TP-Link routers vulnerable to online attack

[Xircal]

According to a security site called Krebs On Security, TP-Link routers which are available in Thailand are vulnerable to cross-site forgery attacks whereby the default settings can be altered to redirect users to malware sites.

Anti-virus or other security software running on the computer will be ineffective at preventing the attack since it takes place a router level.

More on the story here: http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/

[RichCor]

Old news.

And I doubt anyone will be motivated to change their router password given the poor introduction written above.

Using the terms "...vulnerable to cross-site forgery attacks" and you instantly confuse and lose most of the readers affected by the issue.

Better to mention that the damn ISP(s) uses the 'same' password on 'all' of their installed router models, allowing any "baddie" an opportunity to trick you just once into opening a special email or web link set to secretly use your own web browser to access your router setup page (with the known 'common' password) and easily reconfigure it to reroute all webpage requests directly through the 'baddies' own DNS Server where at any time they can redirect you to their 'fake' financial website to get your login credentials -- Then redirect the site back to the official site. You'd never know how it happened. Even this was too wordy for them. Oh, well.

[KhunBENQ]

Can only second that.

Change the router password!

They deliver the routers with default PWs ("admin, admin" and such). Unbelievable.

A practice that is long gone in Europe. Each router delivered with individual credentials.

[SoiBiker]

My ISP provided one of these routers. I think it's pretty safe though, as it's sitting unplugged in a drawer after I replaced it with something less crap.

[GinBoy2]

Maybe the thread should be re-titled; Thai modems Vulnerable to attack. I have both TOT & 3BB and both of the supplied modem/routers came with the default admin/admin. So I don't think it's limited to TP-Link, just that they seem to have a large part of the market here

[topt]

Can only second that.

Change the router password!

They deliver the routers with default PWs ("admin, admin" and such). Unbelievable.

A practice that is long gone in Europe. Each router delivered with individual credentials.

I take it you mean if the ISP delivers a router?

Most retail bought ones I believe still come with admin admin - the last one I bought a couple of years ago certainly did. Although it was a TP Link.........

[Xircal]

And I doubt anyone will be motivated to change their router password given the poor introduction written above.

That's why I include the link to the article the story originated from. Users can easily go there and read everything in plain English without the need for me to plagiarize.

[KhunBENQ]

Can only second that.

Change the router password!

They deliver the routers with default PWs ("admin, admin" and such). Unbelievable.

A practice that is long gone in Europe. Each router delivered with individual credentials.

I take it you mean if the ISP delivers a router?

Most retail bought ones I believe still come with admin admin - the last one I bought a couple of years ago certainly did. Although it was a TP Link.........

Yes I am talking about the biggest German ISP that delivered routers with individual credentials.

And this is about 6 years ago,

[RichCor]

And I doubt anyone will be motivated to change their router password given the poor introduction written above.

That's why I include the link to the article the story originated from. Users can easily go there and read everything in plain English without the need for me to plagiarize.

There were two issues that I know of with the South African modems - a bug in the firmware that allowed it to be openly downloaded and settings examined - and common password used across all installations.

But no-one seems to care here.

[SantiSuk]

Thanks Xircal. I had no problem with your post and immediately opened up the link to find out more.

Ignore the snipers - so typical of Thai Visa in their impolite attitude, so keen are they to demonstrate their own superiority.

[Keesters]

Can only second that.

Change the router password!

They deliver the routers with default PWs ("admin, admin" and such). Unbelievable.

A practice that is long gone in Europe. Each router delivered with individual credentials.

Security of your computer is your responsibility not that of the equipment vendor. Even if it comes with individual user/pw change it. What I would like to see is a label saying that with space on the label to write the new settings down if the owner so wishes.

[SantiSuk]

I wanted to check out my router. I recorded a password for a router in my list of passwords (secured). I also recorded half a router address, but appended a note that I didn't catch it all in the translation via my wife! I am 95% confident the password applies to my current TP-Link router; the TOT guy came out to fix the router 9 months ago and I am sure the password stems from that visit. Nonetheless I wanted to check just to make sure that I do not have a default password.

Via the Krebs On Security web blog, linked in the OP's posting (and links thereon) I established from DOS command "ipconfig" that my default router address is 192.***.*.* (actual numbers supressed in my posting here). When I put that in my browser address bar and press enter I get nothing - just an interminable connecting icon or a "this page was reset.." message, or a Google search page. My connection to other web sites is working fine. Have used the plain address and http//:192.***.*.* (using the appropriate numbers not stars!).

