This morning while looking at my LEDE home router syslog, I saw several attempts of logging into the router with ssh from the internet. The problem is, I was sure I configured the router to only let lan access ssh, which was not apparently the case until recently (probably because I changed something in the firewall last week).
Everything is now fixed and no one can access it from the internet. I am now worried that maybe someone got access to my router within that one week period and did, lets say, some malicious things on it. Because I thought only lan could ssh into it, root login was enabled with a not super strong password. I am trying to see if someone was able to login successful, but all commands (like last) or files (auth.log) that I check are not present on LEDE.
Right now, I am not trusting that router and it is temporally replaced with an old router I have. I hope someone could help me know if someone acessed the router, and if I should and how to reset LEDE .