[SOLVED] TP-Link AC1750 router has been hacked and my PC accessed ?

[reddirtdog]

My router has been hacked by a neighbor, I know for a fact because he admitted it taunting me. They are also able to access my desktop PC through the router and change programs on it.

So I've bought a new TP-Link AC1750 but I havent installed it so I'm currently using the same router and I want to disable remote access to the router but im not sure how, I changed the default password but that didn't help, they can still access it and also turn my internet off and on. heres a log
####################################################################
# Archer A7 System Log
# Time = 2021-12-04 05:51:18

# Clients connected: 3 ; WI-FI : 0
####################################################################
2021-12-04 05:41:30 access-control[16853]: <6> 239504 Service start
2021-12-04 05:41:30 access-control[16853]: <6> 239503 Function disabled
2021-12-04 05:41:30 access-control[16853]: <6> 239505 Service stop
2021-12-04 05:41:24 access-control[16478]: <6> 239504 Service start
2021-12-04 05:41:24 access-control[16478]: <5> 239606 Flush conntrack table succeeded
2021-12-04 05:41:24 access-control[16478]: <6> 239502 Function enabled
2021-12-04 05:41:24 access-control[16478]: <7> 239011 black list add mac: 98🇪🇪CB:5D:8D:E8
2021-12-04 05:41:23 access-control[16478]: <6> 239505 Service stop
2021-12-04 05:40:02 usbshare[14506]: <5> 291254 MiniDLNA start
2021-12-04 05:40:02 usbshare[14506]: <5> 291252 ProFTPd start
2021-12-04 05:40:02 usbshare[14506]: <5> 291250 Samba start
2021-12-04 05:40:02 usbshare[14506]: <5> 291255 MiniDLNA stop
2021-12-04 05:40:01 usbshare[14506]: <5> 291253 ProFTPd stop
2021-12-04 05:40:01 usbshare[14506]: <5> 291251 Samba stop
2021-12-04 05:39:25 usbshare[13818]: <5> 291254 MiniDLNA start
2021-12-04 05:39:25 usbshare[13818]: <5> 291252 ProFTPd start
2021-12-04 05:39:25 usbshare[13818]: <5> 291250 Samba start
2021-12-04 05:39:24 usbshare[13818]: <5> 291255 MiniDLNA stop
2021-12-04 05:39:24 usbshare[13818]: <5> 291253 ProFTPd stop
2021-12-04 05:39:24 usbshare[13818]: <5> 291251 Samba stop
2021-12-04 05:38:51 usbshare[13112]: <5> 291254 MiniDLNA start
2021-12-04 05:38:51 usbshare[13112]: <5> 291252 ProFTPd start
2021-12-04 05:38:51 usbshare[13112]: <5> 291250 Samba start
2021-12-04 05:38:51 usbshare[13112]: <5> 291255 MiniDLNA stop
2021-12-04 05:38:51 usbshare[13112]: <5> 291253 ProFTPd stop
2021-12-04 05:38:51 usbshare[13112]: <5> 291251 Samba stop
2021-12-04 05:37:07 nat[9614]: <6> 211501 Initialization succeeded
2021-12-04 05:37:05 nat[9614]: <6> 211501 Initialization succeeded
2021-12-04 05:37:03 network[9894]: <6> 290509 No config changed
2021-12-04 05:37:03 network[9894]: <4> 290702 Invalid arguments from webpages
2021-12-04 05:37:03 network[9894]: <6> 290150 Set mac clone
2021-12-04 05:37:03 network[9894]: <6> 290100 Set WAN protocol to dhcp, operation is write
2021-12-04 05:36:55 dhcpc[9215]: <6> 210054 receive ack from server with ip ,
2021-12-04 05:36:55 dhcpc[9215]: <6> 210053 send select request with options
2021-12-04 05:36:55 dhcpc[9215]: <6> 210052 receive offer from server with ip options(serverid=142.254.191.25;lease=63082;subnet=
2021-12-04 05:36:55 dhcpc[9215]: <6> 210051 send discover with ip 0.0.0.0 and flags 8000
2021-12-04 05:36:54 network[8924]: <6> 290003 Connect interface wan
2021-12-04 05:36:54 network[8924]: <6> 290005 Reload config
2021-12-04 05:36:53 network[8924]: <6> 290004 Disconnect interface wan
2021-12-04 05:36:52 nat[8594]: <6> 211501 Initialization succeeded
2021-12-04 05:36:50 network[8924]: <6> 290100 Set WAN protocol to dhcp, operation is renew
2021-12-04 05:36:50 nat[8594]: <6> 211501 Initialization succeeded
2021-12-04 05:36:47 network[8550]: <6> 290004 Disconnect interface wan
2021-12-04 05:36:47 network[8550]: <6> 290005 Reload config
2021-12-04 05:36:46 dhcpc[5111]: <4> 210153 send dhcp release ip
2021-12-04 05:36:46 dhcpc[5111]: <6> 210056 teardown and release
2021-12-04 05:36:46 network[8550]: <6> 290004 Disconnect interface wan
2021-12-04 05:36:44 network[8550]: <6> 290100 Set WAN protocol to dhcp, operation is release
2021-12-04 05:19:36 access-control[15555]: <6> 239504 Service start
2021-12-04 05:19:36 access-control[15555]: <6> 239503 Function disabled
2021-12-04 05:19:36 access-control[15555]: <6> 239505 Service stop
2021-12-04 05:18:04 access-control[14913]: <6> 239504 Service start
2021-12-04 05:18:04 access-control[14913]: <6> 239503 Function disabled
2021-12-04 05:18:03 access-control[14913]: <6> 239505 Service stop
2021-12-04 05:15:21 access-control[12829]: <6> 239504 Service start
2021-12-04 05:15:21 access-control[12829]: <6> 239503 Function disabled