I could call up the local TOT guy but that will result in a visit plus free beers plus 100 baht tip. Have no problem with that - indeed he is quite jolly - but the pigeon Thai/English conversations or fractious translation job via my wife to get what I want tend to be frustrating and sometimes fruitless.

Any further advice? (presumably not from the guys that I have just been rude to!)

Edited March 9, 2015 by SantiSuk

[Keesters]

I wanted to check out my router. I recorded a password for a router in my list of passwords (secured). I also recorded half a router address, but appended a note that I didn't catch it all in the translation via my wife! I am 95% confident the password applies to my current TP-Link router; the TOT guy came out to fix the router 9 months ago and I am sure the password stems from that visit. Nonetheless I wanted to check just to make sure that I do not have a default password.

Via the Krebs On Security web blog, linked in the OP's posting (and links thereon) I established from DOS command "ipconfig" that my default router address is 192.***.*.* (actual numbers supressed in my posting here). When I put that in my browser address bar and press enter I get nothing - just an interminable connecting icon or a "this page was reset.." message, or a Google search page. My connection to other web sites is working fine. Have used the plain address and http//:192.***.*.* (using the appropriate numbers not stars!).

I could call up the local TOT guy but that will result in a visit plus free beers plus 100 baht tip. Have no problem with that - indeed he is quite jolly - but the pigeon Thai/English conversations or fractious translation job via my wife to get what I want tend to be frustrating and sometimes fruitless.

Any further advice? (presumably not from the guys that I have just been rude to!)

The IP numbers are not secret mate most routers use 192.168.1.1.

You can change it of course and that is maybe what's happened. That number cannot be accessed via the internet. You have a different IP number for internet issued to you by your ISP. You don't need that number to access the router. Think of it as internet communicates with router on ISP issued number. Router then communicates that info to computer using router's IP 192.168.1.1 and devices (PC, tablet, phone, whatever on IP of 192.168.1.2 thru 255. One number per device.

You should find a reset button on the router. Push that and it will return router to default config. Have you got the book? Mine have always come with a Thai/English manual that explains installation & configuration.

You're trying to reach the router from your device lets say a pc. In a browser Firefox works well type 192.168.1.1 in the address bar an hit enter. You should then be asked for your user name and password. If the browser has been to the router before you may be lucky to have it auto complete for you. Once in the router you can change the password. If you used firefox and the user & password details were saved then options in Firefox will be able to show the user name and password.

Edited March 9, 2015 by Keesters

[Keesters]

Now that you've read my post @SantiSuk don't forget to let me know how you get on.

[RichCor]

Do No Press The Reset Button. That will wipe your router! It's not necessary to press RESET to get access to it again from a browser.

Just unplug it, plug it back in and try again.

Putting the IP address should work, but sometimes the Web-based config service on the router locks up. A power cycle gets it to start anew.

The Reset is really only necessary if the router isn't working at all ... and then you'll need to re-enter all the ISP and local configuration info. Not a fun task if you've never done it before.

Edited March 9, 2015 by RichCor

[Chicog]

I wanted to check out my router. I recorded a password for a router in my list of passwords (secured). I also recorded half a router address, but appended a note that I didn't catch it all in the translation via my wife! I am 95% confident the password applies to my current TP-Link router; the TOT guy came out to fix the router 9 months ago and I am sure the password stems from that visit. Nonetheless I wanted to check just to make sure that I do not have a default password.

Via the Krebs On Security web blog, linked in the OP's posting (and links thereon) I established from DOS command "ipconfig" that my default router address is 192.***.*.* (actual numbers supressed in my posting here). When I put that in my browser address bar and press enter I get nothing - just an interminable connecting icon or a "this page was reset.." message, or a Google search page. My connection to other web sites is working fine. Have used the plain address and http//:192.***.*.* (using the appropriate numbers not stars!).

I could call up the local TOT guy but that will result in a visit plus free beers plus 100 baht tip. Have no problem with that - indeed he is quite jolly - but the pigeon Thai/English conversations or fractious translation job via my wife to get what I want tend to be frustrating and sometimes fruitless.

Any further advice? (presumably not from the guys that I have just been rude to!)

Firstly, you don't need to mask the 192 IP address. It's internal and most home users are using that or 10.*.*.*

Secondly, most routers are configured to disallow remote access, so if you are doing this over Wifi it won't work. (This is good practice by the way!).

