Criminal IP Analysis Report on Recent Hidden Malicious Code Sites on a Chinese HFS HTTP File Servers
NAS has become an increasingly common way to handle files and backup storage. As usage increases, NAS security issues, particularly with QNAP and Synology products, are frequently spotted.
In addition to its vulnerabilities with CVE ID, critical NAS data is exposed to the internet defenselessly, making it easy to be leaked by simple attacks that randomly test key combinations and potential passwords to log into a user’s account.
Apart from the commercial NAS software, issues with free and open-source NAS software have been increasing recently as well, HFS HTTP File Server being the case. With its features like installing with a few clicks, uploading files with drag and drop, sharing files externally through URL, the HFS HTTP File Server has become a common software for individuals as well as small enterprises. The image below shows HFS HTTP File Server when running.
The fatal problem with the HFS HTTP File Sever is that unlike Synology or QNAP, it does not require any authentication in the default state. What this implies is that in this case, all of the files stored in the server are accessible and downloadable to the public which could lead to data leakage. Below is the result of globally exposed HFS severs after searching HFS port:8080 on Criminal IP . At the time of writing we can see that over 1,500 servers were exposed externally.
