Asus RT-AC66U DNS hacking

Mpuk7

Occasional Visitor
Excellent, thanks all - I'm up and running on the Merlin firmware, factory reset, new password and everything manually reconfigured with no web or DDNS set up. Fingers crossed that's the last time I have this issue :)
 

loftshed

New Around Here
So glad I found this thread! Just had the exact same thing happen to me. eBay has been giving me errors all week, kept bumping me back to a suspiciously bare login page, so I opened command prompt, pinged it, and discovered that it had been redirecting to 185.183.96.174. Googled that IP address and ended up here.

...looked through my system logs and found a few abnormal login attempts as of March 7th, as well as a long string of "dnsmasq[293]: failed to send packet: Resource temporarily unavailable" in early January (not sure if that's relevant). Also, looking through the logs, the timestamps appear to jump back and forth between the actual date and Jul 31st.

I've installed the Asuswrt-merlin firmware and did a factory reset and now everything works fine, but I really have no idea how long this has been going on. I do use unique, randomly generated passwords and 2FA for just about everything, and there's no suspicious activity in either my eBay or Paypal accounts but I still feel a little unsettled. Should I be going through everything I've used in the last 6 months and changing it?
 

Attachments

ColinTaylor

Part of the Furniture
Same thing reported here.

It has some good information showing that it was trying to steal login details for: amazon.com, apple.com, ebay.com, instagram.com, netflix.com and walmart.com. So if you logged in to any of those sites I suggest you change your password immediately together anything else that uses the same login details.
 

Mpuk7

Occasional Visitor
This does seem to be a new threat by the sounds of it with people reporting it on twitter etc. I didn't know how best to report it for investigation, I passed details on to Actionfraud (Met Police in the UK) as well as to the ISP in Holland. I also reported to Comcast the failed logins from the US IPs but got a response telling me to call them. Asus were as helpful as a chocolate teapot, just some scripted response with basic fixes and no genuine interest in investigating the issue or referring it.
My first suspicion was the ebay app on my phone reporting a connection problem which didn't happen when I switched to 4G then on my laptop it kept saying eBay had a certificate error with the option to proceed which I didn't as heavily suspect and checked the secure ebay site on my phone over 4G with no issues.

Will be interesting to see where things go on this...
 

gatorback

Regular Contributor
This does seem to be a new threat by the sounds of it with people reporting it on twitter etc. I didn't know how best to report it for investigation, I passed details on to Actionfraud (Met Police in the UK) as well as to the ISP in Holland. I also reported to Comcast the failed logins from the US IPs but got a response telling me to call them. Asus were as helpful as a chocolate teapot, just some scripted response with basic fixes and no genuine interest in investigating the issue or referring it.
My first suspicion was the ebay app on my phone reporting a connection problem which didn't happen when I switched to 4G then on my laptop it kept saying eBay had a certificate error with the option to proceed which I didn't as heavily suspect and checked the secure ebay site on my phone over 4G with no issues.

Will be interesting to see where things go on this...
Is it possible to replace the suspect router with a new device? It would be interesting to see if you experience the same symptoms. I would expect that there will be a VPNFilter - router test in the future, which could be applied to the suspect device.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top