Errors and language change, was I hacked?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

mr-nobody

New Around Here
Hi.

Yesterday I received some error messages from my Asus AC68U running Merlin 384.19
Among them was:
failed to write /var/lib/misc/dnsmasq.leases: No space left on device (retry in 60s)

When I logged into the router it it has changes the language setting to some sort of Asian, maybe Korean?
Also the 5Ghz was suddenly activated, normally it is not.

I have attached the log entry's, can anyone figure out if I was hacked or what might have happened?
Thanks...
 

AndreiV

Very Senior Member
Your attachment is missing so can't be read.

It could be your router has run out of space and become corrupted.

First question in this situation is are you allowing remote access? Do you have Administration >SYSTEM > Remote Access > "Enable Web Access from WAN " set to allow/yes? If so that is your problem and you will need to fully reset your router and change username and password.

>> My router got hacked <<

Security

Q: My router got hacked, language is now Korean, etc... What do I do?
A: Restore to factory default, and this time make sure you don't open your webui to the WAN interface. Use a VPN if you need remote access to your router.
 

mr-nobody

New Around Here
Your attachment is missing so can't be read.

It could be your router has run out of space and become corrupted.

First question in this situation is are you allowing remote access? Do you have Administration >SYSTEM > Remote Access > "Enable Web Access from WAN " set to allow/yes? If so that is your problem and you will need to fully reset your router and change username and password.

>> My router got hacked <<

I have uploaded the log file.
No, I do not have remote access enabled.
 

ColinTaylor

Part of the Furniture
You reported exactly the same thing two years ago: http://www.snbforums.com/threads/po...assistant-from-senior-users.45597/post-403569

Your log file looks like it was taken from a remote syslog server. If so can you upload the original syslog taken from the router.

Has the router's PPTP VPN server been enabled?

The dnsmasq errors are caused by your router running out of memory. What third party scripts have you installed?
 
Last edited:

mr-nobody

New Around Here
Yes, I had a similar issue two years ago, but at that time I think it was a known security issue with Asus iPhone app automatically enabling the VNP setting?
The logs are from a syslog server running om my Synology nas.
I have previously used the OpenVPN but I am not using it now.
I have attached the logfile directly from the router. The date sorting is a mess, not sure if it is normal or a timeformat issue?
I run no third party scripts to my knowledge?
 

Attachments

  • syslog.txt
    386.7 KB · Views: 54

ColinTaylor

Part of the Furniture
Unfortunately it looks like you've changed the router's logging level such that it's suppressing all of the information that would be useful. I suggest that you change the syslog levels back to their defaults, reboot the router and check the log again.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top