Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29

Thread: Telkom Dlink 2750u Hacked

  1. #16
    Grandmaster
    Join Date
    May 2007
    Location
    South Africa
    Posts
    1,963
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by krustyrsa View Post
    damn O.o, just assisted a client on Wednesday with same issue. Could Telkoms Radius server have been hacked?
    How would this be related?

    (In case you misunderstand me, no, there is now way RADIUS relates to this).

    [/QUOTE]
    ..the router had all its default settings intact, accept for the suspicious WIFI SSID...MickeyD could we please make telkom aware of this?. I'm sure there are a lot more people who experienced this issue.[/QUOTE]

    MickeyD seems to think they are aware of it.

    It may not necessarily be useful to discuss workarounds yet.
    Nothing I post on this forum represents the views of the company I work for (or used to).
    Note: I no longer work in the telecommunications or ISP sectors.

  2. #17
    Grandmaster
    Join Date
    May 2007
    Location
    South Africa
    Posts
    1,963
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by bees View Post

    Which ISP you with?
    Unless you are meaning that some ISPs intercept the traffic that could be used in the "hack", which ISP you use is irrelevant.
    Nothing I post on this forum represents the views of the company I work for (or used to).
    Note: I no longer work in the telecommunications or ISP sectors.

  3. #18
    Super Grandmaster
    Join Date
    Jun 2011
    Location
    Polly going to Paarl
    Posts
    10,695
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by schuits View Post
    Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
    Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

    There's a default support login on these modems. With the password as guess what...."support"!
    (alternatively there's a default telkom password aswell)

    I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

    ftp://ftp.d-link.co.za/DSL/DSL-2750u..._R01%20LATEST/
    Did that when I first got the router already. Stock firmware ftw!

  4. #19
    Super Grandmaster SauRoNZA's Avatar
    Join Date
    Jul 2010
    Location
    Cape Town
    Posts
    26,900
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by schuits View Post
    Ok was "hacked" again. I say hacked in inverted commas cause clearly this isn't a hack.
    Whomever is doing this doesn't know the admin passwords that we have set or he would have reset those too. So I suspect he's using the support password.

    There's a default support login on these modems. With the password as guess what...."support"!
    (alternatively there's a default telkom password aswell)

    I upgraded my firmware and changed the guest and support logins, hope it doesn't happen again.

    ftp://ftp.d-link.co.za/DSL/DSL-2750u..._R01%20LATEST/
    Yup it's really as simple as that, the fact that the access details are out in the wild.

    If those were changed there is no way they can get in (this easily) again.

    It's not a hack at all, just a case of having prior knowledge.

  5. #20
    Senior Member nemo415's Avatar
    Join Date
    May 2011
    Location
    Pretoria
    Posts
    315
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Same thing happened on my friend's DWR 730 this morning... Sigh

  6. #21
    Member
    Join Date
    Jul 2011
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    I have a client thats been hacked like this multiple times this week, I changed all security settings but they still get in so I assume the firmware is vulnerable, it's probably a bot network scanning for vulnerable modems.

    After installing the latest firmware I also changed the access codes for the "support" user under Maintenance. The default support password on the Telkom routers is TelkomDlink12345, be sure to change this as well.
    Last edited by NicholasDK; 06-10-2017 at 06:19 PM. Reason: Updated

  7. #22
    Master
    Join Date
    Mar 2009
    Location
    Durban
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Just got the same thing dwr 730. Old password not working
    Ok Then

  8. #23
    Senior Member nemo415's Avatar
    Join Date
    May 2011
    Location
    Pretoria
    Posts
    315
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by NicholasDK View Post
    I have a client thats been hacked like this multiple times this week, I changed all security settings but they still get in so I assume the firmware is vulnerable, it's probably a bot network scanning for vulnerable modems.

    After installing the latest firmware I also changed the access codes for the "support" user under Maintenance. The default support password on the Telkom routers is TelkomDlink12345, be sure to change this as well.
    Disable WPS

  9. #24
    Senior Member nemo415's Avatar
    Join Date
    May 2011
    Location
    Pretoria
    Posts
    315
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Default

    Seems like a brute force on the WPS pin. just disable WPS in the Wifi settings

  10. #25
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Nov 2015
    Location
    Dark room in Adventure. Grues abound.
    Posts
    16,674
    Blog Entries
    1
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Default

    just one vuln from 2015... https://www.theregister.co.uk/2015/0...hijack_d_link/

    However, there are many other vulnerabilities. Just use Smoothwall or pfSense to get rid for good of this vulnerability.
    500th anniversary of the Protestant Reformation has passed.

