Telkom Dlink 2750u Hacked

NicholasDK

Member
Joined
Jul 29, 2011
Messages
20
I have a client thats been hacked like this multiple times this week, I changed all security settings but they still get in so I assume the firmware is vulnerable, it's probably a bot network scanning for vulnerable modems.

After installing the latest firmware I also changed the access codes for the "support" user under Maintenance. The default support password on the Telkom routers is TelkomDlink12345, be sure to change this as well.
 
Last edited:

nemo415

Well-Known Member
Joined
May 22, 2011
Messages
478
I have a client thats been hacked like this multiple times this week, I changed all security settings but they still get in so I assume the firmware is vulnerable, it's probably a bot network scanning for vulnerable modems.

After installing the latest firmware I also changed the access codes for the "support" user under Maintenance. The default support password on the Telkom routers is TelkomDlink12345, be sure to change this as well.

Disable WPS
 

nemo415

Well-Known Member
Joined
May 22, 2011
Messages
478
Seems like a brute force on the WPS pin. just disable WPS in the Wifi settings
 

Belza81

Active Member
Joined
May 3, 2012
Messages
55
Also happened to me DSL 2750-u ... the bastards stole nearly ALL my cap!! So this is not neighbours or people near me doing this? I can clearly see the logs where user "daemon" I have Telkom Internet. I have turned off Wifi now for nearly 2 weeks - only connecting with LAN - but so inconvenient (and makes me so angry that now I have to be inconvenienced for these ****heads to steal!) - today however I had an intrusion once again WITHOUT my wifi being on? Please help as I am not clued up - if I turn off WPS is it then safe again to turn Wifi on? Also, I have changed all my passwords of admin and user but the Support one - TelkomDlink12345 nog working!?
 

Scary_Turtle

Expert Member
Joined
Aug 13, 2015
Messages
3,205
Also happened to me DSL 2750-u ... the bastards stole nearly ALL my cap!! So this is not neighbours or people near me doing this? I can clearly see the logs where user "daemon" I have Telkom Internet. I have turned off Wifi now for nearly 2 weeks - only connecting with LAN - but so inconvenient (and makes me so angry that now I have to be inconvenienced for these ****heads to steal!) - today however I had an intrusion once again WITHOUT my wifi being on? Please help as I am not clued up - if I turn off WPS is it then safe again to turn Wifi on? Also, I have changed all my passwords of admin and user but the Support one - TelkomDlink12345 nog working!?

I learnt how to do this in college 10+ years back and it has been around a lot longer then that.

-You go to a website can't remember it anymore and it basically list thousands of ip addresses in South Africa.
-You log into each one and keep trying the username and password as admin/admin until you find one that lets you in. You will see the router page that you normally do when you login to your router.
-Go to the profile page and you can see their username without asterisks "pete@telkomsa.net" as an example. Copy this.
-The password will have asterisks but there are 1000 "see behind asterisks" tools on the web so just use any of them and you have the password.

From here you can change the username to "YOUHAVEBEENHACKED" or whatever you want, which will kick the person of the i-net. Change your router to their info and you have free data.

Now days I doubt people are doing it this way, they just set up bots that do these steps and capture all the data to a spreadsheet that they can give/sell to people. There could also set the bot to try and break your router password so something long with numbers and upper-lowercase but if it was me I would set the bot to give up after 30sec-1min because you get more accounts.

So I bet your problem is that these people have the username and password from your ISP which they can use as they please until you get it changed.

Phone the your ISP and get your details changed and make sure you don't have admin/admin as your router password.
 

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
37,649
And use a proper firewall (smoothwall, pfsense, ipcop etc).

Still amazed that bandwidth theft still is a thing in SA...

I'm using a DLink router, but Smoothwall controls the link - so there is no way that they can try and haxx0r that.

On the other hand, the FTP server in the DMZ got a lot of password force attempts :D
 
Last edited:
Top