What's new

How do I check my RT-N66U's login attempts etc, getting hacked

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mummel

Regular Contributor
I've had some issues with bots trying to hack my NAS. Where can I find a log of all IPs that have remotely tried to, or successfully accessed, my router, or any devices on my home network.

Is there a log somewhere of failed connections, or a log of successful connections, that I can review?

Thanks all.
 
I've had some issues with bots trying to hack my NAS. Where can I find a log of all IPs that have remotely tried to, or successfully accessed, my router, or any devices on my home network.

Is there a log somewhere of failed connections, or a log of successful connections, that I can review?

Thanks all.

You have to enable Logging on the Firewall page, then go to the System Log.
 
I'm not trying to hijack your thread, but wanted you to know, l just finished installing the latest stable build, posted yesterday, and within 1 hour l was hacked. Tomato leaves upnp off by default. It wasn't meant for the internet anyway. I can't figure out why l couldn't put a password larger then 10 digits, but that isn't large enough.
I also had an issue with my 2.4Ghz band being unusable. I think Merlin's work is awesome, but it seems like we all have to find a build that works for us(our router, our condition our area.
(I'm not a programmer but an IT Pro with 20 years.)
For now I'm going back to tomato. I like what Merlin is doing, l just need to study it more to properly imploment.
 
You have to enable Logging on the Firewall page, then go to the System Log.

I did do this, but the system log is just one massive chain of lines of text. Its really hard to decipher without reading it line for line (i.e. router turned on, packet sent, IP assigned etc). I want to be able to bring up a list of failed login attempts into the router itself to see if anyone is trying to hack it. I also just want to see a list of extenal IPs that have accessed my network successfully. Is this possible? Thanks.
 
Do you think your router is being hacked or your computer is being hacked. I would think that the settings from the administration - system settings page would protect your router because it would be unreachable from the net.
 
Do you think your router is being hacked or your computer is being hacked. I would think that the settings from the administration - system settings page would protect your router because it would be unreachable from the net.

I need to access my router from offsite and opened it to the net. Its password protected, but uses http not https. Its fricken fail I know, but I need access to the router remotely and why Asus doesnt use https is beyond me. But thats why I want to check the logs to keep an eye on things. Is there a simple UI that summarizes this info?

My NAS was constantly getting hack attempts. I've fixed that problem. I want to now see if any other PCs or devices on my network are receiving traffic from external PCs, and I want to check if my router has been compromised. But the Asus log screen is a cluster. Is there a smarter way to do this?
 
I need to access my router from offsite and opened it to the net. Its password protected, but uses http not https. Its fricken fail I know, but I need access to the router remotely and why Asus doesnt use https is beyond me.

The router supports both HTTP and HTTPS, you just have to enable it.

Personally, I would go with a VPN solution if you need remote access. Anything else is asking for trouble security-wise. And then move it to a non-standard port, so a standard IP scanner won't find it.

The router doesn't sport IPS, so the best it can do is tell you who is trying to connect with you. Anything beyond that will require a business-class product.
 
The router supports both HTTP and HTTPS, you just have to enable it.

Personally, I would go with a VPN solution if you need remote access. Anything else is asking for trouble security-wise. And then move it to a non-standard port, so a standard IP scanner won't find it.

The router doesn't sport IPS, so the best it can do is tell you who is trying to connect with you. Anything beyond that will require a business-class product.

Thanks for the info. Where do I enable HTTPS support for router access remotely? I will look into a VPN too.
 
It is here:
Advanced Settings>Administration>System
Miscellaneous>Authentication Method
Is it wise to experiment with remote access or VPN if you overlooked this?...
 
It is here:
Advanced Settings>Administration>System
Miscellaneous>Authentication Method
Is it wise to experiment with remote access or VPN if you overlooked this?...

Thank you for this. I will check it out tonight. I need to have remote access to my router for various reasons, but only randomly. If I were accessing it everyday I would have been more careful.

Is there a way to add a single IP address that can access the router remotely (i.e. a one IP address white list?). That way I wont have to worry about other IPs trying to gain access. Thank you for your help.
 
Thank you for this. I will check it out tonight. I need to have remote access to my router for various reasons, but only randomly. If I were accessing it everyday I would have been more careful.

Is there a way to add a single IP address that can access the router remotely (i.e. a one IP address white list?). That way I wont have to worry about other IPs trying to gain access. Thank you for your help.

You really need to start looking at that page he pointed out, the whitelist is also right there ;)

Make sure you also whitelist a LAN device.
 
Thank you for this. I will check it out tonight. I need to have remote access to my router for various reasons, but only randomly. If I were accessing it everyday I would have been more careful.

Is there a way to add a single IP address that can access the router remotely (i.e. a one IP address white list?). That way I wont have to worry about other IPs trying to gain access. Thank you for your help.

Only randomly? lol

I accidently sent my Yahoo email username and password unencrypted over the internet one time (once). Three days later my Yahoo email was hacked. Coincidence? My password is 16 characters: upper/lower case letters, numbers and special characters. Right when I accidentally sent my username/password, I told myself I better change my password. But I got lazy and procrastinated.......and got hacked within 72 hours.

When you send a username and password over the internet without encryption, I can promise you that someone (or some bot) is snooping it.
 
You really need to start looking at that page he pointed out, the whitelist is also right there ;)

Make sure you also whitelist a LAN device.

Ok I will look for it, thank you. Yeah, when I set things up a while back, Asus never had HTTPS. I must have updated the firmware at some point but didnt realize they added the capability. If I could add a white list and use HTTPS, then that will be perfect.
 
Ok I will look for it, thank you. Yeah, when I set things up a while back, Asus never had HTTPS. I must have updated the firmware at some point but didnt realize they added the capability. If I could add a white list and use HTTPS, then that will be perfect.

They indeed added HTTPS at some point down the line, originally it wasn't included.
 
They indeed added HTTPS at some point down the line, originally it wasn't included.

Ahhh good to know, thanks! Do you know if the RT-N56U has it. I have to setup two different routers. One I got right, the 66U and that's working fine. The other I tried but the HTTPS option wasnt in the settings. I then tried to update the firmware and now can't get access to the router (I need to sit down with someone on the other end to fix this).

BUT, my question is, if I update the 56U to the latest firmware, will it have the HTTPS setting in the admin tab for accessing the router over WAN/remotely. Are you guys sure that the RT-N56U has the HTTPS option?

Thanks guys.
 
Ahhh good to know, thanks! Do you know if the RT-N56U has it. I have to setup two different routers. One I got right, the 66U and that's working fine. The other I tried but the HTTPS option wasnt in the settings. I then tried to update the firmware and now can't get access to the router (I need to sit down with someone on the other end to fix this).

BUT, my question is, if I update the 56U to the latest firmware, will it have the HTTPS setting in the admin tab for accessing the router over WAN/remotely. Are you guys sure that the RT-N56U has the HTTPS option?

I don't know, I don't have an RT-N56U. But since it's based on Asuswrt, I see no reason for Asus not to have enabled support for it on that model, unless they were seriously short on flash space. Make sure you do have an up-to-date version of the FW.
 
Hi,
I am still curious as to where routers web interface access authentication is logged, successful and/or unsuccessful - if at all.
I think this was one of the original questions asked by TS.

/T
 
I don't know, I don't have an RT-N56U. But since it's based on Asuswrt, I see no reason for Asus not to have enabled support for it on that model, unless they were seriously short on flash space. Make sure you do have an up-to-date version of the FW.

As of .3754, or .3879 not enabled in AsusWRT for the N56U. Check Padavan or OpenWRT
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top