• Synology has officially announced the release of its latest DSM 7. Read more...

Question Have you ever tried randomly viewing the Synology DDNS names?

Currently reading
Question Have you ever tried randomly viewing the Synology DDNS names?

Geeked

NAS Hosted
Subscriber
137
63
nashosted.com
NAS
DS918+, DS218+(2), RS820+
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
A while back when I was assigning my NAS a DDNS, the names I was choosing were all taken. So naturally I pop them into the browser xxxxxx.synology.me. I was shocked to see so many insecure plex and emby installs. And some even had their port 5000 open! I guess I shouldn’t be that surprised.
 

Rusty

Moderator
NAS Support
3,786
1,089
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
That's how Synolocker got the best of most users out there a while back.
 
1,870
776
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I believe a lot of users think what’s available is only a synology.me domain, while there is more in the drop down menu.
I had a synology.me and then changed it. It’s too obvious.
 

Geeked

NAS Hosted
Subscriber
137
63
nashosted.com
NAS
DS918+, DS218+(2), RS820+
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
That's how Synolocker got the best of most users out there a while back.
I was thinking the same thing. This is like fishing in a barrel for hackers.
 
14
12
github.com
NAS
DS218J + APC Back-UPS BX700U-GR - Win10/RPi user
Lucky me my DDNS name (surname) was still available.
But it's horrible shocking indeed how many people have their network stuff wide open.
I'm not a it expert nor is it my income source but over the years self-taught a lot.
One thing i always keep in mind is to shut the door.
Have to admit as i just started a webserver which is the only thing open from outside my network.
Even then it's auto ported to HTTPS and protected as advised for DDOS/DOS/spamers/firewall rules ect ect.
Don't know what else i can do to protect.
Everything else i always do with VPN to connect to my home network.
 

Geeked

NAS Hosted
Subscriber
137
63
nashosted.com
NAS
DS918+, DS218+(2), RS820+
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
Lucky me my DDNS name (surname) was still available.
But it's horrible shocking indeed how many people have their network stuff wide open.
I'm not a it expert nor is it my income source but over the years self-taught a lot.
One thing i always keep in mind is to shut the door.
Have to admit as i just started a webserver which is the only thing open from outside my network.
Even then it's auto ported to HTTPS and protected as advised for DDOS/DOS/spamers/firewall rules ect ect.
Don't know what else i can do to protect.
Everything else i always do with VPN to connect to my home network.
That’s best practice really.
 

fredbert

Moderator
NAS Support
Subscriber
2,348
963
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Last edited:
Don't know what else i can do to protect.
Use DSM's firewall as well as the Internet router's firewall.

You can add rules to the DSM firewall that restrict the source locations of requests, such as:
  • deny from countries A, B, and C. And add multiple of these rules due to the 15 country per rule limit. or
  • if you only want your country, two rules in this order:
    • allow from my country
    • deny from all
It can be a bit 'belt and braces' but you can have a policy on both firewalls. You can even make the DSM firewall policy more restrictive, even to block LAN accesses for some services (such as from IoT devices: if you reserve IPs in DHCP and group IoT in a range ... that can be covered in one firewall rule).

And you could block you DSM admin account from access except from LAN/VPN IP. Only use standard accounts for day-to-day activities.

Oh and I don't allow my admin accounts to use VPN either... create the tunnel with standard users (actually I use a separate group of users managed by the LDAP server) and then access as admin down the tunnels.
 
14
12
github.com
NAS
DS218J + APC Back-UPS BX700U-GR - Win10/RPi user
Yep, DSM firewall is up aswell as the one on my router.
Router is DDOS protected and NAS and Raspberry also.
Firewall rules are also set as picture below.
Tide up false login attempts, Home network only accessible by VPN, everything else gets blocked.
Hope you can read Dutch, whahaha

rule 1, allow everthing from my local network
rule 2, allow everything from my WAN IP (VPN)
rule 3, allow everything only from my home country
rule 4, allow 80/433 from the entire world to visit my homepage
rule5, deny everything else
 

Attachments

  • Naamloos.png
    Naamloos.png
    233.2 KB · Views: 26

fredbert

Moderator
NAS Support
Subscriber
2,348
963
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Fair enough then!

Only thing then is don't use admin accounts when off the LAN ... to minimise any small chance of exposing these credentials. Same goes for your router ... manage it from the LAN.
 
134
35
NAS
DS918+, DS1815+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. Android
I have a own domain name and this is with ssl connected to my Nas. Domain host at dynu and this works goods and all my subdomains are encrypted.
 
14
12
github.com
NAS
DS218J + APC Back-UPS BX700U-GR - Win10/RPi user
Fair enough then!

