I mean Screenshots of the Router settings/website and the VPN connection.
Hola Penélope. En serio, lamento mucho que estés pasandopor todo esto. Creo, en mi humilde opinión, que tienes 3 opciones:
-
Intentar hacer un reset del router. Como no tengo idea de ese modelo en especĂfico, lo mas probable es que puedas usar el famoso 30/30/30. ÂżCĂłmo lo haces? Muy sencillo: Desconectas TODOS los cables del router, excepto el de corriente. Con un clip (no sĂ© si en MĂ©jico se llamen asĂ) mantienes pulsado el botĂłn de reset por 30 segundos, a continuacion SIN SOLTAR EL BOTON DE RESET, lo desenchufas de la corriente, manteniuendo el boton pulsado por otros 30 segundos mĂĄs y finalmente SIN SOLTAR EL BOTON, lo reconectas; manteniĂ©ndolo por los ultimos 30 segundos. Esto deberĂa llevarlo a la configuraciĂłn original. Puesto que esto lo deja como salido de fĂĄbrica, esto apaga el WiFi del mismo, asĂ que para configurarlo debes coinectarle un cable Ethernet desde alguna computadora y para que puedas entrar en Ă©l, debes bajarte alguna aplicaciĂłn que haga SSH (yo uso Putty) a la direcciĂłn 192.168.1.1, hay varios tutoriales que te ayudarĂĄn con esto.
-
desconecta todo y cĂłmprate un modem y un router nuevos donde seas tĂș quien los configure desde el principio. Si aĂșn recuerdas hacer .BAT en DOS, Linux no te serĂĄ tan dificil, te lo digo por experiencia propia.
-
lo de DESTRUIRLO TODO es bastante em serio pero un poco drĂĄstico pero si de verdad es un hacker de DHS (esto a todos nos parece muy farfetched) a lo peor esto tampoco te ayude, ya que lo que coloques de nuevo tambiĂ©n te lo hackearĂa
En fin, espero que te sirva. No recuerdo si hay alguna regla que diga que todo debe ser escrito en inglés, but i'm answering you in Spanish in order for you to trust what i'm saying, that I'm really trying to help you since it's the main goal of this forum, not making fun of you.
Please always provide an english translation, so others all around the globe can follow the discussion without having to use a translator.
Well, I did it for her, to convince her that i'm really trying to help her. Making the story short, I just explained her how to do a 30/30/30 and told her that maybe she should get rid of all the equipment and buy new ones
Cheers!
Amable señor, muchas gracias por el consejo. He intentado varias cosas y, al final, creo que tienes razón al abandonar el hardware e instalar un nuevo enrutador. Telmex se resiste a asignar nuevas direcciones IP, pero espero que lo hagan. Me he contactado con agencias policiales para rastrear a los hackers. In English, many thanks. I tried various things and, in the end, I am convinced that I need to abandon all hardware. Telmex resists assigning new IPs but I hope they will. I have contacted law enforcement to track down the hackers.
30/30/30 doesnât apply to openwrt. But resetting to defaults and flashing a known image certainly can be good to alleviate security concerns. As can replacing all suspect equipment.
But fundamentally, the op believes that they are being hacked - most likely just out of pansies/fear and a lack of understanding of the key network technologies. But because the op seems to truly believe that they are hacked, my guess is that they will not believe anyone else who says otherwise or can explain the opâs observations with reasonable facts.
Just my two cents:
OP has confessed and evidenced her lack of knowledge about basic aspects of networking, has not shared any details about how did she find those hacks, or when she shared them we proved to be false alarms, and the vague explanations she has given do not point to any hacking at all.
I am convinced OP is frightened and confused, but she is seeing hacks where there are none. Buying new hardware is just going to delay the issue, until she runs the same tests on the new hardware, gets the same predictable results, and misinterprets them again as hacks.
Instead of wasting money on new hardware, I think OP should share step by step details on all those tests that make her be so confident that she has been hacked; and I am sure we will dismantle them one by one.
2 Likes
Is the second octet by any chance 168?
