Community discussions

MikroTik App
 
choma
just joined
Topic Author
Posts: 7
Joined: Tue Feb 04, 2014 12:45 am

Hotspot hack

Fri May 23, 2014 10:32 pm

Greetings!
Yesterday one of my clients called me to tell me that my hotspot login page redirects him to pornotube.com, instead of the dynamic redirect to the page he requested.
At first I thought he picked up something malicious that did that to his web browser, but then I realized my RB433 got hacked.
When I opened login.html file in the hotspot directory (inside the router) I noticed this:
Image

instead of the usual:
Image

After that I wrote a script that e-mails me every hour with a .txt file that keeps record of all succesfull logins, and I "repaired" the hotspot to redirect normally. Today I login and I see that it's changed back to pornotube redirect, but no body else except me logged in to the RB. :-S

That RB433 has a dynamic WAN IP with dynDNS on changeip.com for remote control. I also have firewall rules to bounce SSH attacks. No body except me and the people I work with knows the login credentials, and I seriously doubt they would do this.

Is it possible that someone did this hack without logging in the RB?
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: Hotspot hack

Tue May 27, 2014 5:03 pm

Change the admin credentials to something only you know and wait if it happends again.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Hotspot hack

Tue May 27, 2014 5:32 pm

Today I login and I see that it's changed back to pornotube redirect, but no body else except me logged in to the RB. :-S
How do you know that? Maybe the hacker rebooted your router.

Who is online

Users browsing this forum: haianh and 22 guests