Greetings!
Yesterday one of my clients called me to tell me that my hotspot login page redirects him to pornotube.com, instead of the dynamic redirect to the page he requested.
At first I thought he picked up something malicious that did that to his web browser, but then I realized my RB433 got hacked.
When I opened login.html file in the hotspot directory (inside the router) I noticed this:
instead of the usual:
After that I wrote a script that e-mails me every hour with a .txt file that keeps record of all succesfull logins, and I "repaired" the hotspot to redirect normally. Today I login and I see that it's changed back to pornotube redirect, but no body else except me logged in to the RB. :-S
That RB433 has a dynamic WAN IP with dynDNS on changeip.com for remote control. I also have firewall rules to bounce SSH attacks. No body except me and the people I work with knows the login credentials, and I seriously doubt they would do this.
Is it possible that someone did this hack without logging in the RB?