http://www.securiteam.com/securitynews/5WP010U9FY.html

Now I cannot recreate said exploit but do not have web logging turned so that may be the work around ... or it is simply bogus to begin with. I go and put bunk info in the login prompt and do see the error reported in the dnas window as stated in this report.

Come to think of it, I have no logging whatsoever. SC would build a huge file too fast even with touches removed and I hated having to manually delete it every couple days.

I only ever get to see just what is in the Tail Logfile screen, which is enough info for me since I only have a meager 10 litstener capability.

Thought I'd put this out here for everyone to see however.

yes, I am using DNAS 1.9.2/Win32

well one way to combat this is to make sure that all authorization boxes point to your server. The box will tell you where the request is coming from.

Care to elaborate?

if you go to your online log page, and a dialog window pops up you should definately be cautious, but the dialog box contains the location of the attacker's script, that can be used to determine where the data you enter is going.

Gotcha .. for seem reason I thought you were talking about the one I always get when logging into the admin page ..

Yes, if I went to the log and got one .. I would be quite suspicious!

now if only I could spell first time around