DNS Hacked in Router

  • Thread starter Thread starter ijsa
  • Start date Start date
  • Replies Replies 35
  • Views Views 6,934
I

ijsa

Regular
I got banned!
Messages
2,572
Location
Delhi
ISP
Excitel
My DNS server's as below were hacked. Many sites were not working, including google.com, hotmail. Most bank's netbanking were working.

Took me some time find out.....

I do have a strong password for router access page. Don't know how it was hacked.

I have changed the password and disabled the remote access.

What kind of damage could have been done/ exposed to.

Do comment.
 
Last edited by a moderator:
Are you sure they are not default values?
 
0.0.0.0 is invalid ip. Maybe your router glitched and you got isp default dns? Nothing to worry about
 
these are set to 0.0.0.0 by me, yes 0.0.0.0 is the default value in router, it was set to 171.x.x.x when hacked...
 
Why do you wish to use 171..... instead of 8.8.8.8?

I certainly feel UBNT is better Router and secured too.
 

Okay. If I were you, I will do this.

1. Restart the Router/Modem to get the new Public IP.

2. Change the DNS to 8.8.8.8 (Google's Both) or 1.1.1.1 (Cloudflare's Both).

3. Look for the software or anything which might be causing this on your system.

4. Factory Reset the Router / Modem and Do all the new settings with new Password of WiFi (Don't use same/old).

5. Make totally new password for the router / modem and if you can, change the username also.

P.S.: Don't backup the settings. But screenshot the settings and use them for your reference to re-do the settings. (Keep in mind to note down the Authentication Password if you use PPOE)
 
thx.....

one thing I have already done.... moved from static ip to dynamic ip..

yes router access password, i have already changed.. removed remote access to router...

sticking to isp assigned dns for the moment....

wifi password change.... why?

suspicious activity: 2days ago I was some movie on phone and in the background some playstore updates were going and I was repeatedly getting error of storage full while there was more than 700mb free.

suspicious app: Thop Tv

will keep a close watch on things for few days.
 
Change Router Password to AlphaNumeric.

And, WiFi Password because maybe someone from WiFi Changed it.

When you have enemity with the Technical Team of ISP. Always Make Guest Network for them.

Don't give them your main WiFi Password.
 
all things right but how can anyone using wifi, access router admin page without knowing the password.... that too a strong password with special characters(@,$# etc) in it...
 
I've given the answer to this (possible reason) previously. But, since it's a localhost.

You've two options from here:

1. Keep Questioning yourself about this and not casing out.

2. Case out any possible way and make yourself more secure.

If I were you, I would go with 2.

P.S.: It's good to question but not at the cost of casing out. I would case out any thing which can be the possible reason.
 
DNS poisoning is serious. They could have redirected every page you visited during the time to another server and stolen your credentials. I would recommend changing passwords for everything you logged into during the time frame.

They also use DNS to target Android specifically See Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan Crooks Hijack Router DNS Settings to Redirect Users to Android Malware

At the very least use malwarebytes or some such to scan the device. If it were me, I would wipe and start over.

Better to be safe than sorry.
 

Top