in QTS 4.2.4 Build 20170313 ªº NAS-201703-21 ªº QNAP NAS ¤W³Q¦w¸Ë CPUMiner ¨ì mineXMR.com À°¦£«õÄqªº¨Æ¥ó¡Aªìª©¤w¸g¥ý¾ã²z¦n¦b³o¸Ì¡A§ÚÁÙ¦b¼í½Z»P½Ķ¤¤¡A³°Äòµo§G§ó·s»P½Ķ¡G Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ¦pªG±z¬O 4.3.3 ªº¨Ï¥ÎªÌ¡A¤£n¬Û«H Dashboard ªº Resource Monitor¡A¨º¸Ìªº¼Æ¦r¤£·Ç½T¡C ¦]¬°§Úªº 4.2.2 »P 4.3.3 ³£¨S¦³°ÝÃD¡A¦Ó¥B¸Óµ{¦¡¬O°w¹ï x86-64 ³]p¡A¸Ñ¨M¤è®×¤]¦³¡A°ê¥~¤w¸g¦b¤¤Ñ«e°±¤î°Q½×³o¥ó¨Æ±¡¤F¡C ®É¶¡«Ü»°¡A§Ú¥ý¥á¥Xªìª©¡A¥Ø«eÁÙ¦b¼í½Z»P½Ķ¤¤¡A³°Äòµo§G§ó·s»P½Ķ¡I Wish it helps!
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
|||||||
2017-05-03, 05:10 PM
#1
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
§ó¥¿¤@¤U¡A¬O XMR¡A¦Ó¤£¬O¤ñ¯S¹ôªº«õÄqµ{¦¡...
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
||
2017-05-03, 11:54 PM
#2
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
§ó·s¡G¦b ¤å³¹ ªº [Use Malware Remover] ¦³¸Ô²Ó»¡©ú¦w¸Ë¡B¨Ï¥Î¤è¦¡¡B»PÆ[¹î°õ¦æ¦¨®Ä¡C
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-04, 11:16 AM
#3
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
¦pªG±z·Qn¶i¤@¨B»{ÃÑ QNAP Malware Remover 2.1.0 µ{¦¡¡A¥i¥H°Ñ¦Ò§Úè¼g¦nªº Detail Explain of QNAP Malware Remover 2.1.0
°ò¥»¤W´N¬OÓ shell script¡A¨S¦³°w¹ï x86-64 ªº°õ¦æÀɮסA´«¥y¸Ü»¡¡A¥i¥H¥Î¦b ARM ¨t¦C¤W¡I
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-04, 05:20 PM
#4
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
Hi,
ÁöµM¥i¥H¶¶§Q¿ëÃÑ¡B²¾°£³o¦¸ªº«õÄq³nÅé¡A§Ú¤]«Øij¤j®a¡]¥]§t QNAP, Asustor, Thecus, Synology ³o¥|®a¼tµP¡^°Ñ¦ÒSynology Security Issue and How-to Harden your NAS¡AÀ°±zªº NAS ¥[±j¸ê¦w¨¾Å@¤å³¹¥]§t¥|®a¼t®a¼tµPªº¸ê¦w³]©w¡C ¥t¥~¡A¤]¥i¥H¦bºô¸ô¤À¨É¾¹ªº¨¾¤õÀð³]©w¤¤¡Aªý¾×¨Ó¦Û¤ººô©¹¥~¡A»P¥~ºô©¹¤ºªº tcp 4444 port¡AÅý CPUMiner µLªk³s½u¨ì mineXMR.com¡A³o¼Ë´N¨S¦³ªF¦è¥i¥Hpºâ¡A¶¡±µ°§C¹ï NAS ªºt¾á¡C Just my two cents.
