Your welcome…
I saw that but I didn’t find any explanation on how it works other than being a cookie that through some exploit gets admin privileges? How does the cookie get to the router in the first place is my question?
First, the default admin password should always be changed. Most people don’t do this.
Second, my router included an option to use a pictogram to ensure a bot wasn’t attempting access.
Third, stop broadcasting. Thieves won’t spend time breaking into a private wireless network if they don’t know it is there.
(only broadcast long enough to make the initial connection.)
I took the liberty of editing your split url and make it one that can be clicked on.
Slightly !ot! . I’m afraid I don’t understand what this has to do with splitting a url.
I up because I think this question is under treated (correct ?)
I get now my first real security problem 3 months after changing my USB ADSL Modem for an Ethernet DSL 320 B D-Link and before that, I had been totally safe for 8 years. I just forgot to harden the rules in the modem (disable Wan access from the outside as it is enabled by default)
I hope it will be enough because the DNS changing was recurrent even after changing my password account.
No malware was found according Malwarebytes, Adwcleaner, Gmer, Roguekiller
So for the moment I do not dare using even my E-Blue Card on it.
The symptome was spontaneus open porn webpages and fake adobeflashupdating webpages which failed to trap me.
So I think they did not install anything else.
I deal with, and am not asking for help here.
Did you flash your D-Link with a fresh firmware before disabling WAN access?
yes I shoud have been more precise
I suppose that WAN access was enabled by default but did not verify before the infection (if one can admit the malware capable to do that sort of change)
I had not change the default password neither
I had not adapted the rules of Comodo FW which is set on Custom Policy
After the infection
I set a real password on admin account of the modem
I restaure the DNS by typing it (both)
I made a backup of this configuration
I did some malware scans etc
When I want to open a Firefox session :
I start an Internet Explorer 8 Window under Sandboxie to load the Status of the Web Interface of the router, I log in and control the DNS
I start my Firefox Session
And despite this, one time in 3 days I saw my DSN changed one time
178.32.31.235 45.55.202.74 146.185.239.240 (2x) 37.48.127.131
Sorry, I did not flash firmware because for the moment I did not find any.
The D-Link page for that modem announce firmwares but is empty
So it is recent (1.05 Z1) known to include these new threast.
What is your provider and what are the DNS server addresses of your ISP?
The provider is Orange and the DNS 80.10.246.2 et 80.10.246.129
but it must be a range because on GRC DNS Nameserver Spoofability Test, they found 80.10.200.5 and 80.10.203.6
and Anti-Spoofing Safety: Excellent
edit , yes, excellent, but their DNS Benchmark test find them not responding :-\
I must say that this is thank to their online port test that I discovered that I was not stealth as before this modem, and then I could made the changes.
Those 4 four IP addresses you mentioned before were all on servers of various hosting companies in several countries. It looks like your modem/router is still vulnerable. I would suggest to also close down WAN access to the D-Link and contacting D-Link or Orange for a fresh firmware to flash.