PCDVD¼Æ¦ì¬ì§Þ°Q½×°Ï
PCDVD¼Æ¦ì¬ì§Þ°Q½×°Ï   µù¥U ±`¨£°ÝÃD ¼Ð°O°Q½×°Ï¬°¤wŪ

¦^¨ì   PCDVD¼Æ¦ì¬ì§Þ°Q½×°Ï > ¹q¸£µwÅé°Q½×¸s²Õ > Àx¦s´CÅé°Q½×°Ï
±b¤á
±K½X
 

  ¦^À³
 
¥DÃD¤u¨ã
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool QNAP ³Q®I¤J¤ñ¯S¹ô«õÄq¾÷¨Æ¥ó¡G§PÂ_¬O§_³Q®I³]«õÄqµ{¦¡¡Bµ{¦¡¦p¦ó¹B§@»P¨Ó·½¡B¸Ñ¨M¤è®×

Hi,

³Ìªñ¤ñ¯S¹ô«õÄqµ{¦¡¡A´N¬OºÃ¦ü¦b©|¥¼¦w¸Ë March 21, 2017 µo¥¬ Security Vulnerabilities Addressed in QTS 4.2.4 Build 20170313 ªº NAS-201703-21 ªº QNAP NAS ¤W³Q¦w¸Ë CPUMiner ¨ì mineXMR.com À°¦£«õÄqªº¨Æ¥ó¡Aªìª©¤w¸g¥ý¾ã²z¦n¦b³o¸Ì¡A§ÚÁÙ¦b¼í½Z»P½Ķ¤¤¡A³°Äòµo§G§ó·s»P½Ķ¡G

Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program

¦pªG±z¬O 4.3.3 ªº¨Ï¥ÎªÌ¡A¤£­n¬Û«H Dashboard ªº Resource Monitor¡A¨º¸Ìªº¼Æ¦r¤£·Ç½T¡C

¦]¬°§Úªº 4.2.2 »P 4.3.3 ³£¨S¦³°ÝÃD¡A¦Ó¥B¸Óµ{¦¡¬O°w¹ï x86-64 ³]­p¡A¸Ñ¨M¤è®×¤]¦³¡A°ê¥~¤w¸g¦b¤­¤Ñ«e°±¤î°Q½×³o¥ó¨Æ±¡¤F¡C

®É¶¡«Ü»°¡A§Ú¥ý¥á¥Xªìª©¡A¥Ø«eÁÙ¦b¼í½Z»P½Ķ¤¤¡A³°Äòµo§G§ó·s»P½Ķ¡I

Wish it helps!
     
      
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-03, 05:10 PM #1
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
§ó¥¿¤@¤U¡A¬O XMR¡A¦Ó¤£¬O¤ñ¯S¹ôªº«õÄqµ{¦¡...
 
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-03, 11:54 PM #2
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
§ó·s¡G¦b ¤å³¹ ªº [Use Malware Remover] ¦³¸Ô²Ó»¡©ú¦w¸Ë¡B¨Ï¥Î¤è¦¡¡B»PÆ[¹î°õ¦æ¦¨®Ä¡C
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-04, 11:16 AM #3
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

¦pªG±z·Q­n¶i¤@¨B»{ÃÑ QNAP Malware Remover 2.1.0 µ{¦¡¡A¥i¥H°Ñ¦Ò§Ú­è¼g¦nªº Detail Explain of QNAP Malware Remover 2.1.0

°ò¥»¤W´N¬O­Ó shell script¡A¨S¦³°w¹ï x86-64 ªº°õ¦æÀɮסA´«¥y¸Ü»¡¡A¥i¥H¥Î¦b ARM ¨t¦C¤W¡I
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-04, 05:20 PM #4
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

Hi,

ÁöµM¥i¥H¶¶§Q¿ëÃÑ¡B²¾°£³o¦¸ªº«õÄq³nÅé¡A§Ú¤]«Øij¤j®a¡]¥]§t QNAP, Asustor, Thecus, Synology ³o¥|®a¼tµP¡^°Ñ¦ÒSynology Security Issue and How-to Harden your NAS¡AÀ°±zªº NAS ¥[±j¸ê¦w¨¾Å@¤å³¹¥]§t¥|®a¼t®a¼tµPªº¸ê¦w³]©w¡C