  11. #26
    Super Grandmaster
    Join Date
    May 2006
    Location
    Rondebosch
    Posts
    9,426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Same thing happened to me with the Dlink 730 LTE router.
    https://mybroadband.co.za/vb/showthr...r-730-hacked-(

  12. #27
    Member
    Join Date
    May 2012
    Location
    Western Cape
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Also happened to me DSL 2750-u ... the bastards stole nearly ALL my cap!! So this is not neighbours or people near me doing this? I can clearly see the logs where user "daemon" I have Telkom Internet. I have turned off Wifi now for nearly 2 weeks - only connecting with LAN - but so inconvenient (and makes me so angry that now I have to be inconvenienced for these ****heads to steal!) - today however I had an intrusion once again WITHOUT my wifi being on? Please help as I am not clued up - if I turn off WPS is it then safe again to turn Wifi on? Also, I have changed all my passwords of admin and user but the Support one - TelkomDlink12345 nog working!?

  13. #28
    Master
    Join Date
    Aug 2015
    Posts
    769
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by Belza81 View Post
    Also happened to me DSL 2750-u ... the bastards stole nearly ALL my cap!! So this is not neighbours or people near me doing this? I can clearly see the logs where user "daemon" I have Telkom Internet. I have turned off Wifi now for nearly 2 weeks - only connecting with LAN - but so inconvenient (and makes me so angry that now I have to be inconvenienced for these ****heads to steal!) - today however I had an intrusion once again WITHOUT my wifi being on? Please help as I am not clued up - if I turn off WPS is it then safe again to turn Wifi on? Also, I have changed all my passwords of admin and user but the Support one - TelkomDlink12345 nog working!?
    I learnt how to do this in college 10+ years back and it has been around a lot longer then that.

    -You go to a website can't remember it anymore and it basically list thousands of ip addresses in South Africa.
    -You log into each one and keep trying the username and password as admin/admin until you find one that lets you in. You will see the router page that you normally do when you login to your router.
    -Go to the profile page and you can see their username without asterisks "[email protected]" as an example. Copy this.
    -The password will have asterisks but there are 1000 "see behind asterisks" tools on the web so just use any of them and you have the password.

    From here you can change the username to "YOUHAVEBEENHACKED" or whatever you want, which will kick the person of the i-net. Change your router to their info and you have free data.

    Now days I doubt people are doing it this way, they just set up bots that do these steps and capture all the data to a spreadsheet that they can give/sell to people. There could also set the bot to try and break your router password so something long with numbers and upper-lowercase but if it was me I would set the bot to give up after 30sec-1min because you get more accounts.

    So I bet your problem is that these people have the username and password from your ISP which they can use as they please until you get it changed.

    Phone the your ISP and get your details changed and make sure you don't have admin/admin as your router password.

  14. #29
    SmoothOokerMaximus The_Librarian's Avatar
    Join Date
    Nov 2015
    Location
    Dark room in Adventure. Grues abound.
    Posts
    16,674
    Blog Entries
    1
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Default

    And use a proper firewall (smoothwall, pfsense, ipcop etc).

    Still amazed that bandwidth theft still is a thing in SA...

    I'm using a DLink router, but Smoothwall controls the link - so there is no way that they can try and haxx0r that.

    On the other hand, the FTP server in the DMZ got a lot of password force attempts
    Last edited by The_Librarian; 07-11-2017 at 11:49 AM.
    500th anniversary of the Protestant Reformation has passed.

+ Reply to Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. DLINK DSL 2750U cheaper than expected at Telkom stores
    By zolly in forum PC Hardware and Gadgets
    Replies: 2
    Last Post: 24-04-2014, 05:32 PM
  2. Replies: 0
    Last Post: 06-09-2013, 05:27 PM
  3. Telkom DLink DSL 2750U Security
    By barrytemp in forum ADSL and VDSL Discussions
    Replies: 3
    Last Post: 05-06-2013, 08:33 AM
  4. Dlink 2750U
    By unwired in forum PC Hardware and Gadgets
    Replies: 1
    Last Post: 29-01-2013, 01:23 AM
  5. Help with DLINK-DSL 2750U!!!!
    By rajiv in forum PC Hardware and Gadgets
    Replies: 0
    Last Post: 04-05-2012, 10:49 PM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •