Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29

Thread: Telkom Dlink 2750u Hacked

  1. #16

    Default

    Quote Originally Posted by krustyrsa View Post
    damn O.o, just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?
    How would this be related?

    (In case you misunderstand me, no, there is now way RADIUS relates to this).

    [/QUOTE]
    ..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.[/QUOTE]

    MickeyD seems to think they are aware of it.

    It may not necessarily be useful to discuss workarounds yet.
    Nothing I post on this forum represents the views of the company I work for (or used to).
    Note: I no longer work in the telecommunications or ISP sectors.

  2. #17

    Default

    Quote Originally Posted by bees View Post

    Which ISP you with?
    Unless you are meaning that some ISPs intercept the traffic that could be used in the "hack", which ISP you use is irrelevant.
    Nothing I post on this forum represents the views of the company I work for (or used to).
    Note: I no longer work in the telecommunications or ISP sectors.

  3. #18

    Default

    Quote Originally Posted by schuits View Post
    Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
    Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

    There's a default support login on these modems. With the password as guess what...."support"!
    (alternatively there's a default telkom password aswell)

    I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

    ftp://ftp.d-link.co.za/DSL/DSL-2750u..._R01%20LATEST/
    Did that when I first got the router already. Stock firmware ftw!
    I can't add a single hour to my life, but I'm convinced that if I could, I'd spend it counting down the time.

  4. #19

    Default

    Quote Originally Posted by schuits View Post
    Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
    Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

    There's a default support login on these modems. With the password as guess what...."support"!
    (alternatively there's a default telkom password aswell)

    I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

    ftp://ftp.d-link.co.za/DSL/DSL-2750u..._R01%20LATEST/
    Yup it's really as simple as that, the fact that the access details are out in the wild.

    If those were changed there is no way they can get in (this easily) again.

    It's not a hack at all, just a case of having prior knowledge.

  5. #20

    Default

    Same thing happened on my friend's DWR 730 this morning... Sigh

  6. #21

    Default

    I have a client thats been hacked like this multiple times this week, I changed all security settings but they still get in so I assume the firmware is vulnerable, it's probably a bot network scanning for vulnerable modems.

    After installing the latest firmware I also changed the access codes for the "support" user under Maintenance. The default support password on the Telkom routers is TelkomDlink12345, be sure to change this as well.
    Last edited by NicholasDK; 06-10-2017 at 06:19 PM. Reason: Updated

  7. #22

    Default

    Just got the same thing dwr 730. Old password not working

  8. #23

    Default

    Quote Originally Posted by NicholasDK View Post
    I have a client thats been hacked like this multiple times this week, I changed all security settings but they still get in so I assume the firmware is vulnerable, it's probably a bot network scanning for vulnerable modems.

    After installing the latest firmware I also changed the access codes for the "support" user under Maintenance. The default support password on the Telkom routers is TelkomDlink12345, be sure to change this as well.
    Disable WPS

  9. #24

    Default

    Seems like a brute force on the WPS pin. just disable WPS in the Wifi settings

  10. #25
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Nov 2015
    Location
    Talga Vassternich.
    Posts
    14,647
    Blog Entries
    1

    Default

    just one vuln from 2015... https://www.theregister.co.uk/2015/0...hijack_d_link/

    However, there are many other vulnerabilities. Just use Smoothwall or pfSense to get rid for good of this vulnerability.
    500th anniversary of the Protestant Reformation has passed.

  11. #26
    Super Grandmaster
    Join Date
    May 2006
    Location
    Rondebosch
    Posts
    9,294

    Default

    Same thing happened to me with the Dlink 730 LTE router.
    https://mybroadband.co.za/vb/showthr...r-730-hacked-(

  12. #27

    Default

    Also happened to me DSL 2750-u ... the bastards stole nearly ALL my cap!! So this is not neighbours or people near me doing this? I can clearly see the logs where user "daemon" I have Telkom Internet. I have turned off Wifi now for nearly 2 weeks - only connecting with LAN - but so inconvenient (and makes me so angry that now I have to be inconvenienced for these ****heads to steal!) - today however I had an intrusion once again WITHOUT my wifi being on? Please help as I am not clued up - if I turn off WPS is it then safe again to turn Wifi on? Also, I have changed all my passwords of admin and user but the Support one - TelkomDlink12345 nog working!?

