"Warning: JFFS enabled", but it's not. Hacked?

[o-l-a-v]

I suspect that I once got hacked when I enabled wan access to router interface about a year ago. Some time after I logged in to my router, and it said someone was already logged in to it. I factory reset, and formatted JFFS through router GUI, and never enabled WAN access again. Ever since I get this warning in the firmware upgrade session:

WARNING, you have JFFS enabled.

This is after a factory reset, JFFS format, firmware flash to latest 66_4, and then another factory reset.

As you can see, JFFS is not enabled.

Is this a standard message always showing when upgrading firmware? Or is it possible that someone, or something (server, script) have edited something that can't be reverted through router GUI? What's next, enabling SSH and searching for modified files on the router?


- Olav

 

[Deleted member 22229]

Normal i think Merlin uses JFFS as some sort of memory storage even though its disabled in the GUI. I may not have said that correctly but yeah. Im sure someone else can explain it better.

 

[john9527]

JFFS is now enabled by default and cannot be disabled since the base firmware uses the storage. The two options you show just control reformatting it or executing custom scripts which you may have created that are stored there.

 

[o-l-a-v]

Roger that, thanks guys I was worried some cyber criminal was snooping on my web traffic.

 

[sfx2000]

Roger that, thanks guys I was worried some cyber criminal was snooping on my web traffic.

As long as you don't expose services to the WAN side (good example here is SSH, and also the HTTP WebGUI), you should be fairly safe...

 

[Deleted member 22229]

HTTP WebGUI

How is this a issue since its on your lan side ?

 

[sfx2000]

How is this a issue since its on your lan side ?

WAN Access is an option for the WebGUI...

 

[Deleted member 22229]

Ok i was assuming access from wan was disabled.