Need help with internet security

[Claire F]

Hi there,
I am not sure if this is the right place to post this question, so I apologise if it does not belong here.

I have been having trouble with hackers in the past two weeks, using up all of my internet. I think that this is the case because I have internet trackers on all the devices that I have been using, and the total amount recorded by my internet trackers does not add up to the amount that my internet provider says that I have used (by a long shot). The extra usage is mostly uploads, 500 - 700 mB per hour, every hour, even when we're asleep, or at work.

I have changed my password, several times, but they keep getting back in. I also rang up my internet provider - they told me that it was my fault, but they changed my IP address. I have also been looking online for tips, and found that I should disable WPS, which I have done. I have also disabled SSID broadcasting.

I have a Netcomm N300 modem, which is attached to another box labelled Cisco DPC3008, which is plugged into the wall. I turned off the Netcomm N300 last night, and it was off until I got home from work today, but my internet provider still says that I used 150mB of downloads in that time (but no uploads). I don't understand how anything could have been downloaded if the wireless modem was switched off.

I have also been looking through the advanced settings of my modem, to see if there is anything else that should be enabled/disabled to make my network as secure as possible. I have tried to use google to figure out what these things mean, but I am unsure:
The following settings are DISABLED: Dynamic DNS, Qos, SNMP, Dynamic routing and static routing, TR-069.
The following setting is ENABLED: IPv6

If you have any recommendations on how I can make my internet as secure as possible, I would be hugely grateful. In the country where I live, internet often has data caps, so I am charged extra for every Gb I use above 80Gb a month. So this has really been stressing me out, because I can't afford to pay for someone else to be illegally using my internet.

I also wonder if, once they'd hacked it once, that made it easier to get back in again? The first time I changed the password, it took three days before they got back in, but I changed the password again last night, and they seemed to get back in within a few hours.

Thank you in advance for any help you can give,

Claire.

 

[System Error Message]

When your modem is detached data still comes in but times out though your ISP logs it against your account. Hence the download data usage would be your ISP's fault for registering data that never reached its destination.

It is very likely you have malware in your network and possibly you may have compromised computers which might be part of some botnet. You could try using a router like ASUS AC87U or AC3200 that have antivirus in them or even routerOS or the like that has a firewall capable of performing tarpit but it requires a lot of skill and knowledge to configure and detect the illegal traffic. I strongly suggest you format your devices and use a proper antivirus (like avast, eset and the like, not some random internet ones), a good firewall and avoid questionable sites. Im sure many here can recommend thrustworthy antivirus and firewalls. If your devices are all cleaned and you still get the same problem than your modem or networking gear could be compromised which the only solution for it is SFP and a professional router. There may be some modems that arent as vulnerable but i do not know any brands or models in that area.

Also check the software you have installed that they arent uploading data. If your on really restrictive internet you really need to configure all your computers and devices and softwares you have on them to use as little internet as you possibly can. Pfsense has cache and mikrotik routerOS does but routerOS cache and proxy isnt as good as pfsense. Cache can help reduce internet bandwidth usage.

Make sure to do a clean wipe and change passwords and if it still happens change your networking gear. Dont look at cisco unless you are willing to spend more than $1K as their devices below that price have the same design and flaws as consumer variants.

 

[Claire F]

Thank you for your reply.

The anti-virus I use is TrendMicro (one I paid for, not a random internet one). I ran a full scan yesterday (took almost an hour) and it came up with nothing. Though if there were malware on my computer, I would have thought that any uploads/downloads that it uses would still be recorded by my internet tracker. Is this not the case? As I said above, the amount recorded by my internet usage tracker was well below the amount recorded by my ISP.

I was also told that sometimes modems can "leak" - a hardware fault can cause them to keep sending out the same information over and over again, often not sending it anywhere. I am currently using my internet with wireless turned off - this way I figure that any extra usage that shows up from now on must either be from malware, or from this "leaking", as hackers shouldn't be able to get through.

Thanks for your advice regarding cisco also. If it does turn out to be a hardware fault, I will make sure to stay away from their products.

Thanks again,
Claire.