Telkom Dlink 2750u Hacked

B

bees

Well-Known Member
Joined
Oct 23, 2004
Messages
490
Client complained about no internet. Went to site to find SSID changed to TELKOMHACKED, password still the same, and the Internet Connection (pppoe under WAN connection) completely gone.

Router's admin password wasn't on default. Support user's password however was still on TelkomDlink12345. Suppose that's how they got in. Telkom as ISP.

Just FYI to change support password as well when configuring these modems.
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,842
bees said:
Client complained about no internet. Went to site to find SSID changed to TELKOMHACKED, password still the same, and the Internet Connection (pppoe under WAN connection) completely gone.

Router's admin password wasn't on default. Support user's password however was still on TelkomDlink12345. Suppose that's how they got in. Telkom as ISP.

Just FYI to change support password as well when configuring these modems.
Click to expand...

Why was it open to remote access?

If not remote it means someone locally on the network did it.
 
prod

prod

Executive Member
Joined
Nov 11, 2009
Messages
6,132
bees said:
Client complained about no internet. Went to site to find SSID changed to TELKOMHACKED, password still the same, and the Internet Connection (pppoe under WAN connection) completely gone.

Router's admin password wasn't on default. Support user's password however was still on TelkomDlink12345. Suppose that's how they got in. Telkom as ISP.

Just FYI to change support password as well when configuring these modems.
Click to expand...

Exactly the same thing happened to me last week.
 
K

krustyrsa

Senior Member
Joined
Oct 16, 2015
Messages
626
prOd said:
Exactly the same thing happened to me last week.
Click to expand...

borro said:
same here
Click to expand...

damn o_O, just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,842
Isn't this the router with the DNS based vulnerability?

A firmware upgrade should sort it out.
 
K

krustyrsa

Senior Member
Joined
Oct 16, 2015
Messages
626
SauRoNZA said:
Isn't this the router with the DNS based vulnerability?

A firmware upgrade should sort it out.
Click to expand...

I think the latest firmware version is 1.65 on the telkom brand and 1.67 on the retail version, I might be mistaken.
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,842
krustyrsa said:
I think the latest firmware version is 1.65 on the telkom brand and 1.67 on the retail version, I might be mistaken.
Click to expand...

Don't have one so can't say.

But there was a very well known security vulnerability with these particular models.

****

Checked now and that problem was rather related to Internet slowing down to a crawl and users not being aware they got hacked.

In this case some bot hack tool was probably just fed the username and password.

All the more reason to put the retail firmware on if at all possible.
 
Last edited:
MickeyD

MickeyD

RIP
Joined
Oct 4, 2010
Messages
139,117
krustyrsa said:
damn o_O, just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.
Click to expand...

They are aware of it...
 
S

Si H

New Member
Joined
Sep 5, 2017
Messages
1
I had same issue over weekend. Reset all my passwords including router access codes. And hacked again 24 hours later. SSID changed to " Telkom Hacked" second time. So they can still access the D Link router. I think there are going to be a lot of people with the same problem....
 
B

bees

Well-Known Member
Joined
Oct 23, 2004
Messages
490
Si H said:
I had same issue over weekend. Reset all my passwords including router access codes. And hacked again 24 hours later. SSID changed to " Telkom Hacked" second time. So they can still access the D Link router. I think there are going to be a lot of people with the same problem....
Click to expand...


Is this even after you changed support password as well?

Which ISP you with?
 
schuits

schuits

Expert Member
Joined
Mar 7, 2013
Messages
1,950
This happened to me this weekend to.
At first I was worried it was a wireless hack which means someone who knows what they doing.

Anyway. Reset my password and what not, but clearly it can happen again.
I didn't know there was a support password, so I'll check that out tonight.
Also adding MAC filtering and will see if I can disable external access to the router.
Anything else we can do?

Alternatively I have an old Zyxel router I might swap to.
 
schuits

schuits

Expert Member
Joined
Mar 7, 2013
Messages
1,950
Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

There's a default support login on these modems. With the password as guess what...."support"!
(alternatively there's a default telkom password aswell)

I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

ftp://ftp.d-link.co.za/DSL/DSL-2750...n T/T1/DSL-2750U_Firmware_AF_1.76_R01 LATEST/
 
Last edited:
R

ranger

Expert Member
Joined
May 2, 2007
Messages
2,062
krustyrsa said:
damn o_O, just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?
Click to expand...

How would this be related?

(In case you misunderstand me, no, there is now way RADIUS relates to this).

[/QUOTE]
..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.[/QUOTE]

MickeyD seems to think they are aware of it.

It may not necessarily be useful to discuss workarounds yet.
 
backstreetboy

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
37,552
schuits said:
Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

There's a default support login on these modems. With the password as guess what...."support"!
(alternatively there's a default telkom password aswell)

I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

ftp://ftp.d-link.co.za/DSL/DSL-2750...n T/T1/DSL-2750U_Firmware_AF_1.76_R01 LATEST/
Click to expand...
Did that when I first got the router already. Stock firmware ftw!
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,842
schuits said:
Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

There's a default support login on these modems. With the password as guess what...."support"!
(alternatively there's a default telkom password aswell)

I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

ftp://ftp.d-link.co.za/DSL/DSL-2750...n T/T1/DSL-2750U_Firmware_AF_1.76_R01 LATEST/
Click to expand...

Yup it's really as simple as that, the fact that the access details are out in the wild.

If those were changed there is no way they can get in (this easily) again.

It's not a hack at all, just a case of having prior knowledge.
 
nemo415

nemo415

Well-Known Member
Joined
May 22, 2011
Messages
478
Same thing happened on my friend's DWR 730 this morning... Sigh
 
You must log in or register to reply here.
Top