26 May 2014

Your router may be already hacked

Category security
Tags #privacy #sec

if you get the same like on the screenshot below

you should know, you are powned, at least router which throw you to internet, was hacked, and works for person who hacked it. See explanation and cure below. On this screen you can see banners with ADs over the page opened in Mobile Safari on iPhone 5, it can happen when all your http traffic goes through enemy router, and can be modified in anyway.

Read next for more explanations

First of all, it’s all about default passwords, never ever leave default setings and passwords. So let’s go to router network settings:

hacked router screenshot

The 188.93.211.116 is the enemy dns server address which route your connections to special proxy server which modified your http traffic.

After that your must check startup commands that execute when your router switches on:

hacked router startup command screenshot

As you see here, this is same IP address in this textarea with linux commands, this commands are dynamically setup dns servers on the router, and if you’re not clean it up from this place, your router will change addreses after reboot. Delete all comands, or better is change IP address on your trusted DNS server IP. If you don’t remember anything suitable address you always can set 8.8.8.8 it is The Google dns servers, and also you can use this opensource dns.

Comments