¥t¥~¡A¤]¥i¥H¦bºô¸ô¤À¨É¾¹ªº¨¾¤õÀð³]©w¤¤¡Aªý¾×¨Ó¦Û¤ººô©¹¥~¡A»P¥~ºô©¹¤ºªº tcp 4444 port¡AÅý CPUMiner µLªk³s½u¨ì mineXMR.com¡A³o¼Ë´N¨S¦³ªF¦è¥i¥H­pºâ¡A¶¡±µ­°§C¹ï NAS ªº­t¾á¡C

Just my two cents.
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-04, 08:02 PM #5
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

¤£¨ì 15 ­Ó¤p®É¡AQNAP Malware Remover ¤w¸g¦³¤F¤@­Ó¤p§ó·s¡A¥D­n®t²§¦b MalwareRemover.sh »P package_routines ³o¨â­ÓÀɮסI·sª©¥»·|¦b¨C¤Ñ­â±á¤TÂI¦Û°Ê¶}©l±½´y¡C

«eªÌ¼W¥[¤@­ÓÅܼƬö¿ý±½´yµ²ªG¡A»P¹ïÀ³ªº log °T®§¡F«áªÌ¼W¥[¦w¸Ë®É¥[¤J cron ªº³]©w­È¡C

¸Ô²Óµ{¦¡½XÀɮפñ¸ûµ²ªG¤À¨É¡A½Ð°Ñ¦Ò Detail Explain of QNAP Malware Remover 2.1.0 ªº Update: 2.1.1 Add To Scan at 3:00AM Everyday ¤p¸`¡C
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-04, 10:54 PM #6
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ºK¿ý¤¤¤å¦p¤U¡G

³o­Ó°ÝÃD¦b 2017/4/18 ¶}©l¦bªÀ¸s¥X²{¡A¦b 2017/4/28 °±¤î°Q½×¡A4/28 §Ö³t¦b¥xÆWªÀ¸s°Q½×¡A¤@¶}©l¤j®a¥H¬°¬O 4.3.3 ªº°ÝÃD¡A³Ì«áµo²{¬O¦³¤£©úµ{¦¡ªº«õÄqµ{¦¡¦b°õ¦æ¡C

1. µo¥Í¤°»ò¨Æ

CPUMiner ³Q´Ó¤Jªº QNAP NAS¡A³z¹L tcp 4444 ¬° mineXMR.com ´£¨Ñ¹Bºâ¡C

CPUMiner (forked by LucasJones & Wolf) ¦b GitHub: OhGodAPet/cpuminer-multi ¥i¥H¤U¸ü¡A¸Óµ{¦¡¶È¯à¦b x86-64 °õ¦æ¡C

2. ¦p¦ó§PÂ_¬O§_¦³ CPUMiner ¦b§Úªº NAS

2.1 CPU Á`¬O«Ü¦£

¦pªG¦b [CPU usage] ¬Ý¨ì§Y¨Ï¨S¦³¦b¤u§@¡A¤]Á`¬Oºû«ù¦b 30% ¥H¤W¡A§A­nª`·N¨Ã¥BÄ~Äò¤U­±ªº¨BÆJ¡C

2.2 ¤£©ú Process

¨Ï¥Î ps Àˬd¬O§_¦³ /mnt/HDA_ROOT/disk_manage.cgi ¦b°õ¦æ¡A¦³ªº¸Ü«Ü¦³¥i¯à¤¤¼ú¡AÄ~Äò¤U­ÓÀˬd¡C

disk_manage.cgi ¬O¼Ð·Ç process¡A¦ý¬O /mnt/HDA_ROOT/disk_manage.cgi ¨Ã¤£¬O¡Aª`·N¨âªÌ¤£¦P¡C

³o¦¸¤@¦@¦³¤T­Ó¥iºÃµ{¦¡¡G

a. /mnt/HDA_ROOT/disk_manage.cgi
b. /mnt/HDA_ROOT/qwatchdogd.cgi
c. /mnt/HDA_ROOT/rcu_shed.cgi

