1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

ASUS DSL-AC68U - unknown VPN user in list - hacked?

Discussion in 'VPN' started by Thomas Wagner, Jun 21, 2018.

Tags:
  1. Thomas Wagner

    Thomas Wagner New Around Here

    Joined:
    Jul 3, 2016
    Messages:
    5
    I am running an Asus DSL AC-68U.
    VPN and remote admin access are enabled.
    Access is via a DynDNS provider.

    I recently noticed that my VPN user list contains a user I never knowingly set up (user name is "i6007475").
    I deleted the user and changed my admin pass word.
    Today I notice that the user appears again.
    See screen shot attached.

    I cannot find any activity with that user name in my log file (last three weeks or so).

    Is that some kind of default user set up by the system or does it mean I have been hacked and someone set up the new user?
     

    Attached Files:

  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    5,715
    Location:
    UK
    This looks very similar to the hacks that were reported here. Although in your case the language doesn't appear to have been changed to Korean. That might be because you're running a slightly different hardware/firmware setup.

    Did you have web access to the router from the WAN enabled?

    Did it also create a random DDNS name?

    If I were you I'd immediately perform a factory reset followed by a manual reconfigure of the router. Don't expose any router services to the internet unless you absolutely have to, and never expose the web interface because it's known to be hackable.

    PPTP is also regarded as an insecure protocol so OpenVPN should be used instead.
     
    Billy Chaney and daviworld like this.
  4. Thomas Wagner

    Thomas Wagner New Around Here

    Joined:
    Jul 3, 2016
    Messages:
    5
    Thanks for getting back! My answers below fyi.

     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!