How to tell if I got attacked? I can’t login via luci or ssh

In the past few weeks I struggled to connect to my work VPN for first try and an AP reboot solved it but nowadays this is still not enough and it needs more attempts so I wanted to login to the dumb AP to check anomalies but it says incorrect password, same with ssh. My pi4 router is fine but I don’t see anything wrong in the log not that I would understand it, only thing there is “entered blocking state” 2 times but based on time stamps that was my AP reboot . I don’t visit shady sites myself and I guess same goes for my roommate, maybe she’s checking human bodies but she has AdGuard on her i devices and hopefully if she’s watching things like that then she’s doing it on the popular sites so it should be fine. Is it possible that my AP got attacked ? Not sure if it’s worth to attack if the routing is on other device.

I’d like to do the failsafe but not just my AP is dumb , me too and I don’t understand the instructions, what button should I press in the 2 sec window? Any easier way to reset root password?

I’m really worried that I got attacked, the reason I picked this firmware is to have something safer than stock firmware. If it’s really safer than it’s probably just an error that I’m locked out. My dumb AP is an old 1043nd v2 so stability issues have happened before. I need a better router for dumb AP, I would use all in one but the really liked belkin is not available here. Anyway, thanks in advance for the help
Both of my devices are on 21.02 and I tried at the right address with right password

Reset the router, to start with ?

1 Like

You mean the one I use as AP I guess. And why not the failsafe method? https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset

But first, is there any way to tell if the password is indeed changed? Setting up the dumb AP from scratch is just few steps so it’s not a problem but I’d like to find out if it’s an error or malware attack.

Understand that the readers here on the Forum view the most probable and least time consuming method. Chasing blackhats without knowing the details of the Dumb AP setting is a lost cause.

  • Reset the device and change password.
  • Ensure your roommate is only aware of the SSID password and that you don't share or keep a 'Here's my dead body password' sticky laying around
  • Once devices are back in your control ~ hunt your ghost.
4 Likes

It was setup as the dumb AP guide said that’s why I didn’t say my setup. I didn’t want to sound rude, I just thought that it’s possible easily determine if the password is changed or not.

Anyway, I reset the dumb AP and hopefully it was indeed just an error. I can see many threads here that this incorrect login can happen.
Weird thing that I had to redo the process many times because if I reboot it then I can’t access the IP address at all, in browser or ssh. So it’s extra secure now, even I can’t access it :smile: however it was working just couldn’t reach the IP .so I redone again and again and eventually gave up and didn’t reboot it for now, I rebooted before plugging in the router’s cable so maybe that’s why and now i wouldn’t loose it (a reboot shouldn’t be a problem though). I definitely need a beefier device for dumb AP, I only need gigabit speed via cable, wireless don’t matter how fast . I don’t need only AP, any midrange router is fine, I just have few mobile devices and rarely used at once. But I guess plenty questions like that so I’ll look around for recommendations

If you are searching for a new device, see #hardware-questions-and-recommendations and post your request there.
It helps if you mention your requirements, as shown in https://openwrt.org/faq/which_router_should_i_buy

If your initial problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

Are you on latest v21.02.3? I've experienced stability issues on previous v21 releases as well.