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-04, 08:02 PM
#5
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
¤£¨ì 15 Ó¤p®É¡AQNAP Malware Remover ¤w¸g¦³¤F¤@Ó¤p§ó·s¡A¥Dn®t²§¦b MalwareRemover.sh »P package_routines ³o¨âÓÀɮסI·sª©¥»·|¦b¨C¤Ñâ±á¤TÂI¦Û°Ê¶}©l±½´y¡C
«eªÌ¼W¥[¤@ÓÅܼƬö¿ý±½´yµ²ªG¡A»P¹ïÀ³ªº log °T®§¡F«áªÌ¼W¥[¦w¸Ë®É¥[¤J cron ªº³]©wÈ¡C ¸Ô²Óµ{¦¡½XÀɮפñ¸ûµ²ªG¤À¨É¡A½Ð°Ñ¦Ò Detail Explain of QNAP Malware Remover 2.1.0 ªº Update: 2.1.1 Add To Scan at 3:00AM Everyday ¤p¸`¡C
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-04, 10:54 PM
#6
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ºK¿ý¤¤¤å¦p¤U¡G
³oÓ°ÝÃD¦b 2017/4/18 ¶}©l¦bªÀ¸s¥X²{¡A¦b 2017/4/28 °±¤î°Q½×¡A4/28 §Ö³t¦b¥xÆWªÀ¸s°Q½×¡A¤@¶}©l¤j®a¥H¬°¬O 4.3.3 ªº°ÝÃD¡A³Ì«áµo²{¬O¦³¤£©úµ{¦¡ªº«õÄqµ{¦¡¦b°õ¦æ¡C 1. µo¥Í¤°»ò¨Æ CPUMiner ³Q´Ó¤Jªº QNAP NAS¡A³z¹L tcp 4444 ¬° mineXMR.com ´£¨Ñ¹Bºâ¡C CPUMiner (forked by LucasJones & Wolf) ¦b GitHub: OhGodAPet/cpuminer-multi ¥i¥H¤U¸ü¡A¸Óµ{¦¡¶È¯à¦b x86-64 °õ¦æ¡C 2. ¦p¦ó§PÂ_¬O§_¦³ CPUMiner ¦b§Úªº NAS 2.1 CPU Á`¬O«Ü¦£ ¦pªG¦b [CPU usage] ¬Ý¨ì§Y¨Ï¨S¦³¦b¤u§@¡A¤]Á`¬Oºû«ù¦b 30% ¥H¤W¡A§Anª`·N¨Ã¥BÄ~Äò¤U±ªº¨BÆJ¡C 2.2 ¤£©ú Process ¨Ï¥Î ps Àˬd¬O§_¦³ /mnt/HDA_ROOT/disk_manage.cgi ¦b°õ¦æ¡A¦³ªº¸Ü«Ü¦³¥i¯à¤¤¼ú¡AÄ~Äò¤UÓÀˬd¡C disk_manage.cgi ¬O¼Ð·Ç process¡A¦ý¬O /mnt/HDA_ROOT/disk_manage.cgi ¨Ã¤£¬O¡Aª`·N¨âªÌ¤£¦P¡C ³o¦¸¤@¦@¦³¤TÓ¥iºÃµ{¦¡¡G a. /mnt/HDA_ROOT/disk_manage.cgi b. /mnt/HDA_ROOT/qwatchdogd.cgi c. /mnt/HDA_ROOT/rcu_shed.cgi 2.3 ¤£©ú±Æµ{¤u§@ ¦pªG¦b cron ¤§¤¤¬Ý¨ì¦³ /mnt/HDA_ROOT/rcu_shed¡AÀ³¸Ó´N¬O¤¤¼ú¤F¡C 3. ¸Ñ¨M¤è®× 3.1 ±þ±¼ Process [~] # kill -KILL PID_OF_/mnt/HDA_ROOT/disk_manage.cgi [~] # kill -KILL PID_OF_/mnt/HDA_ROOT/qwatchdogd.cgi [~] # kill -KILL PID_OF_/mnt/HDA_ROOT/rcu_shed.cgi 3.2 °±¤î¦Û°Ê¸ü¤J ½s¿è cron ³]©wÀɮסA²¾°£³o¦C«ü¥O¡G "*/3 * * * * /mnt/ext/opt/apache/bin/php /mnt/HDA_ROOT/rcu_shed"¡A¨Ã¥BÂмgÀÉ®× 3.3 »°ºò¤W¸É¤B 4.2.x ¨Ï¥ÎªÌ»°ºò¸Ë¤W Security Vulnerabilities Addressed in QTS 4.2.3 Builds 20170121 and 20170124 »P Security Vulnerabilities Addressed in QTS 4.2.4 Build 20170313. 4.3.x ¨Ï¥ÎªÌ¥i¥H¦w¸Ë·s¶´Å骩¥» 4.3.3.0174 build 20170503 3.4 §R°£´Ý´í ³Ì«á°O±o§R°£ /mnt/HDA_ROOT/ ªº disk_manage.cgi, qwatchdogd, rcu_shed, »P rcu_shed.json ³o¥|ÓÀÉ®× 3.5 ¨Ï¥Î QNAP Malware Remover ½Ð¦b QTS ªº [App Center] ·j´M¨Ã¦w¸Ë Malware Remover¡A¤]¥i¥Hª½±µ¤U¸ü ÀÉ®× ²Ä¤@¦¸¦w¸Ë«á·|¥ß¨è°õ¦æ¡A¨Ã¥B¦^³ø¦b [System Logs]¡C¤§«á¨C¤Ñâ±á¤TÂI·|¦Û°Ê°õ¦æ¡C µ²»y «Øij¦P®É¾\Ū Synology Security Issue and How-to Harden your NAS ¡A¤º®e¦³ QNAP, Asustor, Thecus, »P Synology ªº¸ê¦w¬ÛÃö³]©w¡C Just my two cents.