2021-12-04 05:15:21 access-control[12829]: <6> 239505 Service stop
2021-12-04 05:15:15 access-control[12528]: <6> 239504 Service start
2021-12-04 05:15:15 access-control[12528]: <5> 239606 Flush conntrack table succeeded
2021-12-04 05:15:15 access-control[12528]: <6> 239502 Function enabled
2021-12-04 05:15:15 access-control[12528]: <7> 239011 black list add mac: 98🇪🇪CB:5D:8D:E8
2021-12-04 05:15:14 access-control[12528]: <6> 239505 Service stop
2021-12-04 05:14:39 access-control[12102]: <6> 239504 Service start
2021-12-04 05:14:39 access-control[12102]: <6> 239503 Function disabled
2021-12-04 05:14:39 access-control[12102]: <6> 239505 Service stop
2021-12-04 05:08:13 usbshare[7717]: <5> 291254 MiniDLNA start
2021-12-04 05:08:13 usbshare[7717]: <5> 291252 ProFTPd start
2021-12-04 05:08:13 usbshare[7717]: <5> 291250 Samba start
2021-12-04 05:08:13 usbshare[7717]: <5> 291255 MiniDLNA stop
2021-12-04 05:08:13 usbshare[7717]: <5> 291253 ProFTPd stop
2021-12-04 05:08:13 usbshare[7717]: <5> 291251 Samba stop
2021-12-04 05:08:11 account-management[7717]: <6> 280055 Restart USB share services.
2021-01-25 00:01:31 upnp[6571]: <6> 217504 Service start
2021-01-25 00:01:28 qos[6577]: <6> 259504 Service start
2021-01-25 00:01:27 qos[6577]: <6> 259503 Function disabled
2021-01-25 00:01:27 upnp[6571]: <6> 217505 Service stop
2021-01-25 00:01:26 nat[5139]: <6> 211021 IPSEC ALG enabled
2021-01-25 00:01:26 nat[5139]: <6> 211021 L2TP ALG enabled
2021-01-25 00:01:25 nat[5139]: <6> 211021 PPTP ALG enabled
2021-01-25 00:01:25 nat[5139]: <6> 211021 SIP ALG enabled
2021-01-25 00:01:25 nat[5139]: <6> 211021 RTSP ALG enabled
2021-01-25 00:01:25 nat[5139]: <6> 211021 H323 ALG enabled
2021-01-25 00:01:25 nat[5139]: <6> 211021 TFTP ALG enabled
2021-01-25 00:01:25 nat[5139]: <6> 211021 FTP ALG enabled
2021-01-25 00:01:19 nat[5139]: <6> 211501 Initialization succeeded
2021-01-25 00:01:14 nat[5139]: <6> 211501 Initialization succeeded
2021-01-25 00:01:13 dhcps[3770]: <6> 212054 send ack ip
2021-01-25 00:01:13 dhcps[3770]: <6> 212053 receive request ip 192.168.0. from 94:c6:91:98:50:b6
2021-01-25 00:01:10 factory-reset[5419]: <6> 284504 Service start
2021-01-25 00:01:09 dhcps[3770]: <6> 212054 send ack ip 192.168.0 and dns 192.168. to e6:e0:41:f3:2a:0e
2021-01-25 00:01:09 dhcps[3770]: <6> 212053 receive request ip 192.168 from e6:e0:41:f3:2a:0e
2021-01-25 00:01:04 dhcpc[5111]: <6> 210054 receive ack from server with ip 98.151. options(serverid=142.254.191.25;lease=64894;subnet=255.255.224.0;router=98.151.128.1;dns=209.18.47.61 209.18.47.63
2021-01-25 00:01:04 dhcpc[5111]: <6> 210053 send select request with options(cliid=01/cc:32:e5:4b:78:66:;reqip=98.151.135.198;serverid=142.254.191.25
2021-01-25 00:01:04 dhcpc[5111]: <6> 210052 receive offer from server with ip 98.151. options(serverid=142.254.191.25;lease=64894;subnet=255.255.224.0;router=98.151.128.1;dns=209.18.47.61 209.18.47.63
2021-01-25 00:01:04 dhcpc[5111]: <6> 210051 send discover with ip 0.0.0.0 and flags 8000
2021-01-25 00:00:54 dhcps[3770]: <6> 212054 send ack ip 192.168. and dns 192.168.0.1 to 24:4c:e3:3e:e3:2b
2021-01-25 00:00:54 dhcps[3770]: <6> 212053 receive request ip 192.168.0from 24:4c:e3:3e:e3:2b
2021-01-25 00:00:44 parental-control[4547]: <6> 229504 Service start
2021-01-25 00:00:44 parental-control[4547]: <6> 229502 Function enabled
2021-01-25 00:00:40 nat[3496]: <6> 211502 Function enabled
2021-01-25 00:00:39 nat[3496]: <5> 211051 Create NAT chain succeeded
2021-01-25 00:00:37 nat[3496]: <6> 211501 Initialization succeeded
2021-01-25 00:00:35 nat[3496]: <6> 211501 Initialization succeeded
2021-01-25 00:00:31 imb[3411]: <6> 218507 Daemon connection succeeded
2021-01-25 00:00:31 imb[3411]: <6> 218012 ARP Binding disabled
2021-01-25 00:00:31 imb[3411]: <6> 218506 Config interface initialization succeeded
2021-01-25 00:00:31 imb[3411]: <6> 218501 Initialization succeeded
2021-01-25 00:00:30 basic-security[2681]: <6> 219504 Service start
2021-01-25 00:00:30 basic-security[2681]: <5> 219606 Flush conntrack table succeeded
2021-01-25 00:00:29 upnp[2987]: <6> 217504 Service start
2021-01-25 00:00:27 upnp[2987]: <6> 217505 Service stop
2021-01-25 00:00:24 access-control[2663]: <6> 239504 Service start
2021-01-25 00:00:24 access-control[2663]: <6> 239503 Function disabled
2021-01-25 00:00:23 firewall[1289]: <6> 209504 Service start
2021-01-25 00:00:17 modem[2036]: <7> 292032 proto_init_config: proto=qmi
2021-01-25 00:00:12 modem[1591]: <7> 292032 proto_init_config: proto=ncm
2021-01-25 00:00:07 modem[1271]: <7> 292032 proto_init_config: proto=3g
2021-01-25 00:00:00 system[856]: <6> 293200 check num = 00110
2021-01-25 00:00:00 time-settings[823]: <6> 279504 Service start