You probably need to plug your laptop into the router with an ethernet cable to be able to get to the administration page.

Do an IPCONFIG /ALL and use the Default Gateway as the URL (Usually http://192.168.1.1 but not always!).

Edited March 9, 2015 by Chicog

[Chicog]

You should find a reset button on the router. Push that and it will return router to default config.

Which will wipe the Internet settings which I suspect Santi has not got written down.

NOT a good idea.

Edited March 9, 2015 by Chicog

[Keesters]

You should find a reset button on the router. Push that and it will return router to default config.

Which will wipe the Internet settings which I suspect Santi has not got written down.

NOT a good idea.

It's a good idea if all else fails. What other alternative is there. Go and buy a new router with default configuration when he's already got one that he can return to default configuration by pushing the button. Duh. I clearly stated what pushing the button does. Give the guy a little credit. He's obviously not completely clueless as he has shown initiative in coming here for advice.

[Keesters]

I wanted to check out my router. I recorded a password for a router in my list of passwords (secured). I also recorded half a router address, but appended a note that I didn't catch it all in the translation via my wife! I am 95% confident the password applies to my current TP-Link router; the TOT guy came out to fix the router 9 months ago and I am sure the password stems from that visit. Nonetheless I wanted to check just to make sure that I do not have a default password.

Via the Krebs On Security web blog, linked in the OP's posting (and links thereon) I established from DOS command "ipconfig" that my default router address is 192.***.*.* (actual numbers supressed in my posting here). When I put that in my browser address bar and press enter I get nothing - just an interminable connecting icon or a "this page was reset.." message, or a Google search page. My connection to other web sites is working fine. Have used the plain address and http//:192.***.*.* (using the appropriate numbers not stars!).

I could call up the local TOT guy but that will result in a visit plus free beers plus 100 baht tip. Have no problem with that - indeed he is quite jolly - but the pigeon Thai/English conversations or fractious translation job via my wife to get what I want tend to be frustrating and sometimes fruitless.

Any further advice? (presumably not from the guys that I have just been rude to!)

Secondly, most routers are configured to disallow remote access, so if you are doing this over Wifi it won't work. (This is good practice by the way!).

Just tried to access my True internet billion router on my tablet using WiFi. Worked. Hard for anybody nearby to get in as both user name and password are far removed from the default. Will look into seeing if remote access is disallowable when I get time.

Thanks for the tip off. Never really thought about WiFi access before.

[Chicog]

You should find a reset button on the router. Push that and it will return router to default config.

Which will wipe the Internet settings which I suspect Santi has not got written down.

NOT a good idea.

It's a good idea if all else fails. What other alternative is there. Go and buy a new router with default configuration when he's already got one that he can return to default configuration by pushing the button. Duh. I clearly stated what pushing the button does. Give the guy a little credit. He's obviously not completely clueless as he has shown initiative in coming here for advice.

All else hasn't failed, and it's Santi you're talking about.

[Keesters]

You should find a reset button on the router. Push that and it will return router to default config.

Which will wipe the Internet settings which I suspect Santi has not got written down.

NOT a good idea.

It's a good idea if all else fails. What other alternative is there. Go and buy a new router with default configuration when he's already got one that he can return to default configuration by pushing the button. Duh. I clearly stated what pushing the button does. Give the guy a little credit. He's obviously not completely clueless as he has shown initiative in coming here for advice.

All else hasn't failed, and it's Santi you're talking about.

I know it hasn't. Where did i say it had. I wrote a very detailed reply to his problem telling him lots he needs to know. Which he thanked me for. You have just concentrated on one small part and tried to make a big deal of it. Just what's your problem? Annoyed you didn't beat me to it. And who is Santi just another user here in need of assistance as far as I know. I'm happy to help him.

[Chicog]

I know it hasn't. Where did i say it had. I wrote a very detailed reply to his problem telling him lots he needs to know. Which he thanked me for. You have just concentrated on one small part and tried to make a big deal of it. Just what's your problem? Annoyed you didn't beat me to it. And who is Santi just another user here in need of assistance as far as I know. I'm happy to help him.

I'll refer you to your own post. Your FIRST advice was to reset the router.

This is not the first advice to give to someone who probably doesn't have their login credentials and connection settings written down, because it wipes them.

The IP numbers are not secret mate most routers use 192.168.1.1.

