Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hacker leaks passwords for 500,000+ servers, routers, and IoT devices

22 Jan 2020   #1
Brink

64-bit Windows 10 Pro
 
 
Hacker leaks passwords for 500,000+ servers, routers, and IoT devices

Quote:
A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

These types of lists -- called "bot lists" -- are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware.

These lists are usually kept private, although some have leaked online in the past, such as a list of 33,000 home router Telnet credentials that leaked in August 2017. To our knowledge, this marks the biggest leak of Telnet passwords known to date...


Read more: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices | ZDNet


My System SpecsSystem Spec
.
22 Jan 2020   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

Yep, I've seen my fair share of hacked routers try to connect to my website. Reason I know is that Shodan shows the port that is vulnerable for that IP address, plus the IP is a residential IP. Spammers and hackers don't use a legit residential IP address to do their work.

To make sure you don't fall victim to a router attack that turns your router into a botnet zombie, follow these steps:

A) Stay abreast of any and all firmware for your router. If you have a compatible router, check out ASUS Merlin or DD-WRT third party firmware.

B) Change the default username and password for the router. This should be done for your IoT devices as well. Like WiFi cameras, etc.

C) In the router turn off UPnP. This is something you more than likely don't need. UPnP stands for Universal Plug and Play. But in the cyber security realm it stands for Universal Plug and Prey.

D) Don't use port forwarding unless you need to for a specific reason. And if you can use a port beyond 30,000 then do so.

E) Check your IP at Shodan often and make sure your IP address has no leaks. You can find your IP address here.
My System SpecsSystem Spec
23 Jan 2020   #3
townsbg

Windows 7 pro 64-bit sp 1
 
 

How do you check our ip? I tried the website but I couldn't figure out where to search for it.
My System SpecsSystem Spec
.

23 Jan 2020   #4
F22 Simpilot

Windows 7 Ultimate x64
 
 

This website?

The owner here is using the reverse proxy called CloudFlare so you can't see it. You will do a WHOIS lookup and only see the CloudFlare IP, not the real origin IP. I know how to find the origin IP from here and told the Admin about it, but apparently he told me they just use CloudFlare for the edge server caching rather than taking advantage of the security afforded by CloudFlare.


Edit-

Just checked this site's origin IP. Nothing bad at Shodan.
My System SpecsSystem Spec
23 Jan 2020   #5
RoWin7

Win 7 Ult 64-bit
 
 

I'm unclear about what Telnet is. Would it include my wired Verizon router? I don't use wireless or IoT at all. I looked up my IP, but I don't understand which entries would indicate leaks.

IP X - IP info and leak test suite
My System SpecsSystem Spec
23 Jan 2020   #6
F22 Simpilot

Windows 7 Ultimate x64
 
 

I said take you IP address found at that website and go to Shodan with it. I just checked your IP at Shodan and Censys and nothing shows up. So I think you're good to go, but do heed what I wrote.

As far as what telnet is, it's like the old TCP communications protocol from back in the day to issue terminal commands to servers as far as I know. This has now been superseded by the TCP protocol SSH (Secure Sockets Host).

So say you want to update the PHP version in your web server. You fire up a telnet or SSH client, log into the server using the server's IP address and enter your username and password. Once in you can then pass terminal commands to your web server to update PHP and do other things at the terminal command line.

So in a nutshell, an IoT (Internet of Things) device may use a telnet port to update its firmware or issue commands, etc. The defult port for telnet is port 23 and the default port for SSH is 22. Though, a very wise server Admin. would change that to port 43980 or something up there but no more than 65535 and use port knocking on another port to open the SSH port. So you'd have to port knock on say port 35601 which in turn would allow port 43980 to be open for SSH communications.

If you're board already I can't help it. I'm white & nerdy. LOL
My System SpecsSystem Spec
24 Jan 2020   #7
townsbg

Windows 7 pro 64-bit sp 1
 
 

Did you check my ip?
My System SpecsSystem Spec
.
24 Jan 2020   #8
RoWin7

Win 7 Ult 64-bit
 
 

Quote   Quote: Originally Posted by F22 Simpilot View Post
I said take you IP address found at that website and go to Shodan with it. I just checked your IP at Shodan and Censys and nothing shows up. So I think you're good to go, but do heed what I wrote.

As far as what telnet is, it's like the old TCP communications protocol from back in the day to issue terminal commands to servers as far as I know. This has now been superseded by the TCP protocol SSH (Secure Sockets Host).

So say you want to update the PHP version in your web server. You fire up a telnet or SSH client, log into the server using the server's IP address and enter your username and password. Once in you can then pass terminal commands to your web server to update PHP and do other things at the terminal command line.

So in a nutshell, an IoT (Internet of Things) device may use a telnet port to update its firmware or issue commands, etc. The defult port for telnet is port 23 and the default port for SSH is 22. Though, a very wise server Admin. would change that to port 43980 or something up there but no more than 65535 and use port knocking on another port to open the SSH port. So you'd have to port knock on say port 35601 which in turn would allow port 43980 to be open for SSH communications.

If you're board already I can't help it. I'm white & nerdy. LOL

No, I'm not bored, and I'm white and geeky. And I wouldn't use an IoT device if they gave them away free.

You like to show off, don't you?
My System SpecsSystem Spec
4 Weeks Ago   #9
F22 Simpilot

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by townsbg View Post
Did you check my ip?

I don't know your IP address. Read exactly what I said again so you can get your IP address and check it at Shodan.
My System SpecsSystem Spec
4 Weeks Ago   #10
F22 Simpilot

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by RoWin7 View Post
You like to show off, don't you?

I'm not "showing off." I'm trying to post information here for users who may see this to know what to do to secure their routers/modems.

And I'd go back and remove that link to your IP address.
My System SpecsSystem Spec
Reply

 Hacker leaks passwords for 500,000+ servers, routers, and IoT devices




Thread Tools




Similar help and support threads
Thread Forum
Hacker group been hijacking DNS traffic on D-Link routers for 3 months
Read more: Hacker group has been hijacking DNS traffic on D-Link routers for three months | ZDNet Ongoing DNS hijacking campaign targeting consumer routers Bad Packets Report
News
what does the b/g/n in wireless devices and routers do
firstly what is their acronyms and meaning of b/g/n then what does each letter do, in compatibility, differences, speed
Hardware & Devices
OK RC is here -- what do we do next ? (RTM leaks)
Hi guys RC is here -- after it's been on your system for a week what WILL you do "for an encore" -- look for RTM build leaks. :D The computers will be getting withdrawl symptoms if they don't continue to get their regular dose of "New Builds". Just curious cheers jimbo
General Discussion
no more leaks ?
hello all, anyone no, have thay stoped the windows 7 build leaks altogether or has there not been any big updates to leak another build or whats going on?thanks scrooge...
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:21.
Twitter Facebook