Обнаружен новый вид вредоносного ПО для роутеров

    В Aralabs сообщили о новом виде вредоносного ПО для роутеров — ПО роутера встраивает в тег Google Analytics рекламу и порнографию от популярного сервиса.
    The following domains are identified as hosting the injected ad tags: zinzimo.info, ektezis.ru, and patifil.com. These are all shell domains that direct traffic to the PopUnder ad exchange. We can confirm this by examining the SSL certificates that have been issued to these domains.

    Сторонний контент загружается практических на всех сайтах с рекламой от Google, если не установлены расширения браузеров блокирующих рекламу. ПО меняет настройки DNS, заражение происходит через JavaScript, список уязвимых роутеров неуказан.
    image


    Сама идея подмены DNS не нова, но ранее это использовалось для перенаправления к фальшивым сайтам. В этом же случае впервые с помощью DNS сервера 91.194.254.105 перехватываются запросы к google-analytics.com, широко используемому практически на всех сайтах, и возвращается вредоносный JavaScript, показывающий рекламу.

    Более подробно о работе вредоносного ПО сообщено в Ad-Fraud Malware Hijacks Router DNS – Injects Ads Via Google Analytics
    Share post
    AdBlock has stolen the banner, but banners are not teeth — they will be back

    More
    Ads

    Comments 17

      0
      Так вот для чего пароли к веб-интерфесу моего роутера ежедневно, по несколько раз в день, перебираются. А я все думал, что они с доступом к вебке делать собираются, если получится.
        +6
        Кхм, неужели у вам админка на WAN порту тоже открыта? O_o
          0
          Вероятно, у автора расшарен WiFi и подключаются в начале к нему…
          Но да, я тоже не понимаю зачем так делать.
            0
            Почему вы считаете, что все такие глупые? :) У меня еще и белый статический IP адрес! Теперь мне боятся и к роутеру подходить?
            +1
            Мне так нужно, поэтому и открыта. Странный вопрос.

