DNS Hacked in Router

ijsa

Regular
[OP]
Regulars
May 3, 2008
1,644
159
My DNS server's as below were hacked. Many sites were not working, including google.com, hotmail. Most bank's netbanking were working.


Took me some time find out.....

I do have a strong password for router access page. Don't know how it was hacked.

I have changed the password and disabled the remote access.

What kind of damage could have been done/ exposed to.

Do comment.
 

vishalrao

The Global Village Idiot
Regulars
Jan 21, 2005
4,625
246
Pune
0.0.0.0 is invalid ip. Maybe your router glitched and you got isp default dns? Nothing to worry about
 


ijsa

Regular
[OP]
Regulars
May 3, 2008
1,644
159
these are set to 0.0.0.0 by me, yes 0.0.0.0 is the default value in router, it was set to 171.x.x.x when hacked...
 

ajgamer

Regulars
Dec 28, 2014
1,303
137
Why do you wish to use 171..... instead of 8.8.8.8?

I certainly feel UBNT is better Router and secured too.
 


ajgamer

Regulars
Dec 28, 2014
1,303
137
Okay. If I were you, I will do this.

1. Restart the Router/Modem to get the new Public IP.

2. Change the DNS to 8.8.8.8 (Google's Both) or 1.1.1.1 (Cloudflare's Both).

3. Look for the software or anything which might be causing this on your system.

4. Factory Reset the Router / Modem and Do all the new settings with new Password of WiFi (Don't use same/old).

5. Make totally new password for the router / modem and if you can, change the username also.

P.S.: Don't backup the settings. But screenshot the settings and use them for your reference to re-do the settings. (Keep in mind to note down the Authentication Password if you use PPOE)
 

ijsa

Regular
[OP]
Regulars
May 3, 2008
1,644
159
thx.....

one thing I have already done.... moved from static ip to dynamic ip..

yes router access password, i have already changed.. removed remote access to router...

sticking to isp assigned dns for the moment....

wifi password change.... why?

suspicious activity: 2days ago I was some movie on phone and in the background some playstore updates were going and I was repeatedly getting error of storage full while there was more than 700mb free.

suspicious app: Thop Tv

will keep a close watch on things for few days.
 

ajgamer

Regulars
Dec 28, 2014
1,303
137
Change Router Password to AlphaNumeric.

And, WiFi Password because maybe someone from WiFi Changed it.

When you have enemity with the Technical Team of ISP. Always Make Guest Network for them.

Don't give them your main WiFi Password.