weird router logs help please

BloodFX · Oct 11, 2018

Hi i just installed 374.43_36E4j9527 on to my n66u and after a couple of days of using it I found this by accident and the weird thing is its coming from my own ip address?

Oct 11 13:50:50 HTTP_login: login 'SPOOLMAN' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
Oct 11 13:50:50 HTTP_login: login 'SSA' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'storwatch' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'stratacom' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'super' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'super' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 15 times. The newest one was from 10.1.11.12.
Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 15 times. The newest one was from 10.1.11.12.
Oct 11 13:50:50 HTTP_login: login 'super.super' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'super.super' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'superman' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'superuser' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: login 'superuser' failed from 10.1.11.12:80
Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 20 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 20 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: login 'superuser' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'supervisor' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'sysadm' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'sysadm' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'SYSADM' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 25 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 25 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: login 'sysadmin' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'sysadmin' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'SYSDBA' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'target' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'teacher' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 30 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 30 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: login 'tech' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'tech' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'telecom' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'R45_c4561-RT190-Hj89' successful from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'temp1' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'tiger' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'TMAR#HWMT8007079' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'topicalt' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 5 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 5 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: login 'topicnorm' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'topicres' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'User' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'user' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'vcr' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
Oct 11 13:50:51 HTTP_login: login 'vt100' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'wlse' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'WP' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'write' failed from 10.1.11.12:80
Oct 11 13:50:51 HTTP_login: login 'xd' failed from 10.1.11.12:80

thelonelycoder · Oct 11, 2018

Might want to check what's on the device with the IP.

BloodFX · Oct 11, 2018

Its my own pc I don't get it?

Is my routers ip a valid ip address 10.1.11.1 ?

thelonelycoder · Oct 11, 2018

BloodFX said:
Its my own pc I don't get it?

Does the word spam, malware or rootkit ring a bell?

BloodFX · Oct 11, 2018

so i'm infected?

I have run roguekiller malwarebytes antirootkit eset preimum scan all are clean

ColinTaylor · Oct 11, 2018

BloodFX said:
so i'm infected?

Either that or you are running some vulnerability scanning software against your router. It looks like the user/password list is from this ESET project.

thelonelycoder · Oct 11, 2018

Your IP is within the private range, so that is OK.
For the scanner that apparently runs from 10.1.11.12 you'll have to figure out yourself.

BloodFX · Oct 11, 2018

ColinTaylor said:
Either that or you are running some vulnerability scanning software against your router. It looks like the user/password list is from this ESET project.

Would it be the eset connected home network monitor by any chance it scans the network for devices?

ColinTaylor · Oct 11, 2018

BloodFX said:
Would it be the eset connected home network monitor by any chance it scans the network for devices?

I'd never heard of that before but it seems likely reading this. If you initiate a scan manually and then check the logs you can see if the timestamps match up.

BloodFX · Oct 11, 2018

ColinTaylor said:
I'd never heard of that before but it seems likely reading this. If you initiate a scan manually and then check the logs you can see if the timestamps match up.

Ah I think it is I changed back to http login instead of https and did an eset nework scan and its spammed the messages instantly abnormal login detected.

Why is it trying to login to my router without my permission lol ?

thelonelycoder · Oct 11, 2018

BloodFX said:
Why is it trying to login to my router without my permission lol ?

To keep you and us entertained?
Looks like it would report to you if default login settings are found.

BloodFX · Oct 11, 2018

thelonelycoder said:
To keep you and us entertained?
Looks like it would report to you if default login settings are found.

Lol thanks for your help anyway all of you.

Thread starter	Title	Forum	Replies	Date
I	Unable to connect to VPN with specific ISP (and more weird symptoms)	Asuswrt-Merlin	5	Sep 12, 2023
M	Solved Weird destination ip when connecting to a subnet	Asuswrt-Merlin	3	Sep 5, 2023
	ZenWifi XT8 w/ Gnuton, weird Wifi Issues	Asuswrt-Merlin	30	Jul 1, 2023
G	Weird Issue on Asus speed test vs Desktop Speed test	Asuswrt-Merlin	12	Jun 3, 2023
J	XT8 Weird backhaul signal issue on 388.1_0-gnuton1	Asuswrt-Merlin	2	May 25, 2023
S	Prevent client from connecting to router but allow connection to internet via access point	Asuswrt-Merlin	4	Tuesday at 3:11 PM
	Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP	Asuswrt-Merlin	1	Apr 15, 2024
H	Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300.	Asuswrt-Merlin	5	Apr 12, 2024
	Router DNS returning Refused	Asuswrt-Merlin	2	Apr 6, 2024
	Router threw a wobbla - "Top" info in syslog?	Asuswrt-Merlin	0	Apr 5, 2024

Search

Search

weird router logs help please

BloodFX

Regular Contributor

thelonelycoder

Part of the Furniture

BloodFX

Regular Contributor

thelonelycoder

Part of the Furniture

BloodFX

Regular Contributor

ColinTaylor

Part of the Furniture

thelonelycoder

Part of the Furniture

BloodFX

Regular Contributor

ColinTaylor

Part of the Furniture

BloodFX

Regular Contributor

thelonelycoder

Part of the Furniture

BloodFX

Regular Contributor

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online