Hello Guest, if you are reading this it means you have not registered yet. Please take a second, Click here to register, and in a few simple steps you will be able to enjoy our community and use our OpenViX support section.
Page 1 of 2 12 LastLast
Results 1 to 15 of 20

Thread: Hacked Vu launching malware attacks?

  1. #1

    Title
    Junior Member
    Join Date
    Oct 2012
    Location
    Ireland
    Posts
    27
    Thanks
    13
    Thanked 4 Times in 3 Posts

    Hacked Vu launching malware attacks?

    Not sure where to post this..

    I've received an email from my ISP telling me that there's a device on my network attacking other machines.. they think I have some form of malware somewhere on my network.

    I'm fairly sure its not my PC, iPad or phone, I've been able to discount them using the log times provided by the ISP, they were either switched off or off site at the time(s). Is it possible that my Vu could be hacked and it's being used?

    Thanks

    P.

  2. The Following User Says Thank You to irishpol1 For This Useful Post:

    Alankellyeire (18-07-17)

  3. #2
    Andy_Hazza's Avatar
    Title
    Moderator
    Join Date
    Oct 2012
    Location
    Derbyshire, UK
    Posts
    7,287
    Thanks
    2,855
    Thanked 2,126 Times in 1,752 Posts
    Do you have any open ports on your router? What version (image) are you on? Menu > Information > About will give you the image info if using ViX.


    Sent from my iPhone using Tapatalk
    Vu+ Ultimo 4K with 3TB HDD, Dual FBC (Sat) tuners, 1x Twin Hybrid DVB-C/T/T2 tuner
    Vu+ Solo 4K with 1TB HDD, Dual FBC (Sat) tuners, 1x Hybrid DVB-C/T/T2 tuner
    Vu+ Solo 2 with 1TB HDD 'White Edition', 2x DVB-S2 tuners
    Mut@nt HD2400 with 1TB HDD, 4x DVB-S2 tuners
    Fixed 28.2E Technomate 65cm Mesh Satellite Dish with Inverto Unicable II/JESS LNB and Inverto Unicable Splitter
    Fixed 28.2E Sky Zone 1 45cm Satellite Dish with Octo LNB
    (All receivers installed with the latest Dev build)

  4. #3
    abu baniaz's Avatar
    Title
    Moderator
    Join Date
    Sep 2010
    Location
    East London
    Posts
    23,335
    Thanks
    6,421
    Thanked 9,146 Times in 6,224 Posts
    Or even poorly configured mgcamd?

  5. #4
    Sicilian's Avatar
    Title
    The Boss
    Join Date
    Mar 2010
    Posts
    29,645
    Thanks
    23,575
    Thanked 26,044 Times in 7,633 Posts
    These sort of hacks are normally held in the ram of the device. Reboot every device on your network including router, should clear it.


    Sent from my iPhone using Tapatalk
    D I S C L A I M E R

    My right to post information is protected under the rights for freedom act. In all instances, information discussed here on my posts are either hypothetical in nature, out of general curiosity, common knowledge, public knowledge, or role-play. Any use of the collective descriptions and shared knowledge from any of my posts are at the sole discretion of the reader. I am not responsible for what you do with it!

    Follow us on Twitter 0penViX
    Rules can be found
    HERE
    Support our sponsor World-Of-Satellite
    HERE
    GIGABLUE UHD QUAD 4K, VU+ DUO 4K SE, ZGEMMA H7S, VU+ UNO 4K SE
    Triax 1.1m Powered by TM2600, Fixed 28.2 Zone 2 dish with GT-SAT Unicable





  6. #5
    twol's Avatar
    Title
    Moderator
    Join Date
    Apr 2012
    Posts
    8,382
    Thanks
    987
    Thanked 2,888 Times in 2,243 Posts
    Quote Originally Posted by irishpol1 View Post
    Not sure where to post this..

    I've received an email from my ISP telling me that there's a device on my network attacking other machines.. they think I have some form of malware somewhere on my network.

    I'm fairly sure its not my PC, iPad or phone, I've been able to discount them using the log times provided by the ISP, they were either switched off or off site at the time(s). Is it possible that my Vu could be hacked and it's being used?

    Thanks

    P.
    This may be a stupid sounding question, but are you sure this is a genuine ISP request or just someone trying to get into your system ....... afraid I am at the point where I don't trust most emails/phone calls/mail etc unless I can verify someway separately... eg phoning up the company directly via their switchboard etc
    Gigablue Quad 4K & UE 4K
    .........FBC Tuners:
    ------------------> DUR-Line DCR 5-1-8-L4 Multiswitch to 1.5M dish(28.2E)
    ------------------> Spaun SUS 5581/33 NFA Multiswitch to 80 cm dish(19.2E)
    .......................> FBC & DVB-S2X into 90cm dish (27.5W) Opticum robust Unicable LNB
    AX HD61, Edision Osmio 4K+, Zgemma H9Combo, Octagon SF8008 , gbtrio4k, h9se using Legacy ports on multiswitches
    Zgemma H9 C/S into Giga4K

  7. The Following 2 Users Say Thank You to twol For This Useful Post:

    Alankellyeire (18-07-17),Goldbar (12-07-17)

  8. #6
    Sicilian's Avatar
    Title
    The Boss
    Join Date
    Mar 2010
    Posts
    29,645
    Thanks
    23,575
    Thanked 26,044 Times in 7,633 Posts
    Quote Originally Posted by twol View Post
    This may be a stupid sounding question, but are you sure this is a genuine ISP request or just someone trying to get into your system ....... afraid I am at the point where I don't trust most emails/phone calls/mail etc unless I can verify someway separately... eg phoning up the company directly via their switchboard etc
    I've had similar too, sounds genuine to me.


