cancel
Showing results for 
Search instead for 
Did you mean: 

Keep getting hacked

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Keep getting hacked


@Anonymous wrote:

@VileReynard wrote:

Why are these people able to break long WPA2 passwords so easily?

Perhaps the router's WiFi has WPS enabled, as that dramatically shortens the time needed to hack WPA2.

Would I be right in assuming that the email password being hacked is for Plusnet email ?

If so it would be worth using a different email provider that supports TLS encyrption, rather than the useless Plusnet plain text password that can be read by anyone with a WiFi adaptor that features monitor mode.


It's not an email problem - you could only see the plain text Plusnet password if you already knew the WPA2 password.

Maybe they have already placed a virus that periodically sends an email to them with the current wifi password in it?

Seems more likely than regularly cracking WPA2 passwords - especially if Windows is involved...

"In The Beginning Was The Word, And The Word Was Aardvark."

corringham
Seasoned Champion
Posts: 1,211
Thanks: 634
Fixes: 16
Registered: ‎25-09-2015

Re: Keep getting hacked

@wolfheart, I still don't see anything suspicious in your routing table - it looks perfectly reasonable to me, and there is no sign of anything untoward. Can you explain what you think is wrong with it?

You have to remember that the routing table does not show what devices are connected - it simply shows how traffic will be routed between the router's interfaces.

wolfheart
Grafter
Posts: 38
Registered: ‎19-01-2019

Re: Keep getting hacked

Hi,

 

Here you, this is our connections (that I can see on the router and this is correct). The Unknown one is a tv we have. The passwords are very strong, as for the email they cracked my hotmail account and I over heard them mention my password for my dropbox etc (not same passwords) I have checked for root kits but none found, I believe they are coming from the power line adaptors, but I can't remove them as we can't reach where the other phone socket is. I have been thinking though if it would work if i find the phone/dsl thing that comes with the router and plugging it into a socket extension I have that has phone line inputs. Also them device names do not seem to correspond with anything that belongs to me or my brother, that the router is given them. I have also tried moving the routers i.p and they still found it. Also not to long ago I found some Microsoft i.p.s from my microsoft on my internet too.

 

Like I said I have heard them talking about cracking my passwords etc, and I know there is 2 houses of uni students involved.

 

Screenshot from 2019-02-15 23-31-18.pngScreenshot from 2019-02-15 23-31-24.png

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Keep getting hacked

That shows 3 wifi - which are yours + one wired & you say they are all yours.

So nobody is hacking your router at the moment.

These Archers aren't good with names - for example if you want to reserve an IP address you have to enter the devices MAC address - and copy & paste isn't allowed. There is no facility for entering device names.

Also, if its an old DHCP reservation, it may show an entry for a device that is switched off.

Try running wireshark for any suspect devices - I'm betting you'll just see protocol chatter (or nothing), without any data transfers.

What do you mean by "Also not to long ago I found some Microsoft i.p.s from my microsoft on my internet too"?

Web sites and their adverts access all kinds of rubbish web servers.

Stealing a webmail or dropbox password would not expose your PC unless you are using the same user/password for everything.

Unless you have a band of master criminals camped on your doorstep I don't believe someone is stealing all your passwords unless you are an extremely high value target.

How do you know they had cracked your passwords - did they send you an email?

 

"In The Beginning Was The Word, And The Word Was Aardvark."

wolfheart
Grafter
Posts: 38
Registered: ‎19-01-2019

Re: Keep getting hacked

Hi,

Sorry in delay I been going through some personal stuff. Well it seems there is a back door for the TP-LINK Archer CS5400 i do not have the link right now, but while doing some re-search with google I came across it and it is for the latest firmware and Version 2 (my router). and currently there is no new firmware for it yet. I have tried finding custom firmware but to no avail

corringham
Seasoned Champion
Posts: 1,211
Thanks: 634
Fixes: 16
Registered: ‎25-09-2015

Re: Keep getting hacked

Is that vulnerability one with a bounds overrun when using the web admin interface over the WAN? If so, just ensure it is only enabled for the LAN (which is always good advice anyway).

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Keep getting hacked

Why would anyone allow the use of the web admin interface over an external connection?

"In The Beginning Was The Word, And The Word Was Aardvark."

wolfheart
Grafter
Posts: 38
Registered: ‎19-01-2019

Re: Keep getting hacked

Hi,

I don't as its only available via lan and locked to my mobile that is why I don't understand how they are finding it etc.

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Keep getting hacked

Remote management is usually available.

You could try https (if available) for your local connection.

My Tp-Link allows it, although I don't bother with it.

 

my-router-screenshot.png

"In The Beginning Was The Word, And The Word Was Aardvark."

wolfheart
Grafter
Posts: 38
Registered: ‎19-01-2019

Re: Keep getting hacked

Hi, Unusual activity is still going on, how do I contact plus net to see who is connecting to me and where from etc please as i am more than certain I am being hacked, considering i set up an ebay account and it was hacked within minutes of me setting it up and they used a rather nasty email address as in calling me a wimp but with the P word. So i know it must be someone who knows me etc.

Moderator's note by Mike (Mav): Post released from Spam Filter.