• May 17, 2025, 02:08:30 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-655 compromised?  (Read 4444 times)

nategrim

  • Level 1 Member
  • *
  • Posts: 3
DIR-655 compromised?
« on: May 14, 2010, 12:12:01 PM »
Greetings,

I have been watching my logs and I am noticing that someone is trying to access the https on the router itself.  I have disabled this and set the rules to deny all connections from the internet for remote management of the router.  About 10 minutes later, the router was reset and https was enabled again.

After this happened, I looked at the logs.  They again started to access https.

I would appreciate any information.  Thank you for your time and patience.

Regards,

Nate
« Last Edit: May 14, 2010, 07:46:13 PM by nategrim »
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: DIR-655 compromised?
« Reply #1 on: May 15, 2010, 12:27:51 PM »
Post some logs please.
Logged
DIR-655 H/W: A2 FW: 1.33

Sammydad1

  • Level 5 Member
  • *****
  • Posts: 722
Re: DIR-655 compromised?
« Reply #2 on: May 16, 2010, 12:19:54 AM »
Hi,

Unplug your WAN connection and do a hard reset (or two) on the router.  Then re-do your settings by hand..do not re-use a saved file....

save all your settings and reboot as the router as instructed by the screen....

 DO change your admin password to something more complex and write it down.

DO set up your wireless encryption properly with WPA2 and AES !! And use a more complex wpa2 password.

Only once you are fully re-setup, should you reboot your ISP modem and reconnect it to your router.
Logged
DIR-655 A2, FW: 1.35NA

kthaddock

  • Level 3 Member
  • ***
  • Posts: 263
Re: DIR-655 compromised?
« Reply #3 on: May 16, 2010, 12:29:19 AM »
Use this password generator:
https://www.grc.com/passwords.htm

choose 63 random printable ASCII characters:

good luck !
Logged
ASUS RT-N16  FW: DD-WRT v24 17140-vpn M NEWD-2 K2.6 -kong.
DIR-655 H/W: A3 FW: 1.31EUB02 This FW is working !
Never argue with a burk. They drag you down to their level and then beat you with experience
Di-624+ FW: 2.10

nategrim

  • Level 1 Member
  • *
  • Posts: 3
Re: DIR-655 compromised?
« Reply #4 on: May 20, 2010, 10:28:08 PM »
Quote from: nategrim on May 14, 2010, 12:12:01 PM
Greetings,

I have been watching my logs and I am noticing that someone is trying to access the https on the router itself.  I have disabled this and set the rules to deny all connections from the internet for remote management of the router.  About 10 minutes later, the router was reset and https was enabled again.

After this happened, I looked at the logs.  They again started to access https.

I would appreciate any information.  Thank you for your time and patience.

Regards,

Nate
Quote from: EddieZ on May 15, 2010, 12:27:51 PM
Post some logs please.

Quote from: Sammydad1 on May 16, 2010, 12:19:54 AM
Hi,

Unplug your WAN connection and do a hard reset (or two) on the router.  Then re-do your settings by hand..do not re-use a saved file....

save all your settings and reboot as the router as instructed by the screen....

 DO change your admin password to something more complex and write it down.

DO set up your wireless encryption properly with WPA2 and AES !! And use a more complex wpa2 password.

Only once you are fully re-setup, should you reboot your ISP modem and reconnect it to your router.

I apologize for no update.  It seems to have stop resetting itself and the changes finally committed.  It took a full reset and password change.  Thank you for your suggestions. I will be watching the logs to see if it continues when we have less traffic.  Right now they are getting filled with other things.

Thank you again.

Nate
Logged