What's new

ASUS DSL-AC68U - unknown VPN user in list - hacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thomas Wagner

New Around Here
I am running an Asus DSL AC-68U.
VPN and remote admin access are enabled.
Access is via a DynDNS provider.

I recently noticed that my VPN user list contains a user I never knowingly set up (user name is "i6007475").
I deleted the user and changed my admin pass word.
Today I notice that the user appears again.
See screen shot attached.

I cannot find any activity with that user name in my log file (last three weeks or so).

Is that some kind of default user set up by the system or does it mean I have been hacked and someone set up the new user?
 

Attachments

  • Unbenannt.jpg
    Unbenannt.jpg
    90.6 KB · Views: 607
This looks very similar to the hacks that were reported here. Although in your case the language doesn't appear to have been changed to Korean. That might be because you're running a slightly different hardware/firmware setup.

Did you have web access to the router from the WAN enabled?

Did it also create a random DDNS name?

If I were you I'd immediately perform a factory reset followed by a manual reconfigure of the router. Don't expose any router services to the internet unless you absolutely have to, and never expose the web interface because it's known to be hackable.

PPTP is also regarded as an insecure protocol so OpenVPN should be used instead.
 
Thanks for getting back! My answers below fyi.

This looks very similar to the hacks that were reported here. Although in your case the language doesn't appear to have been changed to Korean. That might be because you're running a slightly different hardware/firmware setup.

Did you have web access to the router from the WAN enabled?
>> Yes, have disabled now

Did it also create a random DDNS name?
>> No, it didn't as far as i can tell (there is onle the one I set up and am not aware that multible DDNS accounts are supported - are they? Where would I see additional ones?)

If I were you I'd immediately perform a factory reset followed by a manual reconfigure of the router. Don't expose any router services to the internet unless you absolutely have to, and never expose the web interface because it's known to be hackable.
>>Will do and disabled WAN access for admin page.

PPTP is also regarded as an insecure protocol so OpenVPN should be used instead.
>>Will look into that
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top