a log-in alert script?

[dagon]

i'm new to router firmware modding, and don't know make scripts or anything.
but i want to use the merlin firmware, so that i can use the skynet script, but i realized that if i use the
merlin firmware, allowing scripts to install to the jffs partition could become a target to an attacker?
i'm not techie enough to know if my script has been modified in some way..

if i knew by getting an alert of a login on the router, or if access to root had been gained by anyone.. a script that automatically alerted me about this would be extremely useful.
i know that putting features into the firmware itself is not on the agenda as the faq said, but one could make a script for this could they not?
AI protection uses an email alert, if this email alert was modded somehow to make login/root access alerts?. i would feel a lot more secure knowing ASAP that someone was in the router, rather than waiting to find out the hard way.
maybe asus would consider adding this feature?

 

[L&LD]

If you set up your router properly there is a very small chance that an attacker could install or modify code on the jffs partition. Possible? Yes. But not without having access to the router and/or network itself in the first place. Certainly not worth doing for an attacker for the small potential gains that might be reaped from a home user either.

What you're asking for has been discussed in the not too distant past, but you would need to script these enhancements on your own.

If you follow proper router set up, have Skynet (at a minimum) installed, and generally use safe browsing habits (most breaches don't happen from outside the network, but from within), then the benefits of having scripts enabled far outweigh the negatives that you're envisioning.

 

[dagon]

If you set up your router properly there is a very small chance that an attacker could install or modify code on the jffs partition. Possible? Yes. But not without having access to the router and/or network itself in the first place. Certainly not worth doing for an attacker for the small potential gains that might be reaped from a home user either.

What you're asking for has been discussed in the not too distant past, but you would need to script these enhancements on your own.

If you follow proper router set up, have Skynet (at a minimum) installed, and generally use safe browsing habits (most breaches don't happen from outside the network, but from within), then the benefits of having scripts enabled far outweigh the negatives that you're envisioning.

if other people don't think its useful then i guess i'm wrong.
if someone creates a fund raiser to pay a person to script it i would add a contribution

 

[thelonelycoder]

if i knew by getting an alert of a login on the router, or if access to root had been gained by anyone.. a script that automatically alerted me about this would be extremely useful.
i know that putting features into the firmware itself is not on the agenda as the faq said, but one could make a script for this could they not?

Login trough SSH is logged to the router's syslog.
You could look in there periodically to check.

There's only one user, and practically all commands are run with its privileges: root
The root user name is the same name as your login name, usually admin.

 

[dagon]

Login trough SSH is logged to the router's syslog.
You could look in there periodically to check.

There's only one user, and practically all commands are run with its privileges: root
The root user name is the same name as your login name, usually admin.

so it would be hard to write a script that could differentiate between a logged in person typing new commands and the router doing automated commands?

i will figure out this syslog checking you say.

 

[HarryH3]

Most attacks try to guess the password for the user "admin". You can change the username to something else by going to the Administration page, then clicking on the System tab. Change the Router Login Name in the first section. Forcing attackers to guess both the username AND password makes successful attacks far more difficult.

 

[dagon]

Most attacks try to guess the password for the user "admin". You can change the username to something else by going to the Administration page, then clicking on the System tab. Change the Router Login Name in the first section. Forcing attackers to guess both the username AND password makes successful attacks far more difficult.

i understand that they would need to enable wan access and ssh access to log in remotely.
they could only do that if they break in to my windows and key log me for a few weeks.

i have internet security software, but i have seen videos where they bypassed that.

i embarrassed a computer sci major at uni, turns out to be a narcissist.
few months later my android phone is hacked so i had to start learning security.
i think he is pretty determined.
i change passwords regular, 2fa everything. wipe OS and reset to factory every now and then.
they hacked into my mothers email account and emailed me from it, so now i have to make sure my family are set up with 2fa etc.

 

[ColinTaylor]

they hacked into my mothers email account and emailed me from it,

Report it to the police.

 

[L&LD]

i understand that they would need to enable wan access and ssh access to log in remotely.
they could only do that if they break in to my windows and key log me for a few weeks.

i have internet security software, but i have seen videos where they bypassed that.

i embarrassed a computer sci major at uni, turns out to be a narcissist.
few months later my android phone is hacked so i had to start learning security.
i think he is pretty determined.
i change passwords regular, 2fa everything. wipe OS and reset to factory every now and then.
they hacked into my mothers email account and emailed me from it, so now i have to make sure my family are set up with 2fa etc.

How do you know that they hacked your mother's email account? An email can be faked to be coming from anyone's account.

I agree with ColinTaylor too, report this to the police if this is a valid threat from a specific individual you know.