Today it became apparent that a particular IP was attempting logins across the wug. We are not certain as to the cause of this (it may well be that this IP was compromised by another party in some way)
Anyway the point is the person was trying to log into any RB they could find via the web interface using the
admin user. They succeeded in many attempts probably because the admin user was active on some routers with no password.
If you have
admin user on your router and it's not disabled please change the password or, better yet, create your own account and disable the admin account. Create a personal user account with a secure password for yourself.
You could also make it a read user.
I'm logging into routers where this hacker logged into and disabling admin users with a comment. Like this:
I'm only disabling if there is alternative means to login in of course.
Once done I will post a list of those routers here.
The list below is not complete as I only track logs for routers connected to WMS. There may be many more routers affected.