SMS786
Senior Member
Thanks
Possibly been hacked. Need assistant from senior users.
- Thread starter Rubenel
- Start date
DonnyJohnny
Very Senior Member
lol.. skynet is in this forum... see the first page and find out yourself.. u will need a 1gb above flash drive for it.
dlandiss
Very Senior Member
there is only one person here who can truly be running the "latest"
Would you please not say such things when I have a mouth full of coffee? I nearly snorted it all over!
Looking hard at my security since being hacked...
Should my Amazon Alexa device be attached to a Guest Network with no intranet access? Maybe I answered my own question, if I did that then I couldn't tell Alexa to turn on the lights, etc. unless those other devices were also on the guest network, right? but then I can't see what is connected, right?
How about my SmartThings hub? (connected by wire)
How about my cameras?
What is the proper way to setup IoT (internet of things)?
Should my Amazon Alexa device be attached to a Guest Network with no intranet access? Maybe I answered my own question, if I did that then I couldn't tell Alexa to turn on the lights, etc. unless those other devices were also on the guest network, right? but then I can't see what is connected, right?
How about my SmartThings hub? (connected by wire)
How about my cameras?
What is the proper way to setup IoT (internet of things)?
Administration-System-Persistent JFFS2 partition-Format JFFS partition at next boot. Reboot of coz. Then u can check the /jffs directory after the reboot.
Just imagine this is a pc and the OS is windows. Everytime boot up or some scheduled task auto start up. When u cleared your OS and using default setting, the “scheduled” task or auto start up app will be removed. But the malicious files loaded by the hacker may still present in some part of your external storage like your USB drives, waiting for you to accidentally click or execute them. So if u know what is in your drives . Then good for you. See before u open the files...
Good to see the thread is active... awareness is important... better to be safe than sorry. Especially randomware these days.
Today the internet world seems happening with lots of probing and ddos going on...
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=2&time=17619&view=map
Maybe it is Good Friday... well.. enjoy your holiday and stay safe...
You wrote "Then u can check the /jffs directory after the reboot"
Searched around....how can I check the jffs and what is it I am looking for? thx
Those "attacks" are items blocked by AiProtection , in other words nothing to worry about.
They are the result of bots looking for unpatched systems , most people running AiProtection will be seeing them every day. Previously stuff like that was blocked but there was no GUI entry to scare you.
Annoyingly, my smartplugs need access to the internet for the scheduling to work. If I turn off their internet access in the GUI then I can still use Alexa and the phone app to control them... most of the time. Sometimes they don't work, but usually they do. I'd like to be able to set them up to operate per-MAC-address whitelist-only, but there doesn't seem to be a good solution for that yet. If Alexa doesn't have internet access, she won't work at all since your voice and everything gets processed on Amazon servers.
It's safe to say that passwords have probably been comprised & now changed. But what about;
-inbuilt VPNServer certificates?
-DDNS address?
-IP address/es?
Should I change these now too?
Thanks for Skynet link, will have read of that. Didn't realise it was right here in this forum haha.
-inbuilt VPNServer certificates?
-DDNS address?
-IP address/es?
Should I change these now too?
Thanks for Skynet link, will have read of that. Didn't realise it was right here in this forum haha
.
58chev
Regular Contributor
@OOo ,
If you are worried about your cameras, there is a lot of good info here = https://ipcamtalk.com/
The one thing with your cameras is to make sure you are NOT using uPNP
I would change your subnet. (If you had 192.168.1.x, change to 192.168.130.x or something...)It's safe to say that passwords have probably been comprised & now changed. But what about;
-inbuilt VPNServer certificates?
-DDNS address?
-IP address/es?
Should I change these now too?
Thanks for Skynet link, will have read of that. Didn't realise it was right here in this forum haha
Couldn't hurt to generate new VPN certs as well.
Not sure what you mean about generating new DDNS addresses... I guess it wouldn't hurt, but Skynet should help keep the BGs out.
JemTheWire
Senior Member
If the attacks are showing as red in the AIProtection graph, doesn’t that mean the attacks have been blocked from getting through?
Yes, that's my interpretation. Anything 'getting through' wouldn't show up at all since there wouldn't be a signature to register.
What I was suggesting is my AIProtection graph showed no "hits" last Sunday, or Saturday. All during the work week. Suspicious, no? I will watch it again this week.
I just read through this thread after finding that Web access from WAN had become enabled on my AC86U running 384.4.2 after knowing it was disabled previously. I posted about this in the PixelServ thread here.
After testing, it is indeed the ASUS mobile app that is enabling WAN access and DDNS. Considering the security implications and several reports of compromised routers, perhaps it's worth having a sticky post warning that the mobile app enabled these services without user consent?
After testing, it is indeed the ASUS mobile app that is enabling WAN access and DDNS. Considering the security implications and several reports of compromised routers, perhaps it's worth having a sticky post warning that the mobile app enabled these services without user consent?
Or switch to John's fork, which remains actively maintained.
Watch what? The "attacks" are not aimed at you in person, it is bots searching the net , these things bounce off systems that are properly secured.
Everyone on the net gets these "attacks" , just keep your router firmware up to date.
Before Trend Micro added the hit list to the GUI were you being hacked/compromised every day?
If you are genuinely attacked you'll know about it.
Can someone please help with following;
Under the AiProtection->Security Event section it lists a MAC address. This same address is listed under Tools->Sysinfo on the WAN port (it says there's 2 there on VLAN). But I can't determine what device this is as it doesn't show under NetworkMap->ClientList or anywhere else in the router. I've checked all other devices too & it's nowhere else, so I'm at a loss.
Under the AiProtection->Security Event section it lists a MAC address. This same address is listed under Tools->Sysinfo on the WAN port (it says there's 2 there on VLAN). But I can't determine what device this is as it doesn't show under NetworkMap->ClientList or anywhere else in the router. I've checked all other devices too & it's nowhere else, so I'm at a loss
.Similar threads
Similar threads
-
-
Fixed: Reminder: The system time has not been synchronized with an NTP server.- Started by Chuckles67
- Replies: 0
-
My whole network has been randomly freezing up and when it does the log sayes this:
- Started by Ressegger
- Replies: 4
-
-
-
-
[HACKED?] SSH not working all of a sudden (and strange log lines) - RTAC87U
- Started by elbubi
- Replies: 17
Latest threads
-
-
ASUS RT-AC86U Firmware version 3.0.0.4.386_51955 (2024/11/08)
- Started by lepicane
- Replies: 0
-
iPhone 16 Pro w/ GT-Be98 Pro & BQ16
- Started by Jadehsn
- Replies: 0
-
-
Release ASUS ZenWiFi Pro ET12 Firmware version 3.0.0.4.З88_24610 (2024/11/08)- Started by rudoyeugene
- Replies: 0
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!