2.3 ¤£©ú±Æµ{¤u§@

¦pªG¦b cron ¤§¤¤¬Ý¨ì¦³ /mnt/HDA_ROOT/rcu_shed¡AÀ³¸Ó´N¬O¤¤¼ú¤F¡C

3. ¸Ñ¨M¤è®×

3.1 ±þ±¼ Process

[~] # kill -KILL PID_OF_/mnt/HDA_ROOT/disk_manage.cgi
[~] # kill -KILL PID_OF_/mnt/HDA_ROOT/qwatchdogd.cgi
[~] # kill -KILL PID_OF_/mnt/HDA_ROOT/rcu_shed.cgi

3.2 °±¤î¦Û°Ê¸ü¤J

½s¿è cron ³]©wÀɮסA²¾°£³o¦C«ü¥O¡G "*/3 * * * * /mnt/ext/opt/apache/bin/php /mnt/HDA_ROOT/rcu_shed"¡A¨Ã¥BÂмgÀÉ®×

3.3 »°ºò¤W¸É¤B

4.2.x ¨Ï¥ÎªÌ»°ºò¸Ë¤W Security Vulnerabilities Addressed in QTS 4.2.3 Builds 20170121 and 20170124 »P Security Vulnerabilities Addressed in QTS 4.2.4 Build 20170313.

4.3.x ¨Ï¥ÎªÌ¥i¥H¦w¸Ë·s¶´Å骩¥» 4.3.3.0174 build 20170503

3.4 §R°£´Ý´í

³Ì«á°O±o§R°£ /mnt/HDA_ROOT/ ªº disk_manage.cgi, qwatchdogd, rcu_shed, »P rcu_shed.json ³o¥|­ÓÀÉ®×

3.5 ¨Ï¥Î QNAP Malware Remover

½Ð¦b QTS ªº [App Center] ·j´M¨Ã¦w¸Ë Malware Remover¡A¤]¥i¥Hª½±µ¤U¸ü ÀÉ®×

²Ä¤@¦¸¦w¸Ë«á·|¥ß¨è°õ¦æ¡A¨Ã¥B¦^³ø¦b [System Logs]¡C¤§«á¨C¤Ñ­â±á¤TÂI·|¦Û°Ê°õ¦æ¡C

µ²»y

«Øij¦P®É¾\Ū Synology Security Issue and How-to Harden your NAS ¡A¤º®e¦³ QNAP, Asustor, Thecus, »P Synology ªº¸ê¦w¬ÛÃö³]©w¡C

Just my two cents.
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-05, 12:01 AM #7
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

QNAP Malware Remover ªº¸É¥R»¡©ú¡G

¦b Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ªº Use QNAP Malware Remover ¤p¸`¡A¼W¥[»¡©ú¥u­n NAS ­«·s¶}¾÷¡AMallwareRemover.sh ´N·|¦Û°Ê°õ¦æ¤@¦¸¡C

¦b Detail Explain of QNAP Malware Remover 2.1.0 ¼W¥[¤ÀªR¡A®Ú¾Ú qinstall.sh ªº Link service start/stop script ¤p¸`¡A¥i¥H¬Ý¥X /etc/init.d/MalwareRemover.sh ³Q¥[¤J¶}¾÷°õ¦æµ{§Ç¤¤¡A¥¦«ü¦V /share/CACHEDEV1_DATA/.qpkg/MalwareRemover/MalwareRemover.sh*¡A©Ò¥H¥u­n­«û£§@·~¨t²Î´N·|³Q°õ¦æ¤@¦¸¡C¤£¥²¾á¤ß±ß¤WÃö¾÷¥Ã»·¨S¦³³Q°õ¦æ¦Û°Ê±½´y¡C

¥t¥~¡AQTS 4.3.3.0154 build 20170413 ¬O NAS °»´ú¨ìªº³Ì·sª©¥»¡A¦ý¹ê»Ú¤W¥t¥~¦³°w¹ï¯S©w«¬¸¹ªº QTS 4.3.3.0174 build 20170503¡A¦b Release Notes for QTS ¦³¸Ô²Ó»¡©ú¡C