If yes, and I am extremely cofident it is, you are seeing the internal non=-public IP-addresses (https://es.wikipedia.org/wiki/Red_privada) inside you home network. Since IPv4-address space is exhausted (all 4 billion addresses are used up or reserved already), your ISP will only assign a single IPv4-address to your network (the address you see for ppp wan 187.nnn.nnn.nnn) and your router will use NAT-masquerading (network address translation) to transpatrently map from the internal network addresses in the 192.168.nnn.nnn range to the 187.nnn.nnn.nnn (it re-maps the port numbers to multiplex the internal IP-address onto the single external public IP-address, but I digress).
This is not a sign of VPN of being hacked, but simply the way how IPv4-home routers need to work in the light of IPv4 address exhaustion.
This also explains why diabling the PPP wan address turns of the internet, without a public ip-address your ISP can simply not route packet to your network.
So, since I admit to not having read the beginning of your thread, could you repeat the observations, besides these IP addresses that make you believe you got hacked?
How do you actually get this information?
GeoIP is notoriously unreliable, especially with an ISP that hands out IP addresses transiently to its customers, expect geoIP to be mostly off.
I am the OP. Yes, I confess a lack of deep understanding of router hardware and software. I have been around long enough to know the basic concepts, so please give me SOME credit. I have also been hacked before and went through the âprove itâ steps with a cyber crimes investigator, so give me some credit when I say I know I am just a workstation on a VPN, for the second time around, and made worse by being in Mexico, where you donât get great info and service from Telmex techs and it is par for the course for people to hi jack your signal in numerous clever ways. It has taken me a week on this forum to learn that OpenWrt.lan is how Technicolor routers appear to some softwareâin this case, Avastâand that Telmex bought Prodigy, so the hidden user ID on the Telmex management interface is just something hanging over from that merger ( though I am still not convinced that a Telmex connection can have two user IDs, really three, if you include mine). Where to go from here is to figure out who are the super users who heirarchically took ownership of everything on my win 7 Asus, took over my neighborâs iPad and router, put my SOâs phone into a Samsung internet and is paying for that, took over his Win 10 Dell laptop, also. The hackers are likely young and are gamers because the google searches that are in the search history every morning on our computers and phones but that we baby boomers did not make are teenage music icons, games, news of Disney actors, various kinds of cutting edge power software for Apple desktops, etc. After my SO and I log off all of our devices, the broadband and wireless lights on our router donât go steady, they go crazy all night long (until I unplug the router or turn off the wireless broadcasting). These may be simple clues, but I have seen the clues before on a verified hacking of my devices and I did not get paranoid, I got busy to get I hacked. I only finally solved the problem by abandoning all hardware and stopping and prosecuting the hacker dood who lived across the street and captured the entire neighborhoodâs computers in his VPN in order to boost his computing power (gaming addict). I could list all of HKEY User registry entries that disable my virus protection software and disable my firewall, limit my user access, etc. In Windows, the superuser named Network recently took ownership of my computer and he/she has crippled my admin power. I could start crippling him/her if I were not delegated as a workstation user. I must admit that the temp batch file for my fake desktop and user parameters is quite good, but I can see enough behind the curtain to know what is happening. Everything I do is only temporary because the master of the server very simply restores whatever I did as the admin. If I knew Linux, maybe I would not be as crippled. I can see that there are a lot of hidden files and several hidden drives (other than the Office partition...and I have a backup drive, but the backup privilege has been overtaken) but I canât unhide them. I might concede but I wonât bow to the hackers.
More evidence debunked, another long rant full of incongruences, but no details at all...
Since you refuse to let us help you, I will just quit this thread; good luck with your endeavour.
So I believe there are two orthogonal issues, and only one is well discussed on this forum:
a) illicit control of your openwrt-based technicolor router
b) illicit control of your end devices (which does not depend on a)
As far as I am concerned b) is out of the scope of this forum, even though I assume a number of regulars here would also be quite knowledgeable about these issues.
About b) this forum seems to be a reasonable place to search for help. But the first thing that needs to be established are observable facts in sufficient detail to allow informed hypothesis and to develop an understanding of the underlaying issue. Now, a number of people have asked about details and I believe it would be a great idea to try to supply the desired information so people have something to work on.
