Menu
What's new
By:
Filters Better Search

Update RT-AC68U to 3.0.0.4.384_20624, got login attempts non-stop

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

Buzzly

New Around Here
Updated my working Ac68u, 1 router to 2 nodes aiMesh to 20624 firmware on 5/25. Rebooted all units and it worked fine.

But I checked the system log and found this. Look like it is a "break-in" attempt. And it started right after the firmware update.

Any explanation???

Yes. I am still using ADMIN as username

May 30 13:14:21 dropbear[24952]: Login attempt for nonexistent user from 60.229.32.161:58632
May 30 13:16:35 dropbear[25057]: Login attempt for nonexistent user from 115.231.9.131:54025
May 30 13:17:36 rc_service: httpd 265:notify_rc reset_vp_db
May 30 13:18:10 rc_service: httpd 265:notify_rc reset_mals_db
May 30 13:38:41 dropbear[25996]: Bad password attempt for 'admin' from 212.129.36.253:60801
May 30 13:38:46 dropbear[26006]: Bad password attempt for 'admin' from 212.129.36.253:60907
May 30 13:38:51 dropbear[26014]: Bad password attempt for 'admin' from 212.129.36.253:61133
May 30 13:38:54 dropbear[26016]: Login attempt for nonexistent user from 212.129.36.253:61313
May 30 13:38:57 dropbear[26018]: Login attempt for nonexistent user from 212.129.36.253:61426
May 30 13:45:21 dropbear[26283]: Login attempt for nonexistent user from 62.76.12.60:9224
May 30 14:11:34 dropbear[27333]: Bad password attempt for 'admin' from 113.254.71.194:46591
May 30 14:11:35 dropbear[27333]: Bad password attempt for 'admin' from 113.254.71.194:46591
May 30 14:11:35 dropbear[27333]: Bad password attempt for 'admin' from 113.254.71.194:46591
May 30 14:12:18 dropbear[27373]: Login attempt for nonexistent user from 185.51.214.35:48648
May 30 14:18:17 dropbear[27614]: Login attempt for nonexistent user from 119.28.77.70:52744
 
Looks like the normal hacking attempts you get when you have enabled SSH access from the WAN. Disable it.
 
I'm seeing the same thing. Unlikely that it coincides with the firmware update. Home router hack attempts have been all over the news the past few days thanks to Malware that has spread itself around, known as "VPN Filter".

Use a fairly lengthy complex password with numbers and special characters and it's highly unlikely that anyone will gain access to your router's admin UI.
 
Last edited:
You must log in or register to reply here.

Similar threads

E
5ghz just presumedly 'dead'
Replies
4
Views
666
L&LD
L&LD
K
Issue with system log for Asus AX88U
Replies
1
Views
1K
ColinTaylor
C
K
System log information
Replies
1
Views
1K
ColinTaylor
C
S
Multiple entries in log allocating the same ip to the same computer
2 3 4
Replies
78
Views
3K
Smokin_Joe
S
B
NFS sharing not working with 3004.388.4 on RT-AX88U
Replies
5
Views
738
Beherit
B
Similar threads
Thread starter Title Forum Replies Date
R Is Asus RT AX3000 v2 going to receive a firmware update? ASUSWRT - Official 15
G XD4 firmware update - still supported ASUSWRT - Official 3
J Asus RT-AX92U firmaware update failure and no wifi ASUSWRT - Official 3
G How to block certain DNS sites specifically Samsung to avoid update pushes ASUSWRT - Official 15
TheLyppardMan Auto update for RT-AX86U Pro ASUSWRT - Official 2
AntonK News "If you have one of these three Asus routers, update it right now" ASUSWRT - Official 3
B ASUS TUF-AX3000 No Firmware/Security Update Since February? ASUSWRT - Official 3
J Update Username/Password in ASUS Router App After changing these remotely by VPN ASUSWRT - Official 3
B AXE16000 unstable since update ASUSWRT - Official 2
T Solved Any way to programmatically update the ipv6 firewall? ASUSWRT - Official 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 629 (members: 27, guests: 602)
Top