QNAP Releases Fixes for Three Big Vulnerabilities and How to Stay Safer

May 9, 2021
If you are unfortunate enough to already own a QNAP NAS (full disclosure, I own 3)

Step 1. Never, ever expose any NAS directly to the WAN. No exceptions!
Step 2. Disable any and all OEM provided remote access cloud service/capabilities, and disable uPnP on your NAS and firewall.
Step 3. Replace QTS by installing TrueNAS CORE/SCALE
Step 4. Replace your existing router/firewall with enterprise class open source SW from pfSense® - World's Most Trusted Open Source Firewall
Step 5. Make sure to implement a 3-2-1 and some form of G-F-S backup strategy.
Step 6. Vow to never, ever buy another QNAP device again.


Apr 21, 2017
For chills check out Chris Titus from yesterday:

Got to hand it to him, bought compatible chassis, got lucky with sourcing it with next day shipping, knew what he was doing when enabling SSH and rsync'ing everything from the past 30 days off the drives, which QNAP did not recognize but which Linux apparently assembled back into the RAID sufficiently enough and automatically on boot. Whew. Talk about putting too many eggs into one basket. Also lucky the dead QNAP didn't damage the drives, as in overvoltage from PSU or such.

If you can afford it, use LTO tape backup and ZFS for data integrity. Just bought 60 more LTO-6 tapes for 12 EUR a piece for the company. 2.5 TB per tape without tricks. Store last full batch offsite.
May 11, 2020
Good idea. Just checked lto6 tape drive prices and they seem to be pretty great. When i bought lto4 drive it wasn't bleeding edge anymore at the time but it was expensive. And ebay listed them for something like slightly under 1k... I was omg, and until now i was under impression that still stands. I mean we have lto9 right now i guess? The tape drive itself is gonna cost a dime now, but it seems something like lto6 is very much affordable now. Tapes are great if you know your way around.