Because unless there is actionable information, we can not help you except lleachii's recommendation to only leave burnt earth:
Now, unless you figure out the root cause of your issues, it is quite likely that you will get into the same situation you are in now soon, so maybe doing a bit more research might be a decent idea?
Please note, this is independent of the correctness of your diagnosis of "being hacked".
I apologize for not giving detailed screenshots, etc. There is so much that I donât know wher to start. Bye
Windows, athtough better in recent years, is notoriously insecure. It is not totally implausible that you have a compromised system. But I agree with the others on the thread that it is most likely not related to a router intrusion. Typically, a compromised device can continue to infect other devices on the same network (although Iâd be quite surprised if the iPad and similar devices were actually affected as you claim).
If you believe the router is the vpn/gateway that hackers are using to get into your network, you can always install another router that you fully control and secure either in-Lieu of, or in between the isp router and your devices. This way you can set up a firewall and logging/tracking that you can trust (turn off upnp as well).
If your devices are infected, you will only be able to address that by either destroying the devices or at least completely erasing the os and reinstalling from a known safe installer file/media (and then properly securing the firewall and antivirus features).
1 Like
I would also suggest that you consider how the dunning-kruger effect (google it if you are not familiar) may be influencing your comprehension of what is happening on your network and devices. Iâm not saying this in a snarky way, but that your admitted knowledge of âbasicâ concepts may give you the impression that you are seeing nefarious activity when a more advanced perspective would indicate normal behavior for the network.
Also consider the following:
Hidden files are normal and often considered necessary in modern operating systems (prevents accidental modification and/or deletion by users, reduces clutter and confusion, etc).
Network activity may legitimately increase at night (after you stop using your device) as apps, osâs, and security updates are downloaded and installed. And backups to cloud services (such as iCloud) often happen when your device is otherwise idle, charging, and connected to WiFi.
Thank you for the sound advice. I think the compromise is probably in the computers nd phones to begin with, simply because I discovered the VPN at a previous location on a different Telmex connection and better router. I woke up one day to realize that the Avast WiFi diagnostic showed my neighborâs iPad and broadband DSL as part of the network, and my phones and computers were also part of a Windows server VPN. But I did have a few days at the present location when everything seemed to be ânormal,â even though I knew that any infected device was still discoverable. I was not able to start with fresh hardware and OSs. This Technicolor router is older and the Telmex lines are spliced in with electrical tape. Anyone can get in a ladder outside and hijack the connection. I am taking Telmex to task on that with a new router and IP. As to how I need to address the Windows takeover, plus two Android phones, that is something I will have to get professional help with locally. If I need to replace devices, I can start saving to drop a bundle on that. I am only savvy enough to know the initial symptoms and the main file indicators....ie, to make a rough diagnosis. I appreciate the help and support from this forum and will bow out now. Muchas gracias a todo.
Ha ha, thanks, but my perceptions are perfectly normal. Do all advanced users think people who are less technologically proficient are crazy in some way if they suspect or se certain that they have been victimized? That is sad.
I think sadder:
- you're under the impression you've been hacked
- we asked for screenshots (as the cliché goes: "pictures don't lie")
- then you state:
- Which makes me again wonder:
You can't have the situation both ways - we've yet to see a SINGLE picture or other description, you just kept insisting that you be helped. You havent even shown a picture of:
You would think a simple screenshot of this page would be easy; and that if you can access it, that you could also hit Delete...or Reset to factory defaults...
Buenos Dias.
1 Like
I hope you don't take this the wrong way Penelope, but if you think you're being harassed or hacked you should first ask yourself if there's a reason to harass or hack you, such as, are you rich? Are you in a position of power? Do you know of a specific person or persons who have ill will against you? If the answer to all those is no, then it's not likely someone is going to pick you at random and harass/hack you for no reason. I'm not saying you're not being harassed/hacked, or that you should you let your guard down, i just think those are some questions you can go through that might help put your mind at ease a little.
No, your perceptions are not at all normal when taken in context of your refusal to provide any information that could allow a person with knowledge to be able to assess the evidence and provide meaningful direction to you.
2 Likes