1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

weird router logs help please

Discussion in 'Asuswrt-Merlin' started by BloodFX, Oct 11, 2018.

  1. BloodFX

    BloodFX Occasional Visitor

    Joined:
    Jul 31, 2018
    Messages:
    11
    Hi i just installed 374.43_36E4j9527 on to my n66u and after a couple of days of using it I found this by accident and the weird thing is its coming from my own ip address?

    Oct 11 13:50:50 HTTP_login: login 'SPOOLMAN' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:50 HTTP_login: login 'SSA' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'storwatch' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'stratacom' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'super' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'super' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 15 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 15 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:50 HTTP_login: login 'super.super' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'super.super' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'superman' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'superuser' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: login 'superuser' failed from 10.1.11.12:80
    Oct 11 13:50:50 HTTP_login: Detect abnormal logins at 20 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 20 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: login 'superuser' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'supervisor' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'sysadm' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'sysadm' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'SYSADM' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 25 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 25 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: login 'sysadmin' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'sysadmin' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'SYSDBA' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'target' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'teacher' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 30 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 30 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: login 'tech' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'tech' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'telecom' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'R45_c4561-RT190-Hj89' successful from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'temp1' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'tiger' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'TMAR#HWMT8007079' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'topicalt' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 5 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 5 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: login 'topicnorm' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'topicres' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'User' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'user' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'vcr' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: Detect abnormal logins at 10 times. The newest one was from 10.1.11.12.
    Oct 11 13:50:51 HTTP_login: login 'vt100' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'wlse' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'WP' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'write' failed from 10.1.11.12:80
    Oct 11 13:50:51 HTTP_login: login 'xd' failed from 10.1.11.12:80
     
  2. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,679
    Location:
    Switzerland
    Might want to check what's on the device with the IP.
     
  3. BloodFX

    BloodFX Occasional Visitor

    Joined:
    Jul 31, 2018
    Messages:
    11
    Its my own pc I don't get it?

    Is my routers ip a valid ip address 10.1.11.1 ?
     
  4. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,679
    Location:
    Switzerland
    Does the word spam, malware or rootkit ring a bell?
     
  5. BloodFX

    BloodFX Occasional Visitor

    Joined:
    Jul 31, 2018
    Messages:
    11
    so i'm infected?

    I have run roguekiller malwarebytes antirootkit eset preimum scan all are clean
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,958
    Location:
    UK
    Either that or you are running some vulnerability scanning software against your router. It looks like the user/password list is from this ESET project.
     
    thelonelycoder likes this.
  7. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,679
    Location:
    Switzerland
    Your IP is within the private range, so that is OK.
    For the scanner that apparently runs from 10.1.11.12 you'll have to figure out yourself.
     
  8. BloodFX

    BloodFX Occasional Visitor

    Joined:
    Jul 31, 2018
    Messages:
    11
    Would it be the eset connected home network monitor by any chance it scans the network for devices?
     
  9. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,958
    Location:
    UK
    I'd never heard of that before but it seems likely reading this. If you initiate a scan manually and then check the logs you can see if the timestamps match up.
     
  10. BloodFX

    BloodFX Occasional Visitor

    Joined:
    Jul 31, 2018
    Messages:
    11
    Ah I think it is I changed back to http login instead of https and did an eset nework scan and its spammed the messages instantly abnormal login detected.

    Why is it trying to login to my router without my permission lol ?
     
  11. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,679
    Location:
    Switzerland
    To keep you and us entertained?
    Looks like it would report to you if default login settings are found.
     
    skeal likes this.
  12. BloodFX

    BloodFX Occasional Visitor

    Joined:
    Jul 31, 2018
    Messages:
    11
    Lol thanks for your help anyway all of you. :)