s reported in the International media recently, hackers are using malware to attack vulnerable devices. Many of these are used for the internet of things (IoT) which is the network of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. Hackers are taking advantage of weak passwords or network security.  Mirai is an example of malware causing problems with devices running Linux operating systems. This is illustrated in a news article where hundreds of webcams were hijacked by Mirai.

Click here to read the news article.

Check if your Vigor2960 or Vigor3900 is being Attacked

Log into the router and go to “System Maintenance>>Syslog/Mail alert>>Syslog File”. 

Check if you can see messages similar to that shown below:

If you see similar messages in the syslog, it means your Vigor Router is being attacked by malware such as Mirai!

How to Protect the Router from Security Attacks

You will need to review the management settings in the router. Check the following:

  1.        Ensure you have a secure admin password.
  2.        Change the default service port. For example, the default SSH port number is 22 and it should be changed to a different value, such as changing it to port number 51022 and so on.
  3.         Always use HTTPS and SSH instead of http and telnet.
  4.        Add IP Access List for the remote management.

If you notice that the Vigor3900 or Vigor2960 is running at high CPU load, check the syslog. After changing the default service port or disabling remote management, you should see CPU load return to normal.
DrayTek will be adding a note in Web UI from firmware version 1.3.0 of Vigor2960 and Vigor3900 to remind system administrators to ensure remote management access has been secured.