  13. #28

    Default

    Quote Originally Posted by Belza81 View Post
    Also happened to me DSL 2750-u ... the bastards stole nearly ALL my cap!! So this is not neighbours or people near me doing this? I can clearly see the logs where user "daemon" I have Telkom Internet. I have turned off Wifi now for nearly 2 weeks - only connecting with LAN - but so inconvenient (and makes me so angry that now I have to be inconvenienced for these ****heads to steal!) - today however I had an intrusion once again WITHOUT my wifi being on? Please help as I am not clued up - if I turn off WPS is it then safe again to turn Wifi on? Also, I have changed all my passwords of admin and user but the Support one - TelkomDlink12345 nog working!?
    I learnt how to do this in college 10+ years back and it has been around a lot longer then that.

    -You go to a website can't remember it anymore and it basically list thousands of ip addresses in South Africa.
    -You log into each one and keep trying the username and password as admin/admin until you find one that lets you in. You will see the router page that you normally do when you login to your router.
    -Go to the profile page and you can see their username without asterisks "[email protected]" as an example. Copy this.
    -The password will have asterisks but there are 1000 "see behind asterisks" tools on the web so just use any of them and you have the password.

    From here you can change the username to "YOUHAVEBEENHACKED" or whatever you want, which will kick the person of the i-net. Change your router to their info and you have free data.

    Now days I doubt people are doing it this way, they just set up bots that do these steps and capture all the data to a spreadsheet that they can give/sell to people. There could also set the bot to try and break your router password so something long with numbers and upper-lowercase but if it was me I would set the bot to give up after 30sec-1min because you get more accounts.

    So I bet your problem is that these people have the username and password from your ISP which they can use as they please until you get it changed.

    Phone the your ISP and get your details changed and make sure you don't have admin/admin as your router password.

  14. #29
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Nov 2015
    Location
    Talga Vassternich.
    Posts
    14,647
    Blog Entries
    1

    Default

    And use a proper firewall (smoothwall, pfsense, ipcop etc).

    Still amazed that bandwidth theft still is a thing in SA...

    I'm using a DLink router, but Smoothwall controls the link - so there is no way that they can try and haxx0r that.

    On the other hand, the FTP server in the DMZ got a lot of password force attempts
    Last edited by The_Librarian; 07-11-2017 at 11:49 AM.
    500th anniversary of the Protestant Reformation has passed.

+ Reply to Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. DLINK DSL 2750U cheaper than expected at Telkom stores
    By zolly in forum PC Hardware and Gadgets
    Replies: 2
    Last Post: 24-04-2014, 05:32 PM
  2. Red Bull Mobile 200MB/month x 12 using Huawei E367 Modem on Telkom brnded DLink-2750U
    By 72859 in forum Cell C Broadband and Mobile Internet | LTE, HSPA+, 3G, EDGE, GPRS and BIS
    Replies: 0
    Last Post: 06-09-2013, 05:27 PM
  3. Telkom DLink DSL 2750U Security
    By barrytemp in forum ADSL and VDSL Discussions
    Replies: 3
    Last Post: 05-06-2013, 08:33 AM
  4. Dlink 2750U
    By unwired in forum PC Hardware and Gadgets
    Replies: 1
    Last Post: 29-01-2013, 01:23 AM
  5. Help with DLINK-DSL 2750U!!!!
    By rajiv in forum PC Hardware and Gadgets
    Replies: 0
    Last Post: 04-05-2012, 10:49 PM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •