Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[gcoxii]

I logged into my dns this morning and found a new user called remote. with rights to sudo,wheel,wheel. I am sure it wasn't trhere the last time i logged in. Basically, i have a ddns enabled and ftp. I turned off ftp. Not sure if this is something within the system or is someone in my dns

[cable2]

Hi, check to see if you have the latest firmware. If not, download and install it.  After you update, login and change the admin password to something more secure.  Delete the user you are suspicious of, make sure to give all the users you want to keep a more secure password.  Go and change the password on your DDNS account.  Not sure how you are using your FTP, but lookin to using the SSL/TLS type of connection to access your DNS.  I maybe a bit paranoid, but better safe than sorry.

[Talisman]

Sorry to start up an old topic however I cannot find much information about this problem ANYWHERE except this post and I am seeing exactly the same accounts appearing.

Does anyone know what the "remote" account, "sudo" and "wheel" group accounts on a Dlink NAS with fun_plug installed relate to? Are they as sinister as they seem?
Every time I delete the "remote" account it appears again about a half hour later. Nothing in the log either. I have closed the firewall to the NAS so in theory is only accessible on the local network.
Please, if anyone has any knowledge of what these accounts are can they let me know.
Many thanks in advance!
Chris

[ivan]

Have you tried asking over on http://forum.dsmg600.info/viewforum.php?id=14 where they deal with fun_plug and such things?

[Talisman]

Thanks, i will give that a try. Does anyone know if these accounts can appear as a result of using any of the built in applications on the Dlink NAS i.e. Ajaxplorer?

[I am not a bot.]

I first noticed something was wrong when I hadn't received my weekly SMART test emails for 3 weeks.  I couldn't login with any of the accounts I've set up.  Once I rebooted my DNS-320 I could login like normal and then found the remote user in the sudo and wheel groups.  Instead of deleting it, I updated the password, removed all groups, and denied access to all shares.  I then updated the firmware and finally deleted the remote user.  I was on firmware verison 2.0 dated 2010 and have since updated to 2.05 dated 2/2016.  I just installed the patch today so I can't confirm yet whether this was the issue I was experiencing.

EDIT: As soon as I posted this reply, I found this topic about the new firmware update: http://forums.dlink.com/index.php?topic=65608.0 

[FurryNutz]

Let us know if the new version of FW works for you...

I first noticed something was wrong when I hadn't received my weekly SMART test emails for 3 weeks.  I couldn't login with any of the accounts I've set up.  Once I rebooted my DNS-320 I could login like normal and then found the remote user in the sudo and wheel groups.  Instead of deleting it, I updated the password, removed all groups, and denied access to all shares.  I then updated the firmware and finally deleted the remote user.  I was on firmware verison 2.0 dated 2010 and have since updated to 2.05 dated 2/2016.  I just installed the patch today so I can't confirm yet whether this was the issue I was experiencing.

EDIT: As soon as I posted this reply, I found this topic about the new firmware update: http://forums.dlink.com/index.php?topic=65608.0