MalwareRemover ªºª©¥»»¡©ú¦b ³oùØ¡A¤]¤w¸g¤½§G¦b Security Bulletins and Advisories

Just my two cents.
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-05, 04:22 PM #8
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

Hi,

®Ú¾Ú°ê¥~ºô¤Íªº¸ê¦wŲÃѳø§i¡A§ó·s Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ¤º¤å¡A¼W¥[¤U¦C³¹¸`¡A»¡©ú¨Æ¥ó¦p¦óµo¥Í¡A¥H¤Î¦p¦óÁקK©¹«áªº§ðÀ»¡G

1. How It Hacks ¦p¦ó¤J«I - ²¨¥¤§¡A¨Ï¥Î Command Injection

2. How to Prevent from Command Injection ¦p¦óÁקK Command Injection - ­n¶i¤J¨t²Î­×§ï³]©w¡A¤À°t¾A·íªº°õ¦æÅv­­

§A¥i¯à»Ý­n°Ñ¦Ò¡G

1. QNAP QTS Configuration and Executable Files - »¡©ú¦U³]©wÀɮצb­þ­Ó¸ê®Æ§¨

2. phpinfo() Reports on NAS - ´£¨Ñ¦U®a¡]QNAP, Asustor, Thecus, Synology¡^NAS ªº°õ¦æ³ø§i¤U¸ü

Have a nice weekend!
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-14, 04:16 PM #9
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  
amigoccs
Advance Member
 

¥[¤J¤é´Á: May 2003
±zªº¦í§}: Taipei
¤å³¹: 363
Cool

Hi,

Check And Solve If Your QNAP NAS Has been Injected a CPUMiner Program ¤º®e§ó·s¡G

Command Injection ¬O³z¹Lª©¥»ªº Photo Station §ðÀ» NAS¡A QTS 4.3.x ªº¨Ï¥ÎªÌ½Ð¾¨³t¤É¯Å Photo Station ¨ì 5.4.1 ( 2017/05/14 )ª©¥»¡CQTS 4.2.x ªº¨Ï¥ÎªÌ½Ð¤É¯Å¨ì Photo Station 5.2.7¡C

©|¥¼¦w¸Ë Malware Remover ªº¨Ï¥ÎªÌ¡A½Ð¥ý¤É¯Å Photo Station ¦A¦w¸Ë Malware Remover¡AÁקK¦A¦¸³Q¤J«I¡C

¨S¦³¦w¸Ë Photo Station ªº¨Ï¥ÎªÌ¤£¥²¨è·N¤U¸ü¦w¸Ë³o­Ó³nÅé¡A¥L¤£¬O¨t²Îªº¦w¥þ§ó·s¡C

Wish it helps!
__________________
Amigo's CRM Notes - «È¤áÃö«YºÞ²z¤¤¤å³¡¸¨®æ
Amigo's Technical Notes - ¬ì§ÞÃþ­^¤å³¡¸¨®æ
Amigo's Campaigns - ¥D¿ì©Î¥DÁ¿ªº¹êÅ鬡°Ê«Å¶Çºô­¶
ÂÂ 2017-05-14, 10:15 PM #10
¦^À³®É¤Þ¥Î¦¹¤å³¹
amigoccsÂ÷½u¤¤  


    ¦^À³


POPIN
¥DÃD¤u¨ã

µoªí¤å³¹³W«h
±z¤£¥i¥Hµo°_·s¥DÃD
±z¤£¥i¥H¦^À³¥DÃD
±z¤£¥i¥H¤W¶Çªþ¥[ÀÉ®×
±z¤£¥i¥H½s¿è±zªº¤å³¹

vB ¥N½X¥´¶}
[IMG]¥N½X¥´¶}
HTML¥N½XÃö³¬



©Ò¦³ªº®É¶¡§¡¬°GMT +8¡C ²{¦bªº®É¶¡¬O01:04 AM.


vBulletin Version 3.0.1
powered_by_vbulletin 2024¡C