Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[j0ndgreen]

My DSL modem has been hacked resulting in the DNS servers resolving the majority of web page requests to a URL of the ad shortening service "adfoc.us", which in turn redirects to explicit adult content.

There's no apparent sign of any configuration changes in the modem admin. The DNS settings were set to "Obtain DNS server address automatically". I've now changed these to use Open DNS servers rather than my ISP (PlusNet in the UK). This has improved, though not completely resolved the issue. PlusNet have confirmed this is a security exploit affecting the modem as opposed to it being any issue with their network (or any device on my local network).

Has anyone else experienced this or similar? If so, does anyone know how can it be resolved? The firmware I'm using is v1.05 and the product revision is Z1, though frustratingly, the D-LINK download page for the product is not offering any link for firmware (http://www.dlink.com/uk/en/support/product/dsl-320b-adsl-2-ethernet-modem?revision=deu_revz#downloads). Does anyone know what the latest firmware version is and where it can be downloaded?

Many thanks

[FurryNutz]

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

[j0ndgreen]

Thanks for the response and advice.

I'd already mailed them before I read this and reset the modem to factory defaults which has fixed the problem. As I've also today ordered a fibre connection from my provider, it's unlikely I'll pursue this any further though I will post back with any response they give via email.

[FurryNutz]

Ok, I see there isn't any updates either as I think this is a new product. I recommend phone contacting them in the future if you see any further problems.

Good Luck.

[j0ndgreen]

They sent me a WeTransfer link (so not publicly accessible) to v1.07 of the firmware with instructions on how to install.

They did not give any comment on the exploit I experienced.

[FurryNutz]

Update the FW and let us know how it turns out.

[j0ndgreen]

It already appeared to be fixed by a prior factory reset. I'm assuming the firmware update (which is now installed) includes protection against that exploit.

[FurryNutz]

Ok, it should work. IF not, update FW using this in the future if you need too:
 FW Update Process

Enjoy. 

[Jeromex]

I got the same problem with DSL-320B Z1
What can I do ? I

[FurryNutz]

What region are you located?
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

I got the same problem with DSL-320B Z1
What can I do ? I

[Jeromex]

What region are you located?
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

Hello, I am located in France.

I believe having solved the problem though. But with a doubt.
I do not agree with the begining of this topic, the author resetting the modem is a bad idea.
On the contrary I think the problem is the default setting on accepting some incoming WAN requests. I disabled this but strangely the Wan settings page don't appear again.
So now I am stealth according GRC ShiedsUp Tests as before with my ancient USB ADSL modem, and with a permanent open D-LinK Status Page I can control the problem is fixed, unless temporarily.
I got non infection in that period in what is possible to detect now.

[Jeromex]

I add that I also put the 2 DNS of my FAI in the DNS settings on the modem and on Windows, because the prescriptions of D-link (put as DNS only one local network adress) is bad viewed by the GRC  DNSCheck.

[FurryNutz]

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.