Solved! HELP! email account was hacked last night. I get this error message

Status
Not open for further replies.

nbabe1

Estimable
Dec 11, 2014
24
0
4,560
This morning I came and logged in. I saw that some emails werent sent. Problems is I never sent theM! I checked my sent box and yeah I sent it. but it wasnt me.

I have avast antivirus always on. 1 a week I do a malwarebites and a ccleaner run too.

First thing first I changed my password but hotmail(which is my account) says to do a number of other things. Including checking my updates. BUT I GET an error pages when I try: your connection is not private NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

I also tried antivirus, only 1 thing came up that my wifi https is vulnerable and that supposedly my administrator info are visible?

OK so first my father died...I dont know the administrator info so... we used dlinkrouter but I know the password for allowing access. I just dont know the admin password for getting access to dlink router as avast asked me to change it?

Anyone can help? my mom is panicking, I am panicking....
 
Solution


Here is the user's manual -- http://ftp.dlink.ru/pub/Router/DIR-816L/Description/DIR-816L_B1_User%20Manual_v.2.5.3_31.03.16_EN.pdf PDF page 148 shows how to ensure AES encryption is used. PDF page 145 shows how to ensure only WPA2 is selected.

If your firmware is up-to-date on the DLink, then that would be all you can do according to AVAST...

kanewolf

Judicious
Moderator
Was this the sent folder in hotmail web or the sent folder on your local computer? It sounds like the DLink may not have WIFI encryption enabled correctly. To get access to the router, you would perform a factory reset which would set the router back the default admin password. You would then configure everything again. If nobody knows the admin password, you should do this anyway to regain control of your hardware.
 

nbabe1

Estimable
Dec 11, 2014
24
0
4,560


Ok how to I do that?
 

punkncat

Proper
Apr 3, 2018
114
1
160
So, first thing would be to use a different device, like your phone on mobile data to check the model number of your router for deets on what the default settings will be when you reset it. This is generally done with a small button on the router somewhere that will default it back to it's stock settings. One you have it reset you have to go through a process to connect to it and get it set back up. Read up on that as well. Make sure once you do get in to reset the password OFF the stock one.

Most likely that you opened a spoof or phishing email or site somewhere along the line. It could have fooled you into adding information that a "hacker" used to gain access to your email, or possibly installed a keylogger, which is a bit less likely but not unheard of. From there these folks will use your email to send out the kind of junk that either will install virus', spam, etc. Even with an AV solution if you "asked" the program to install, such as by being spoofed or not unchecking a box, clicking somewhere you weren't supposed to, etc. it would not necessarily taken action on it as it thought you 'wanted to'.
From there, one could assume that you may have had the router or other passwords either the same, or auto remembered within your browser.

It probably wouldn't be a bad idea to consider a reset of the affected machine as well. Change all your passwords to something different, particularly the ones you shared with this email account. If your bank info is tied to that account I would place a call to the bank to be on the lookout for fraudulent activities.
 

punkncat

Proper
Apr 3, 2018
114
1
160
when you press the button it's going to default it back to it's stock out of box settings for user name, password, and IP address. You could possibly lose internet for a moment. In some cases the router will come with an install program that runs through a wizard to help you set back up. In some instances you have to do it all yourself.

 

nbabe1

Estimable
Dec 11, 2014
24
0
4,560
I pushed the button and maintained it for 2 0second (it says on internet it should reset). on the internet it says my default login for dlink is admin admin.or admin and password or admin and blank but not working....
underneath there is also a password. it didnt work also. so what next I cant get in
 

nbabe1

Estimable
Dec 11, 2014
24
0
4,560
ok so it finally worked.
Ichanged the admin password (will taht be enough?)
I also changed the wifi password

What else needs tobe done so i am relatively safe?
 

kanewolf

Judicious
Moderator


Your WIFI should be using WPA2 encryption with AES.
Your passwords should be Upper case, lower case, number and special character.
Your admin password should be different than the WIFI password.
You should disable WPS if enabled.
You should disable remote admin (using the admin account via the WAN interface).
You should check for updated firmware for the router.
 

nbabe1

Estimable
Dec 11, 2014
24
0
4,560


 

nbabe1

Estimable
Dec 11, 2014
24
0
4,560
Ok by checking on internet I maanged to disable remote access. you also want me to unckeck enable wifi protection? isnt that more dangerous?

Finally I dont see in my security mode this I selected WPA2 and automatically it selected AES? correct?

anytihng else?
BTW Iran another avast check. it still says despite all I did that my router is still vulnerable to attacks....what now???
 

kanewolf

Judicious
Moderator


Here is the user's manual -- http://ftp.dlink.ru/pub/Router/DIR-816L/Description/DIR-816L_B1_User%20Manual_v.2.5.3_31.03.16_EN.pdf PDF page 148 shows how to ensure AES encryption is used. PDF page 145 shows how to ensure only WPA2 is selected.

If your firmware is up-to-date on the DLink, then that would be all you can do according to AVAST support -- https://help.avast.com/en/av_free/17/hns/hns-vulnerable.html
 
Solution

nbabe1

Estimable
Dec 11, 2014
24
0
4,560
Yes these changes were made after I checked on the internet how to.

BUT here are the 2 errors I get after I redid an avast check:
1 is:
DnsMasq heap buffer overflow vulnerability
Severity: High

Reference: CVE-2017-14491 | Google Security Blog

2 and 3 =says it exposes the administrative password to anyone that connects: error code is ebd ID 42729
 

kanewolf

Judicious
Moderator


The last firmware release for your router was 2015. You won't find a fix for a 2017 vulnerability in 2015 firmware. It doesn't look like your router supports second source firmware. The only way to get rid of that alert would be to buy newer hardware.
 

kanewolf

Judicious
Moderator
Using the Google DNS, which is what 8.8.8.8 and 8.8.4.4 is, is a good thing to do independent of anything else. Do you HAVE to change your router? No. Is there a small probability that you could get attacked? Sure. It is likely? No, IMO. There are MUCH riskier things on the internet. You are much more likely to get a phishing e-mail or other "social" attack, then a technical attack like the Avast is pointing out.
 
Status
Not open for further replies.