What's new

Errors and language change, was I hacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mr-nobody

New Around Here
Hi.

Yesterday I received some error messages from my Asus AC68U running Merlin 384.19
Among them was:
failed to write /var/lib/misc/dnsmasq.leases: No space left on device (retry in 60s)

When I logged into the router it it has changes the language setting to some sort of Asian, maybe Korean?
Also the 5Ghz was suddenly activated, normally it is not.

I have attached the log entry's, can anyone figure out if I was hacked or what might have happened?
Thanks...
 
Your attachment is missing so can't be read.

It could be your router has run out of space and become corrupted.

First question in this situation is are you allowing remote access? Do you have Administration >SYSTEM > Remote Access > "Enable Web Access from WAN " set to allow/yes? If so that is your problem and you will need to fully reset your router and change username and password.

>> My router got hacked <<

Security

Q: My router got hacked, language is now Korean, etc... What do I do?
A: Restore to factory default, and this time make sure you don't open your webui to the WAN interface. Use a VPN if you need remote access to your router.
 
Your attachment is missing so can't be read.

It could be your router has run out of space and become corrupted.

First question in this situation is are you allowing remote access? Do you have Administration >SYSTEM > Remote Access > "Enable Web Access from WAN " set to allow/yes? If so that is your problem and you will need to fully reset your router and change username and password.

>> My router got hacked <<

I have uploaded the log file.
No, I do not have remote access enabled.
 
You reported exactly the same thing two years ago: http://www.snbforums.com/threads/po...assistant-from-senior-users.45597/post-403569

Your log file looks like it was taken from a remote syslog server. If so can you upload the original syslog taken from the router.

Has the router's PPTP VPN server been enabled?

The dnsmasq errors are caused by your router running out of memory. What third party scripts have you installed?
 
Last edited:
Yes, I had a similar issue two years ago, but at that time I think it was a known security issue with Asus iPhone app automatically enabling the VNP setting?
The logs are from a syslog server running om my Synology nas.
I have previously used the OpenVPN but I am not using it now.
I have attached the logfile directly from the router. The date sorting is a mess, not sure if it is normal or a timeformat issue?
I run no third party scripts to my knowledge?
 

Attachments

  • syslog.txt
    386.7 KB · Views: 148
Unfortunately it looks like you've changed the router's logging level such that it's suppressing all of the information that would be useful. I suggest that you change the syslog levels back to their defaults, reboot the router and check the log again.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top