Only thing then is don't use admin accounts when off the LAN ... to minimise any small chance of exposing these credentials. Same goes for your router ... manage it from the LAN.

Your right,
Fact is my phone which i occasionally use to log into DSM or my Home Automation is always connected to VPN when not using WiFi.
Main reason for it to be always VPN connected is to route my DNS via PiHole.
I know it can be maybe a wrong thought but via VPN i don't worry to leak my credentials.

@jphermans
Yep, at the moment i use xxxxxxx.synology.me for my website which is automatic ported to https (no port 80) and the cert is created via Let's Encrypt.
Do have my own domain name also but not suited for my current website try out.
 
134
35
NAS
DS918+, DS1815+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. Android
Yep, at the moment i use xxxxxxx.synology.me for my website which is automatic ported to https (no port 80) and the cert is created via Let's Encrypt.
Do have my own domain name also but not suited for my current website try out.
You can have more then 1 domain name. For the 10€ each year you have a .com domain name. Just the ssl certificate was more expensive because let's encrypt gives still not secured warnings in the browsers I have tested. (in het nederlands -> voor het kleine bedrag moet je het niet laten).
 
14
12
github.com
NAS
DS218J + APC Back-UPS BX700U-GR - Win10/RPi user
You can have more then 1 domain name. For the 10€ each year you have a .com domain name. Just the ssl certificate was more expensive because let's encrypt gives still not secured warnings in the browsers I have tested. (in het nederlands -> voor het kleine bedrag moet je het niet laten).

For external domain it's indeed a no go with ssl cert by let's encrypt.
For my synology.me no problems, which i currently use as my main domain name for my website.
Costs aren't high and i could get a cert by my domain name provider for a few bucks.
For now .synology.me and let's encrypt cert works flawless without errors in the browser and suites my needs for now.
 

NAS Newbie

Subscriber
447
89
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I believe a lot of users think what’s available is only a synology.me domain, while there is more in the drop down menu.
I had a synology.me and then changed it. It’s too obvious.
I know this is an old thread, but I'm reading thru old stuff trying to learn. I'm currently using the synology.me. I found where I can change to to other domains. If I were to change to other domains, what other settings might I need to update to paint to the currect DDNS? For example, I am currently myname.synology.me. I want to change it to newname.i234.me. I know that I'll have to update my bitwarden reverse proxy from bitwarden.myname.synology.me to bitwarden.newname.i234.me. I'd also have to get a new LE cert, and probably point any externally access containers like bitwarden to the new domain. Anything else I'm missing?
 

Rusty

Moderator
NAS Support
3,786
1,089
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I know this is an old thread, but I'm reading thru old stuff trying to learn. I'm currently using the synology.me. I found where I can change to to other domains. If I were to change to other domains, what other settings might I need to update to paint to the currect DDNS? For example, I am currently myname.synology.me. I want to change it to newname.i234.me. I know that I'll have to update my bitwarden reverse proxy from bitwarden.myname.synology.me to bitwarden.newname.i234.me. I'd also have to get a new LE cert, and probably point any externally access containers like bitwarden to the new domain. Anything else I'm missing?
You could just register a new domain name and use reverse proxy for all your services.
 

NAS Newbie

Subscriber
447
89
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
You could just register a new domain name and use reverse proxy for all your services.
I don't really understand what you mean. I'll have to update the new domain in the settings I listed above, correct? I'm still wrapping my head around reverse proxy.
 

Rusty

Moderator
NAS Support
3,786
1,089
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I don't really understand what you mean. I'll have to update the new domain in the settings I listed above, correct? I'm still wrapping my head around reverse proxy.
I’m just saying that if you do end up using a new domain name you can just use Reverse proxy settings on your nas to utilize that name and forward it to any service/docker continue on the nas.
 
107
3
NAS
DS920+
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. Android
  2. iOS
I have a question (I'm a noob): I have set a DDNS XX.synology.me and I am using OpenVPN.

In my OpenVPN config File I defined my DDNS URL and not my IP followed by the port number

Does it mean that who found out my DDNS can also "brute force" the login via VPN?
 

Rusty

Moderator
NAS Support
3,786
1,089
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I have a question (I'm a noob): I have set a DDNS XX.synology.me and I am using OpenVPN.

In my OpenVPN config File I defined my DDNS URL and not my IP followed by the port number

Does it mean that who found out my DDNS can also "brute force" the login via VPN?
No.They need the file with certificate, and also they need to know dsm account that has access to use vpn. Also you can use the firewall to control from where access via vpn can be achieved
 
1,870
776
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I want to change it to newname.i234.me.
I’m using the i234.me on all my DiskStations. I find it more obscure than the obvious synology.me.
Rusty covered the rest :)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top