Since the notifications from my NAS about failed admin login attempts continue to pour in, I rewrote my script to make it even more automated. It now pulls the logs from the NAS directly so I don't have to take a screenshot from Synology Active Insights, parses the IP addresses out of the logs automatically, caches whois lookups so I don't have to keep reselecting abuse addresses to use, and keeps historical records of how many IPs have been attacking for the past 24 hours.
#infosec
Conversation
Notices
-
Embed this notice
Jonathan Kamens (jik@federate.social)'s status on Sunday, 16-Mar-2025 14:22:03 JST 
Jonathan Kamens
-
Embed this notice
Jonathan Kamens (jik@federate.social)'s status on Sunday, 16-Mar-2025 14:22:04 JST
Jonathan Kamens
Yesterday I started getting regular notifications from my NAS about multiple failed logins from all over the world. Apparently someone has sicced a botnet on my NAS. Joke's on them, my "admin" account is disabled exactly to foil this type of attack.
Nevertheless, I wrote a script to email abuse reports to the owners of all the IP addresses, letting them know there's a compromised device on their network participating in a botnet.
Don't know if it'll help, but it makes me feel better.
#infosecBlaise Pabón - controlpl4n3 repeated this.
-
Embed this notice
All GNU social JP content and data are available under the