Telkom Dlink 2750u Hacked

bees · Aug 29, 2017

Client complained about no internet. Went to site to find SSID changed to TELKOMHACKED, password still the same, and the Internet Connection (pppoe under WAN connection) completely gone.

Router's admin password wasn't on default. Support user's password however was still on TelkomDlink12345. Suppose that's how they got in. Telkom as ISP.

Just FYI to change support password as well when configuring these modems.

Genisys · Aug 29, 2017

Or just get a decent router to do the actual work.

bees · Aug 29, 2017

Genisys said:
Or just get a decent router to do the actual work.

Or that

SauRoNZA · Aug 29, 2017

bees said:
Client complained about no internet. Went to site to find SSID changed to TELKOMHACKED, password still the same, and the Internet Connection (pppoe under WAN connection) completely gone.

Router's admin password wasn't on default. Support user's password however was still on TelkomDlink12345. Suppose that's how they got in. Telkom as ISP.

Just FYI to change support password as well when configuring these modems.

Why was it open to remote access?

If not remote it means someone locally on the network did it.

prod · Aug 31, 2017

bees said:
Client complained about no internet. Went to site to find SSID changed to TELKOMHACKED, password still the same, and the Internet Connection (pppoe under WAN connection) completely gone.

Router's admin password wasn't on default. Support user's password however was still on TelkomDlink12345. Suppose that's how they got in. Telkom as ISP.

Just FYI to change support password as well when configuring these modems.

Exactly the same thing happened to me last week.

borro · Sep 1, 2017

same here

krustyrsa · Sep 2, 2017

prOd said:
Exactly the same thing happened to me last week.

borro said:
same here

damn

, just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.

SauRoNZA · Sep 2, 2017

Isn't this the router with the DNS based vulnerability?

A firmware upgrade should sort it out.

krustyrsa · Sep 2, 2017

SauRoNZA said:
Isn't this the router with the DNS based vulnerability?

A firmware upgrade should sort it out.

I think the latest firmware version is 1.65 on the telkom brand and 1.67 on the retail version, I might be mistaken.

SauRoNZA · Sep 2, 2017

krustyrsa said:
I think the latest firmware version is 1.65 on the telkom brand and 1.67 on the retail version, I might be mistaken.

Don't have one so can't say.

But there was a very well known security vulnerability with these particular models.

****

Checked now and that problem was rather related to Internet slowing down to a crawl and users not being aware they got hacked.

In this case some bot hack tool was probably just fed the username and password.

All the more reason to put the retail firmware on if at all possible.

MickeyD · Sep 2, 2017

krustyrsa said:
damn , just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.

They are aware of it...

Si H · Sep 5, 2017

I had same issue over weekend. Reset all my passwords including router access codes. And hacked again 24 hours later. SSID changed to " Telkom Hacked" second time. So they can still access the D Link router. I think there are going to be a lot of people with the same problem....

bees · Sep 5, 2017

Si H said:
I had same issue over weekend. Reset all my passwords including router access codes. And hacked again 24 hours later. SSID changed to " Telkom Hacked" second time. So they can still access the D Link router. I think there are going to be a lot of people with the same problem....

Is this even after you changed support password as well?

Which ISP you with?

schuits · Sep 5, 2017

This happened to me this weekend to.
At first I was worried it was a wireless hack which means someone who knows what they doing.

Anyway. Reset my password and what not, but clearly it can happen again.
I didn't know there was a support password, so I'll check that out tonight.
Also adding MAC filtering and will see if I can disable external access to the router.
Anything else we can do?

Alternatively I have an old Zyxel router I might swap to.

schuits · Sep 6, 2017

Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

There's a default support login on these modems. With the password as guess what...."support"!
(alternatively there's a default telkom password aswell)

I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

ftp://ftp.d-link.co.za/DSL/DSL-2750...n T/T1/DSL-2750U_Firmware_AF_1.76_R01 LATEST/

ranger · Sep 6, 2017

krustyrsa said:
damn , just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?

How would this be related?

(In case you misunderstand me, no, there is now way RADIUS relates to this).

[/QUOTE]
..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.[/QUOTE]

MickeyD seems to think they are aware of it.

It may not necessarily be useful to discuss workarounds yet.

ranger · Sep 6, 2017

bees said:
Which ISP you with?

Unless you are meaning that some ISPs intercept the traffic that could be used in the "hack", which ISP you use is irrelevant.

backstreetboy · Sep 7, 2017

schuits said:
Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

There's a default support login on these modems. With the password as guess what...."support"!
(alternatively there's a default telkom password aswell)

I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

ftp://ftp.d-link.co.za/DSL/DSL-2750...n T/T1/DSL-2750U_Firmware_AF_1.76_R01 LATEST/

Did that when I first got the router already. Stock firmware ftw!

SauRoNZA · Sep 14, 2017

schuits said:
Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

There's a default support login on these modems. With the password as guess what...."support"!
(alternatively there's a default telkom password aswell)

I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

ftp://ftp.d-link.co.za/DSL/DSL-2750...n T/T1/DSL-2750U_Firmware_AF_1.76_R01 LATEST/

Yup it's really as simple as that, the fact that the access details are out in the wild.

If those were changed there is no way they can get in (this easily) again.

It's not a hack at all, just a case of having prior knowledge.

nemo415 · Sep 18, 2017

Same thing happened on my friend's DWR 730 this morning... Sigh

Join the MyBroadband community

Get started

Telkom Dlink 2750u Hacked

Well-Known Member

Honorary Master

Well-Known Member

Honorary Master

Executive Member

Executive Member

Senior Member

Honorary Master

Senior Member

Honorary Master

RIP

New Member

Well-Known Member

Expert Member

Expert Member

Expert Member

Expert Member

Honorary Master

Honorary Master

Well-Known Member