            Это как-то так происходит:
            тыц
            Mar 26 10:23:35 goahead[1292]: Access Denied — Requires User ID from 95.133.50.132:Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20100101 Firefox/17.0
            Mar 26 10:28:19 goahead[1292]: Access Denied — Requires User ID from 95.173.183.52:(null)
            Mar 26 10:28:25 goahead[1292]: Access Denied — Requires User ID from 95.173.183.52:(null)
            Mar 26 10:55:32 goahead[1292]: Access Denied — Requires User ID from 95.133.50.132:Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20100101 Firefox/17.0
            Mar 26 11:53:11 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:11 goahead[1292]: Access Denied — Requires Password from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:12 goahead[1292]: Access Denied — Wrong Password: admin-admin from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:12 goahead[1292]: Access Denied — Wrong Password: admin-1234 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:12 goahead[1292]: Access Denied — Wrong Password: admin-password from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:12 goahead[1292]: Access Denied — Unknown User: Admin-Admin from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:12 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:13 goahead[1292]: Access Denied — Unknown User: root- from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:13 goahead[1292]: Access Denied — Unknown User: root-admin from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:13 goahead[1292]: Access Denied — Unknown User: root-root from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:13 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:13 goahead[1292]: Access Denied — Unknown User: support- from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:13 goahead[1292]: Access Denied — Unknown User: support-support from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:14 goahead[1292]: Access Denied — Unknown User: super-super from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:14 goahead[1292]: Access Denied — Unknown User: super-APR@xuniL from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:44 goahead[1292]: Access Denied — Wrong Password: admin-onlime from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:44 goahead[1292]: Access Denied — Wrong Password: admin-mts from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:44 goahead[1292]: Access Denied — Unknown User: mts-mts from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:44 goahead[1292]: Access Denied — Unknown User: telecomadmin-admintelecom from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Unknown User: mgts-mtsoao from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Unknown User: kyivstar-kyivstar from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Unknown User: telekom-telekom from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Unknown User: superadmin-Is$uper@dmin from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Wrong Password: admin-1 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Wrong Password: admin-123 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:45 goahead[1292]: Access Denied — Wrong Password: admin-0000 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:46 goahead[1292]: Access Denied — Wrong Password: admin-00000000 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:46 goahead[1292]: Access Denied — Wrong Password: admin-12345 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:46 goahead[1292]: Access Denied — Wrong Password: admin-123456 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:46 goahead[1292]: Access Denied — Wrong Password: admin-1234567 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:53:46 goahead[1292]: Access Denied — Wrong Password: admin-12345678 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:16 goahead[1292]: Access Denied — Wrong Password: admin-123456789 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:16 goahead[1292]: Access Denied — Wrong Password: admin-1234567890 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-qwerty from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-beeline from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-beeline2013 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-iyeh from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-ghbdtn from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-admin225 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:17 goahead[1292]: Access Denied — Wrong Password: admin-juklop from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-free from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-inet from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-internet from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-asus from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-root from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-ADMIN from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:18 goahead[1292]: Access Denied — Wrong Password: admin-adsl from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-adslroot from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-adsladmin from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-Kendalf9 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-263297 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-590152 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-21232 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:49 goahead[1292]: Access Denied — Wrong Password: admin-adn8pzszk from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-amvqnekk from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-biyshs9eq from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-e2b81d_1 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-Dkdk8e89 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-flvbyctnb from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-qweasdOP from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:50 goahead[1292]: Access Denied — Wrong Password: admin-EbS2P8 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:51 goahead[1292]: Access Denied — Wrong Password: admin-FhF8WS from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:54:51 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfo from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:21 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfo1 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:21 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfo2 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:21 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfo3 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:21 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfo4 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:22 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfoVPN from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:22 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfoSIP from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:22 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfoN1 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:22 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfoN2 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:22 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfoN3 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:22 goahead[1292]: Access Denied — Wrong Password: admin-ZmqVfoN4 from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:23 goahead[1292]: Access Denied — Wrong Password: admin-9f4r5r79// from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:23 goahead[1292]: Access Denied — Wrong Password: admin-airocon from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:23 goahead[1292]: Access Denied — Wrong Password: admin-zyxel from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:23 goahead[1292]: Access Denied — Unknown User: adsl-realtek from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:23 goahead[1292]: Access Denied — Unknown User: osteam-5up from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:23 goahead[1292]: Access Denied — Unknown User: root-toor from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:54 goahead[1292]: Access Denied — Unknown User: ZXDSL-ZXDSL from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:54 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:54 goahead[1292]: Access Denied — Unknown User: Cisco-Cisco from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:54 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:55 goahead[1292]: Access Denied — Unknown User: cisco-cisco from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:55 goahead[1292]: Access Denied — Wrong Password: admin-default from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:55 goahead[1292]: Access Denied — Wrong Password: admin-cisco from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:55 goahead[1292]: Access Denied — Wrong Password: admin-changeme from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:55 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:56 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:56 goahead[1292]: Access Denied — Unknown User: enable-cisco from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:55:56 goahead[1292]: Access Denied — Unknown User: pnadmin-pnadmin from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:56:26 goahead[1292]: Access Denied — Unknown User: root-attack from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:56:27 goahead[1292]: Access Denied — Unknown User: root-Cisco from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:56:27 goahead[1292]: Access Denied — Unknown User: user- from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:56:27 goahead[1292]: Access Denied — Unknown User: user-user from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
            Mar 26 11:56:27 goahead[1292]: Access Denied — Requires User ID from 188.2.212.24:Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
              0
              Не пробовали залогировать какие варианты перебирают?
                +1
                А спойлер раскрыть в моем сообщении? Или вы его видите не так, как я :)?
                  0
                  А, извиняюсь, очень быстро взглянул, колонка из слов admin визуально сделала пароли частью повторяемого сообщения.
                0
                А почему не баните после десяти попыток?
                  0
                  Интересно ж все варианты посмотреть :) Ну и честно говоря я еще не полностью в архитектуре goahead разобрался, может и сделаю что-то такое…
            0
            У матери дома стоит dir-300 еще первой ревизии — там как прошивка 1.05 вышла лет пять назад так и забили на него
            тоже раз в месяца два приходят на WAN и через уязвимость меняют DNS
              0
              Если первой ревизии, то туда прекрасно встанет OpenWrt )
                0
                Kamikaze 8.09 аж 2009 года — проще собраться с жабой и купить новое что-то
                тем более он более 10мбит по pptp не тянет
                  0
                  Какбэ… Вот
                    0
                    Какбэ первая ревизия — A1
                    B1 и далее звались NRU
              0
              tjournal.ru/paper/antisanctions-safari-yandex-browser
              gist.github.com/ValdikSS/2706f643bbfa0bb5158f

              Взломали роутеры и прописали DNS 91.214.71.97 (jeludev5551.artplanet.su). Через него mc.yandex.ru и www.google-analytics.com резолвятся в 213.136.70.91 (m1733.contabo.host). На 213.136.70.91 стоит php и отдает такие вот непотребства

              Мы, кстати, нашли человека, которым этим занимался, и он пообещал так больше не делать :) Но, блин, IP довольно похож, надо бы поискать еще.
                0
                Вот только что 94.199.48.241 в очередной раз вычистил DNS.
                who.is/whois-ip/ip-address/94.199.48.241

                И где зараза сидит?

                Only users with full accounts can post comments. Log in, please.