No announcement yet.

IMPORTANT: Stop forwarding your LMS ports to the internet!

This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

    Thank you

    Thanks for the info.


    Originally posted by judojimmie View Post
    Just a warning to anyone who blocked theses ports in the past. If you get a new router and and use Synology's automatic router configuration, pay a little more attention than I did. I had blocked theses ports years ago on my old router and did not think to tell the server to not open them back up. Of course someone with too much time on there hands found them and locked me out of my LMS.

    Of note, I informed Synology that they should not allow the automatic router configuration tool to do this as it is a known exploit. They basically told me it was my fault for using their software . Fair enough, but it is the first time I've had a response from Synology that annoyed me in the 9 years I've been using there servers.


      Can confirm this is a real issue - I ignored the warnings because I couldn't find any decent instructions on how to set up a VPN tunnel (and not knowledgeable about the difference between a commercial VPN provider, such as, which was the only type of VPN I knew about, and confused it with the type of VPN server you need for LMS, on your router for example, I am now using an Asus router with Merlin firmware VPN server, that you need to set up to access LMS remotely and securely). Setting up the VPN server takes five clicks on the router and then you download the OpenVPN Connect Android app on the remote device you wish to use - export an .ovpn configuration file from your router interface - import this into the Android device - and you're done. When I had port forwarding on I got hacked after about a month - woke up at 5am to the sounds of some sweet Cuban music - shut down everything - set up the VPN approach next day.