You can change it of course and that is maybe what's happened. That number cannot be accessed via the internet. You have a different IP number for internet issued to you by your ISP. You don't need that number to access the router. Think of it as internet communicates with router on ISP issued number. Router then communicates that info to computer using router's IP 192.168.1.1 and devices (PC, tablet, phone, whatever on IP of 192.168.1.2 thru 255. One number per device.

You should find a reset button on the router. Push that and it will return router to default config.

All he's trying to do is get access to the router's web page. The most obvious solution if he can't get on via wifi is to try it via ethernet first, since Remote Management is usually disabled by default on TP-Link Routers.

IF that doesn't work, THEN the next step is to reset the router.

Hopefully that will help him, and hopefully you'll remember this facet of routers before you blindly go telling people to reset them.

As someone else noted, it's Thailand and recovering your login credentials and ISP connections setting can be a right pain if you don't know them.

Oh, and Santi, if you do get into it via Wifi, have a look and see if it has the option to backup Router settings to your desktop: This is great labour saver if you do ever have to reset it.

You simply have to reconnect to it and restore them from your PC.

[SoiBiker]

On TOT its pretty easy to recover your adsl login - its just your phone number followed by @tothome, with the password being just your number.

Logging in to your router isn't 'remote management' - you're still on your own LAN.

[Keesters]

I know it hasn't. Where did i say it had. I wrote a very detailed reply to his problem telling him lots he needs to know. Which he thanked me for. You have just concentrated on one small part and tried to make a big deal of it. Just what's your problem? Annoyed you didn't beat me to it. And who is Santi just another user here in need of assistance as far as I know. I'm happy to help him.

I'll refer you to your own post. Your FIRST advice was to reset the router.

This is not the first advice to give to someone who probably doesn't have their login credentials and connection settings written down, because it wipes them.

The IP numbers are not secret mate most routers use 192.168.1.1.

You can change it of course and that is maybe what's happened. That number cannot be accessed via the internet. You have a different IP number for internet issued to you by your ISP. You don't need that number to access the router. Think of it as internet communicates with router on ISP issued number. Router then communicates that info to computer using router's IP 192.168.1.1 and devices (PC, tablet, phone, whatever on IP of 192.168.1.2 thru 255. One number per device.

You should find a reset button on the router. Push that and it will return router to default config.

All he's trying to do is get access to the router's web page. The most obvious solution if he can't get on via wifi is to try it via ethernet first, since Remote Management is usually disabled by default on TP-Link Routers.

IF that doesn't work, THEN the next step is to reset the router.

Hopefully that will help him, and hopefully you'll remember this facet of routers before you blindly go telling people to reset them.

As someone else noted, it's Thailand and recovering your login credentials and ISP connections setting can be a right pain if you don't know them.

Oh, and Santi, if you do get into it via Wifi, have a look and see if it has the option to backup Router settings to your desktop: This is great labour saver if you do ever have to reset it.

You simply have to reconnect to it and restore them from your PC.

It was not an instruction it as was the whole of my first paragraph a general explanation about how it works.

The second paragraph gave more detailed instructions about what to do. Still don't see what you're harping on about here. Shit its a forum for f sake. He wants free advice he takes what he gets. If he pays that's a different matter. Relax, go have a beer. It's not that important.

[Keesters]

I think possibly I should add one thing. People who don't write down their internet connection settings and router user names and password should not have computers. If they cannot be bothered to do that how on earth do they expect to handle all the passwords for websites, forums, Facebook, email etc.

I had a customer (Thai) who bought some hosting from me. 3 times he lost his login details. On the third I changed his password to:

This-is-my-password-I-must-write-it-down-so-I-dont-forget-it-again

I emailed it to him. Never heard from him again.

Edited March 9, 2015 by Keesters

[Chicog]

I bet most people don't write down their settings for Encapsulation, VPI, VCI and multiplexing either.

[Keesters]

I bet most people don't write down their settings for Encapsulation, VPI, VCI and multiplexing either.

That's all part of your internet connection settings that I mentioned above so I do. Edited March 10, 2015 by Keesters

[Chicog]

But for people that don't understand all that, there is Backup and Restore.

[Keesters]

But for people that don't understand all that, there is Backup and Restore.

But if your router goes caput the backup made on the old one does not always work as restore on the new one. That happened to me. I was forced to change brands of router. Write I down. Even if you have it saved on your PC that can fail at any time. Write it down. Edited March 10, 2015 by Keesters

[SoiBiker]

Write it down? On paper?

It's 2015, and you're using a computer. Take a screenshot of the config page. Save it somewhere. Job done.