Reply

Hacked router

Greggie1985
Follower

Hacked router

I’m not too technical even though I work for an IT company, but I believe my router has been hacked. I have access control on, and my ex and I split, so I blocked all of his electronics to be petty. However, upon looking at his phone, he still is gaining access to it somehow. Is it possible to detect if a VPN has been installed on it?
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 4
schumaku
Guru

Re: Hacked router

Hi,
Assume you have already changed the (one and only) admin password on the router already - if not, go to [Advanced] -> Administration -> Set Password. While there, also disable the password recovery method in case it's enabled.

 

Next, check if the router is still registered to ReadyCloud. To start with, unregister it. If the ReadyCloud account (email address) is under your control, also change the password there.

 

R9000 ReadyCloud registration.jpg

 

Double check if the OpenVPN service is still active - and disable for the moment:


R9000 OpenVPN.PNG

 

Not perfect - but certainly a starting point.

Message 2 of 4
nandostyle
Aspirant

Re: Hacked router

Hard reset your router (Very important) and make sure you have the latest firmware version (Get this firmware from Netgear official site!)

Even if you have the latest version re-download it tot he router. I believe the latest version now has auto-update which you want.

 

Disable UPNP.

Disable WPS.

Disable Ping replies.

Make sure anything that communicates to the outside as VPN, Ready F... Share and all those stuff are disabled.

Put all IOTs in a separate WiFi than your Main Computer and phones.

 

Even so, If the router has security holes which I feel it does, even with the latest firmware then you are screw! 

For some reason, I feel Netgear is not doing enough. If the problem continues after securing your router consider using DD-WRT or similar firmware (Do not try this if you are not comfortable doing it, you may end with a brick) or buy a more robust router.

 

 

Message 3 of 4
IrvSp
Master

Re: Hacked router

You said "looking at his phone, he still is gaining access to it "? So you are physically holding the phone and it IS accessing your router? Or does it show it is a possible network to connect to?

 

This should be quite easy to fix.

 

I'd first verify it can connect. With the phone when you think it is connected find the IP Address it has somewhere in the settings... then LOOK on the router's access list if it is there. At that point go to ACCESS CONTROL, block it and TURN ON ACCESS CONTROL and also NO NEW DEVICES CAN CONNECT.

 

2nd change the PASSWORD on the router.

 

Then verify that the phone can't connect even if it sees the SSID from your router. I'd make sure DMZ isn't turned on to a specific device either.

 

 

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 8930 views
  • 1 kudo
  • 4 in conversation
Announcements