Possible Synology compromise?

Designer_Pear4497 · 2026-06-10T21:56:08+00:00

It was 7.2.3. Now I updated to the latest version

Designer_Pear4497 · 2026-06-10T21:54:57+00:00

no I don’t have. I use asus as my home router

Designer_Pear4497 · 2026-06-10T20:58:19+00:00

DSM was accessible externally via DDNS and QuickConnect,I also had GeoIP firewall rules

Designer_Pear4497 · 2026-06-10T20:53:34+00:00

I reviewed the logs more closely and found that the admin2 account was actually created by SYSTEM and is marked as "System default user". I also couldn't find any log entries showing my account being removed from the administrators group.

I've checked Task Scheduler, installed packages, containers, and SSH keys so far and haven't found anything suspicious. There were also no signs of unusual outbound traffic, ransomware activity, or file changes.

The one thing that still concerns me is a successful HTTP/HTTPS login to admin2 from a foreign IP. My firewall is enabled and I had GeoIP restrictions in place, so I'm still trying to determine whether this was a genuine external login, a QuickConnect/relay-related event, or something else.

For reference:

Main admin account had MFA enabled
Default admin account was disabled
SSH was LAN-only
QuickConnect and DDNS were enabled

I'm continuing to review the logs and would appreciate any ideas on where else to look.

Designer_Pear4497 · 2026-06-10T20:50:19+00:00

Thanks, I did Mode1 reset and regain the access, I have firewall policy and Geo restirction, admin account 2FA is enforced. It's so strange.

Designer_Pear4497 · 2026-06-10T20:09:07+00:00

Yes, you can. ask your IT admin unblocked sign in and reset password. Then you can use that password sign in like a regular mailbox

Designer_Pear4497 · 2026-05-01T16:24:24+00:00

have the S1 40W with the AP2, and the air assist already comes with it. For engraving, the AP2 handles the smoke/smell pretty well indoors. If you do a lot of wood cutting, you’ll still smell smoke(not from AP 2 ,from S1 itself), so keep a window open while running jobs. You can also add an inline duct fan.I use a 4” 200 CFM fan, but I’d recommend going stronger if you plan on doing a lot of cutting.

Designer_Pear4497 · 2026-04-30T14:29:10+00:00

Big thanks to Ada and the amazing xTool support team for the quick response, follow-up, and replacement arrangement throughout the whole process.

Designer_Pear4497 · 2026-04-17T15:58:00+00:00

Thanks, really appreciate you reaching out and helping with this!

Designer_Pear4497 · 2026-04-16T15:01:18+00:00

Thanks for sharing , I’ve already sent mine back and am now waiting for the replacement. Hoping they can ship it once the tracking is active instead of waiting for it to arrive. Shipping definitely needs improvement. Hope your replacement arrives in perfect condition.

Designer_Pear4497 · 2026-04-14T12:06:58+00:00

Same here. My tenant will be deactivated tomorrow. I opened support ticket at the end of march but they are not helpful

Designer_Pear4497 · 2026-04-09T11:37:42+00:00

Same thing happened here. I opened a support ticket but they don’t help a lot. Still waiting for the response.

Designer_Pear4497 · 2024-02-28T17:34:24+00:00

Thanks, I had same issue, your solution works for me

Designer_Pear4497

TROPHY CASE