NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Home network security issues
Need help with a lot of issues on my home network. Using the Orbi RBR50 with one satellite and the Orbi outdoor extender. I have contacted Gearhead support numerous times without resolution (do not be...
What Firmware is currently loaded?
What is the Mfr and model# of the ISP modem the NG router is connected too?
What browser are you using? Does this happen with other browsers like IE11, Firefox or Opera?
Is Remote Management enabled on the RBR? I would disable this if it's enabled and you don't need any remote access.
Be sure you have setup a new PW for the RBRs log in page. Don't give it out to anyone.
Besure you have setup a custom SSID name and PW for the wifi.
Ggogo2368 wrote:
Need help with a lot of issues on my home network. Using the Orbi RBR50 with one satellite and the Orbi outdoor extender. I have contacted Gearhead support numerous times without resolution (do not believe they understand what it is I’m trying to explain is happening - I’m not a techie person); however, I believe my home network is comprised or being controlled by someone inside my network through a computer on the network. Not sure of the correct terms so I apologize if this is worded incorrectly, but 4 other computers are unable to connect to any websites without getting certificate errors, unable to do any updates saying we do not permission or authorization, and based on the router logs, when any of these devices connect to the Wi-Fi; it immediately shows site allowed status.rapidssl.com followed by a bunch of ocsp.xxxx.com websites. I realize these are for certificates, but I have not purchased or authorized any wildcard subscription services. I was able to briefly access the suspected controller computer and run a shell command of Get-NetIPAddress and several ipv6 addresses appeared (which I have ipv6 off at the router) and a ::1 address showed, which I assume is a localhost. I did some digging and found that my iPhone is the ::1 localhost. How can this be shut down so I can reclaim control of my router, network, and the devices connected to it? Lastly, this address showed up today in the log as being accessed from that device. Does anyone know what it means? [site allowed: netgear-07a2d5b3-0d1e-49d4-9038-f3e9ce19f9ce.2d7d] from source 192.168.1.16,
Sorry for the lengthy message but this is very frustrating and I’m at my wits end here!
Once a computer is compromised and payload delivered, there is no sure way to remove all traces of the infection other than a total reformat and re-install. You can try downloading and installing anti-malware programs like Malwarebytes, but there is no sure way to know if everything was removed.
This would be a last resort kind of thing. Even if the PCs are infected. Need to scan for infections first. Most of the time, malwarebytes can remove fully most infections. It works pretty good.
He has already sought the services of a professional service and yes Malwarebytes is pretty good but doesn't guarantee all malware is removed. Like I said the only sure way is a reformat and re-install. Yes, anti-malware programs may get him going again but was that key logger released yesterday removed or is it just waiting for him to log into his bank and steal his credentials? Yes you can take shortcuts, but at your own risk.
Lets see if he's got a problem first. I presume this maybe a browser or cookie issue. Lets see what they return with before taking drastic measures. Will be up to them as well.
- Malwarebytes is installed but certainly isn’t doing its job. I have BitDefender installed as well but the exceptions keep getting changed, namely regarding certain certificates.
