Account
Protect your account from external attacks.
Auto Block
The auto block feature helps improve the security of your DiskStation by blocking the IP addresses of clients with too many failed login attempts. This helps reduce the risk of accounts being broken into using brute-force attacks.
You can also create and manage an allow list to add IP addresses that you trust, or a block list to always prevent certain IP addresses from logging in.
Note:
- Various services and packages support auto block, such as the following: DSM, SSH, Telnet, rsync, network backup, shared folder sync, FTP, WebDAV, File Station, Photo Station, Audio Station, Video Station, Download Station, Mail Server, Mail Station, Time Backup, VPN Server, Cloud Station, and Synology mobile apps.
To enable auto block:
- Open Control Panel and go to Security > Auto Block.
- Tick Enable auto block.
- Enter a number of failed login attempts in the Login attempts field and a number of minutes in the Within (minutes) field. An IP address shall be blocked when it exceeds the number of failed login attempts within the specified number of minutes.
- Tick Enable block expiration and enter a number to remove a blocked IP address after the specified number of days.
- Click Apply to save settings.
Managing Block List
Click Allow/Block List, and go to the Block List tab.
To add IP addresses:
Choose either of the following from the Create drop-down menu:
- Add IP address: Enter an IP address and set the expiration time.
- Import IP address list: Import a text file that lists IP addresses to add a number of IP addresses and set the expiration time all at once. Tick the checkbox if you want to overwrite existing IP addresses. If this option is not selected, duplicate IP addresses will be skipped.
If the file you selected has a correct format, you will see all the IP addresses in the preview area. Click OK to import.
Note:
To import a file, the file must meet the following criteria:
- The file must be a plain text file.
- Each line of the file can contain only one IP address.
- Comment lines begin with a # (pound sign).
To remove blocked IP addresses:
Select the IP addresses you want to remove from the list and click Remove.
Managing Allow List
Click Allow/Block List, and go to the Allow List tab.
To add IP addresses:
Choose either of the following from the Create drop-down menu:
- Add IP address: Enter an IP address, IP range, subnet, or domain name.
- Import IP address list: Import a text file that lists IP addresses to add a number of IP addresses all at once. Tick the checkbox if you want to overwrite existing IP addresses. If this option is not selected, duplicate IP addresses will be skipped.
If the file you selected has a correct format, you will see all the IP addresses in the preview area. Click OK to import.
Note:
To import a file, the file must meet the following criteria:
- The file must be a plain text file.
- Each line of the file can contain only either an IP address, an IP range (192.168.1.1 - 192.168.1.10), a subnet (192.168.1.1/255.255.0.0), or a domain name (www.synology.com).
- Comment lines begin with a # (pound sign).
To remove IP addresses:
Select the IP addresses you want to remove from the list and click Remove.
Note:
- If your DiskStation device is behind a reverse proxy server, please add the IP address of that reverse proxy server to the allow list.
Account Protection
Account Protection helps improve the security of your DiskStation by protecting the accounts from untrusted clients with too many failed login attempts. This helps reduce the risk of accounts being broken by brute-force attacks.
Note:
- Supported services and packages: DSM, File Station, Audio Station, Video Station, Download Station, Mail Station, Cloud Station, and Synology mobile apps.
To enable account protection:
- Go to Control Panel > Security > Account Protection.
- Tick Enable Account Protection.
- Specify a number in the field Login attempts and Within (minutes). An untrusted client will be blocked if it fails to log in too many times within the predefined period of time.
- Specify a number in the field Unblock (minutes later). The account protection will be canceled after the predefined period of time.
- Click Apply to save settings.
To cancel protection of selected accounts
- Click Manage Protected Accounts.
- Select the accounts to be canceled, and click Cancel Protection.
To unblock trusted clients
- Click Manage Trusted Devices.
- Select the clients to be unblocked, and click Unblock.