Thanks for the kind words!
I bought a QNAP for testing and writing documentation for PhotoStructure.
I have been, frankly, astounded at how lax their security is: it’s why their hardware (which is nice!) is conspicuously missing from my NAS guide. Just to get a taste of what I’m talking about:
- At least on my device, all processes on the device run as root (!!).
This was not fixed in QTS 5.0. - They had an insecure backdoor account that they just removed a couple months ago.
- QNAP ransomware like qlocker and qsnatch is far too common. And to be fair, Synology isn’t immune to ransomware!
I keep my QNAP powered off most of the time, only turning it on to reproduce a customer issue, apply an update, or to update PhotoStructure installation docs.
So what do I recommend?
- Make sure you have backups for your files, especially with a focus to minimize exposure to cryptolockers.
- Do not expose network ports to the WAN if at all possible. You can use cloudflare to expose self-hosted servers like PhotoStructure.
- Disable uPnP
- Configure your systems to automatically apply security patches.
- Where possible, run software with “role users” with reduced permissions.
I wrote this up last night: Server hardening for beginners
Be safe out there!