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-05, 12:01 AM
#7
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
QNAP Malware Remover ªº¸É¥R»¡©ú¡G
¦b Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ªº Use QNAP Malware Remover ¤p¸`¡A¼W¥[»¡©ú¥un NAS «·s¶}¾÷¡AMallwareRemover.sh ´N·|¦Û°Ê°õ¦æ¤@¦¸¡C ¦b Detail Explain of QNAP Malware Remover 2.1.0 ¼W¥[¤ÀªR¡A®Ú¾Ú qinstall.sh ªº Link service start/stop script ¤p¸`¡A¥i¥H¬Ý¥X /etc/init.d/MalwareRemover.sh ³Q¥[¤J¶}¾÷°õ¦æµ{§Ç¤¤¡A¥¦«ü¦V /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/MalwareRemover.sh*¡A©Ò¥H¥un«û£§@·~¨t²Î´N·|³Q°õ¦æ¤@¦¸¡C¤£¥²¾á¤ß±ß¤WÃö¾÷¥Ã»·¨S¦³³Q°õ¦æ¦Û°Ê±½´y¡C ¥t¥~¡AQTS 4.3.3.0154 build 20170413 ¬O NAS °»´ú¨ìªº³Ì·sª©¥»¡A¦ý¹ê»Ú¤W¥t¥~¦³°w¹ï¯S©w«¬¸¹ªº QTS 4.3.3.0174 build 20170503¡A¦b Release Notes for QTS ¦³¸Ô²Ó»¡©ú¡C MalwareRemover ªºª©¥»»¡©ú¦b ³oùØ¡A¤]¤w¸g¤½§G¦b Security Bulletins and Advisories Just my two cents.
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-05, 04:22 PM
#8
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
Hi,
®Ú¾Ú°ê¥~ºô¤Íªº¸ê¦wŲÃѳø§i¡A§ó·s Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ¤º¤å¡A¼W¥[¤U¦C³¹¸`¡A»¡©ú¨Æ¥ó¦p¦óµo¥Í¡A¥H¤Î¦p¦óÁקK©¹«áªº§ðÀ»¡G 1. How It Hacks ¦p¦ó¤J«I - ²¨¥¤§¡A¨Ï¥Î Command Injection 2. How to Prevent from Command Injection ¦p¦óÁקK Command Injection - n¶i¤J¨t²Îקï³]©w¡A¤À°t¾A·íªº°õ¦æÅv §A¥i¯à»Ýn°Ñ¦Ò¡G 1. QNAP QTS Configuration and Executable Files - »¡©ú¦U³]©wÀɮצbþÓ¸ê®Æ§¨ 2. phpinfo() Reports on NAS - ´£¨Ñ¦U®a¡]QNAP, Asustor, Thecus, Synology¡^NAS ªº°õ¦æ³ø§i¤U¸ü Have a nice weekend!
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-14, 04:16 PM
#9
|
Advance Member
¥[¤J¤é´Á: May 2003 ±zªº¦í§}: Taipei
¤å³¹: 363
|
Hi,
Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ¤º®e§ó·s¡G Command Injection ¬O³z¹Lª©¥»ªº Photo Station §ðÀ» NAS¡A QTS 4.3.x ªº¨Ï¥ÎªÌ½Ð¾¨³t¤É¯Å Photo Station ¨ì 5.4.1 ( 2017/05/14 )ª©¥»¡CQTS 4.2.x ªº¨Ï¥ÎªÌ½Ð¤É¯Å¨ì Photo Station 5.2.7¡C ©|¥¼¦w¸Ë Malware Remover ªº¨Ï¥ÎªÌ¡A½Ð¥ý¤É¯Å Photo Station ¦A¦w¸Ë Malware Remover¡AÁקK¦A¦¸³Q¤J«I¡C ¨S¦³¦w¸Ë Photo Station ªº¨Ï¥ÎªÌ¤£¥²¨è·N¤U¸ü¦w¸Ë³oÓ³nÅé¡A¥L¤£¬O¨t²Îªº¦w¥þ§ó·s¡C Wish it helps!
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ Amigo's Technical Notes - ¬ì§ÞÃþ^¤å³¡¸¨®æ Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô¶ |
2017-05-14, 10:15 PM
#10
|