 

[Deleted member 14196]

I would have the police over and report this to the authorities because that is a crime and it should be punished as such

 

[bill001g]

The log is a lot of nothing. They need to hide all the informational messages that are normal when you reboot a router and only show you ones that are some kind of error.

In this case it says wifi clients "0" so nobody outside your house is connected but you just rebooted it.

Many times you have idiot kids you just talk about hacking more than they actually can do hacking.

The only real security hole on modern routers is WPS. This is the function the refuse to remove even though it has been hacked for years. To many lazy people who just want to push a button rather than key in their SSID and password. Then again lots of stupid wifi devices like light bulbs that only work via the WPS push button method.

I doubt the current router has any kind of hack on it,but verify the level of the firmware and see if there is update. Tplink is pretty good about support and that is a very old router model so they have patched most issues.

So after you verify the firmware do a factory reset on the router connected only via ethernet with no internet connection. If you are really paranoid remove the antenna while you do this. Without antenna the wifi signal will not go more than a couple feet.

So change the admin password is the first and most important thing, that will prevent any ability to change the router config. Now go in and set the wifi SSID and passwords. Make sure you disable WPS.

It should now be secure. Make sure there is not remote access on the router but this is normally off by default.


.....................So this does nothing to fix access to your machine. Pretty much even if the router is completely compromised it does not allow remote access to your machine. Someone might be able to do denial of service attacks but they can not actually control your machine. I would run something like malwarebytes to see if there is any strange software running. Generally you would need some form of remote desktop software which should be obvious.

 

[gggplaya]

Do you live in an apartment complex or something like that? This is why I only use 2.4ghz on my guest network and only 5ghz on my main network. Range is much more limited and 5ghz wifi only works if you're on my porch or basically touching my house.