Routers running Tomato firmware under attack

Monkey34

Supreme [H]ardness
Joined
Apr 11, 2003
Messages
5,140
I would think people that go through the work to install a 3rd party firmware on their router they would be smart enough to change the default password.
You would think that, but daily:
dumb.jpg
 
I would think that remote access would be disabled by default...or are they saying people are enabling remote and keeping the default password? o_O

Why do they even have a default for remote? It should force you to pick one when you enable it, or at least lock you out of remote access with a message saying to change the password in the config....
 
https://www.linksysinfo.org/index.p...s-including-4-600-tomato-based-routers.75136/

joew333 said:
The risk is present if you 1) have remote access turned on in Administration (which is not a default setting) and 2) you also have the default root/admin user/password. No systematic security issue was found in Tomato, just bad password management by some users.

If you see any of these IP addresses or domains in your system log, you may have the infection.

46.149.233[.]35
68.66.253[.]100
185.61.149[.]22
hxxp://y.fd6fq54s6df541q23sdxfg[.]eu/nvr
hxxp://159.89.156[.]190/.y/pty1
hxxp://159.89.156[.]190/.y/pty3
hxxp://159.89.156[.]190/.y/pty5
hxxp://159.89.156[.]190/.y/pty6
s.shadow.mods[.]net
 
I honestly didnt think this was still a thing. I remember trying tomato on my wrt54g back in the day. So the last official update of it was 9 years ago? Looks like project was taken over by another team and their last update was 2years ago? Not trying to be a dick, just what im googling shows it is pretty old at this point.
 
I would think people that go through the work to install a 3rd party firmware on their router they would be smart enough to change the default password.
You would think so.... but back during my time in the trenches I went to many locations that were using Tomato or DDWRT and they still had the defaults. Businesses were the worst for this.
 
You would think so.... but back during my time in the trenches I went to many locations that were using Tomato or DDWRT and they still had the defaults. Businesses were the worst for this.
If you change from defaults then someone has to remember or keep that documented. This can cause problems when you treat IT (people) like a commodity.
 
I honestly didnt think this was still a thing. I remember trying tomato on my wrt54g back in the day. So the last official update of it was 9 years ago? Looks like project was taken over by another team and their last update was 2years ago? Not trying to be a dick, just what im googling shows it is pretty old at this point.


Tomato is alive and well. The current branch(s) are known as "FreshTomato".
 
I cant imagine anyone is actually still using those old WRT54G routers with tomato on them are they?
 
I cant imagine anyone is actually still using those old WRT54G routers with tomato on them are they?
I quit using mine years ago, but that was mostly because the R7000 was on sale for 100 bucks at Wally World. But honestly, until I started ripping my 4K disks to my NAS, I rarely needed the extra bandwidth (and I suspect most people don't have a drive that can rip 4K disks (or if they do, they either don't have 4K disks or they aren't aware that they can).

But this thread does have me thinking about trying Tomato again on the R7000 :D
 
hah! they would never guess my admin creds with my username/password of "fuck" and "yourself"
 
hah! they would never guess my admin creds with my username/password of "fuck" and "yourself"
Barely matters if you don't allow remote access. I'm not sure if I've ever allowed remote access, but if I did, it's rare and temporary.
 
Back
Top