Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Wutikorn

    Was my router's username and password hacked?

    Agree, baidu is not a good website, for some reason, my Chinese IP camera was connecting to baidu.com thousands of times a month, I'm considering to throw that thing away. But for now, I have baidu in blacklist. I should also put hao123.com too. I'm curious why you put kapook.com to...
  2. Wutikorn

    Was my router's username and password hacked?

    There have been reports about malware on android that changes DNS setting, but I have not faced one. I heard that the main target of one of DNS changing attack is in China, but there could be several more attacks. When I was reading about one DNS changing attack that its main target is China...
  3. Wutikorn

    Was my router's username and password hacked?

    So should Asus be told about this problem?
  4. Wutikorn

    Was my router's username and password hacked?

    Is there any log about what they are trying to do with infected routers?
  5. Wutikorn

    Was my router's username and password hacked?

    What firmware are you running? It seems like the router still allow the brute force attack to continue even it knows that that is abnormal behaviours. It would be better if the router block the login attempt after several failed attempts for several minutes(5-60minutes). It does seem like...
  6. Wutikorn

    Was my router's username and password hacked?

    Administration-> System-> SSH Daemon -> make sure it's not LAN+WAN(if SSH port is 2222, it's likely that you have been hacked with the same attacker as me), Administration-> System-> Web Interface -> Enable Web Access from WAN -> No -> apply If you do have AiProtection, go to network...
  7. Wutikorn

    Was my router's username and password hacked?

    No, only logs in post 17th of this blog that I see. But a few hours before that, there was nothing, only VPN logs. Note that I change default log level and log message level to one level higher than defaults. Edit: In post 17th of this blog, it's the first SSH login from WAN, and nothing I...
  8. Wutikorn

    Was my router's username and password hacked?

    Since you have Web Access from WAN on, and attacker got our credentials somehow, probably through vulnerability, the attacker can use credentials to login to WebUI from WAN, enable SSH, do some bad stuff and disable SSH(or leave it on). So the problem here is not SSH, but how the attacker get...
  9. Wutikorn

    Was my router's username and password hacked?

    Since they had accessed through SSH, they can do almost everything. So don't forget to reflash firmware, reset to defaults, and wipe out JFFS partition if you have one.
  10. Wutikorn

    [Test build] Asuswrt-Merlin 380.65 alpha builds

    That had been reported, and had been fixed and will be able to you on the next Alpha version or you can compile the firmware yourself. Read more on in page 1 and 2.
  11. Wutikorn

    [Security] - reminder to stay secure

    I don't think it is the same issue. I'm not sure if the linked issue was fixed, but since there is new problem, sfx just quoted fixes that normally help in most of the case.
  12. Wutikorn

    [Security] - reminder to stay secure

    I searched in System log page in the GUI using Windows 10 device through Chrome. It will search all text in the log file without us having to scroll up and down, not sure if this is what you asked. you can also try searching another common words to see if, in your browser, it searches the...
  13. Wutikorn

    Was my router's username and password hacked?

    It has been a long time since I used it, but I don't think it will enable Access from WAN without permission. Only if we want to use the app from outside LAN, it will ask us to enable that Web Access from WAN, and may modify our setting after we have agreed.
  14. Wutikorn

    [Security] - reminder to stay secure

    I would like to add, just use Ctrl+F and search for "Password auth succeeded" in system logs. If any line show "Password auth succeeded" with unknown IP at the back, then it is likely that the router had been hacked. For example, this was what happened to mine: dropbear[18810]: Password auth...
  15. Wutikorn

    Was my router's username and password hacked?

    That's the case. Normal users won't be accessing SSH or even router's WebUI every few days. The main reason I started to suspect is when I was unable to use SSH on my router as they change SSH port to 2222. If they had not changed port, but changed to LAN+WAN, I would not know for much longer...
  16. Wutikorn

    Was my router's username and password hacked?

    Code: Dec 31 20:35:08 kernel: klogd started: BusyBox v1.25.1 (2016-12-28 03:38:06 EST) Dec 31 20:35:10 RT-AC68U: start httpd - SSL Dec 31 20:35:10 RT-AC68U: start httpd Dec 31 20:35:10 miniupnpd[18806]: HTTP listening on port 35006 Dec 31 20:35:10 miniupnpd[18806]: Listening for NAT-PMP/PCP...
  17. Wutikorn

    Malicious access, only 1 attempt

    Doesn't factory default reset wipes out JFFS partition?
  18. Wutikorn

    Was my router's username and password hacked?

    My attack also started 31st Dec 16. Just curious if you have any IoT device or PCs you suspect to be the cause? I tried GRC shieldup, everything is fine, but I will try routersecurity.org to see how well it goes. Let me know if you find other links more better at testing.
  19. Wutikorn

    Was my router's username and password hacked?

    Thanks for all suggestions. I will factory reset router, re-flash it and won't enable those access. Thanks for links, that's a lot for 3 days. That's interesting, I just know it will report if the password is wrong and there is no report about bad attempt, so I will check my PCs and phones...
  20. Wutikorn

    Was my router's username and password hacked?

    I found out that SSH setting was changed by something or someone else. It was changed from LAN only to LAN+WAN and SSH port was changed to 2222 instead of 22. At first, I thought I might have done it when surfing around router's WebUI, so I changed the setting back to LAN and port 22...
Top