Synology SSH Attack: How To Disable SSH?

Synology SSH Attack How To Disable SSH

We have all been confronted with various ongoing attacks on our synology, attacks which aim to breach through the SSH 22 open port. These attacks directed at our synology are called brute force attacks. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. The attacks come from all over the world and are continuous, day after day. Take a look at this notification list in my admin area.

ssh attack synology

Warning notification on system log.

brute force attack synology

The auto block feature helps improve the security of your Synology NAS by blocking the IP addresses of clients with too many failed login attempts. This helps reduce the risk of accounts being broken into using brute-force attacks. Enabling auto block will automatically block IP addresses after exceeding a certain number of failed login attempts within the specified number of minutes. The number includes all failed login attempts via SRM, SSH, FTP, WebDAV, File Station, Download Station, VPN Server, and Synology mobile apps.

To enable auto block:
– Control Panel / Security / Account, in the Auto Block tab, check Enable auto block.
– Enter a number of failed login attempts in Login attempts and a number of minutes in Within (minutes). I enabled a maximum of 1 login attempts before the intruder is blocked. Not recommended: If you want to automatically remove a blocked IP address after a certain number of days, check Enable block expiration and enter a number in Unblock after (days).
– Click Apply to save your changes.

autoblock ip ssh

How to stop these attacks? Download the updated block ip list (deny ip list) directly from here and follow the instruction in the link.

If you do not use the SFTP service or SSH service that connects to port 22, disable port 22 on your router “PORT FORWARDING” and the problem is solved automatically because there is a firewall that will do its work in the background without you receiving any more notifications. So, activating or not activating port 22 depends on how you use your synology NAS.

If you want to disable all services using port 22 follow these images and deactivate it on SFTP and SSH. Remember: If you want to use the SFTP service again, you have to open port 22 on your router port forwarding once again and activate the SFTP service on control panel too.

disable sftp service

disable ssh service

Although you may be using the built-in firewall on your synology blocking several countries, soon you will find that it does not work as it should and despite being activated, some nations will still be able to try to enter port 22. You will notice this because in the blocked ip list you will continue to see individual ip’s coming from the blocked nations, despite those nations being blocked previously in the firewall.

I’m worried about notifications: You do not have to worry about notifications because if you have a strong password, the system will be able to block any intruder without you having to do anything. If the notification icons are bothering you, you can disable them in the notification center. Simple, right?

Last Updated on by Marius Bogdan Lixandru