    Sent from my iPhone using Tapatalk
    D I S C L A I M E R

    My right to post information is protected under the rights for freedom act. In all instances, information discussed here on my posts are either hypothetical in nature, out of general curiosity, common knowledge, public knowledge, or role-play. Any use of the collective descriptions and shared knowledge from any of my posts are at the sole discretion of the reader. I am not responsible for what you do with it!

    Follow us on Twitter 0penViX
    Rules can be found
    HERE
    Support our sponsor World-Of-Satellite
    HERE
    GIGABLUE UHD QUAD 4K, VU+ DUO 4K SE, ZGEMMA H7S, VU+ UNO 4K SE
    Triax 1.1m Powered by TM2600, Fixed 28.2 Zone 2 dish with GT-SAT Unicable





  9. The Following User Says Thank You to Sicilian For This Useful Post:

    degs367 (23-06-17)

  10. #7

    Title
    Junior Member
    Join Date
    Oct 2012
    Location
    Ireland
    Posts
    27
    Thanks
    13
    Thanked 4 Times in 3 Posts
    Thanks guys,

    To answer your questions..

    I'm using Vix 5.0.016

    There is some ports opened on the network, not for the TV though but for a CCTV system.

    I did do a full reboot of the system, it happens here almost daily when the electric goes off!

    I'm 100% sure this is genuine, I contacted the ISP by phone and confirmed.

    I'm disconnecting the PVR this evening from the network and leaving it off for 24 hrs and if the 'attacks' stop it'll be obvious, in that case I'll just re-flash the box. The ISP is threatening to terminate my service if I don't sort it.

  11. #8
    dsayers's Avatar
    Title
    ViX Beta Tester
    Join Date
    Mar 2016
    Posts
    1,752
    Thanks
    472
    Thanked 606 Times in 432 Posts
    As abu suggested a poorly configured mg_cfg file for mgcamd may be the cause are you using mgcamd?

    If you are using mgcamd have a look through these threads in here http://www.world-of-satellite.com/sh...ghlight=mg_cfg
    Last edited by dsayers; 21-06-17 at 18:53.

  12. #9

    Title
    Junior Member
    Join Date
    Oct 2012
    Location
    Ireland
    Posts
    27
    Thanks
    13
    Thanked 4 Times in 3 Posts
    Quote Originally Posted by dsayers View Post
    As abu suggested a poorly configured mg_cfg file for mgcamd may be the cause are you using mgcamd?

    If you are using mgcamd have a look through these threads in here http://www.world-of-satellite.com/sh...ghlight=mg_cfg
    I've been using mgcamd for years, i never changed the configuration and never had an issue before until this week.

  13. #10
    ccs's Avatar
    Title
    ViX Beta Tester
    Join Date
    Sep 2014
    Posts
    5,836
    Thanks
    554
    Thanked 1,276 Times in 1,089 Posts
    Quote Originally Posted by irishpol1 View Post
    There is some ports opened on the network, not for the TV though but for a CCTV system.
    That could well be a way in to compromise your home network.

  14. #11

    Title
    Junior Member
    Join Date
    Oct 2012
    Location
    Ireland
    Posts
    27
    Thanks
    13
    Thanked 4 Times in 3 Posts
    Quote Originally Posted by ccs View Post
    That could well be a way in to compromise your home network.
    possible, but unlikely.. I'll eliminate the TV first and take it from there. I was just posting to ask if anyone else has came across similar issue and how they resolved it.

  15. #12

    Title
    Senior Member
    Join Date
    Jan 2015
    Location
    @127.0.0.1
    Posts
    139
    Thanks
    14
    Thanked 22 Times in 20 Posts
    Sounds like someone has bruteforced your wifi and is using your IP to make attacks from.

    Is WPS enabled on your router? Most routers have this enabled by default.
    If so turn it of and change your wifi password.


    Sent from my iPhone using Tapatalk

  16. #13

    Title
    Senior Member
    Join Date
    Mar 2017
    Posts
    311
    Thanks
    13
    Thanked 49 Times in 42 Posts
    Was also going to suggest that your wifi maybe hacked.

    Can the ISP provide the MAC address of the suspected device, that would tell you what machine it is

  17. #14
    duoduo's Avatar
    Title
    Forum Supporter
    Donated Member
    Join Date
    Feb 2013
    Location
    North West Seaside
    Posts
    2,006
    Thanks
    645
    Thanked 389 Times in 309 Posts
    Not sure if you are with virgin but just come across this

    [HTML]http://www.edinburghnews.scotsman.com/our-region/edinburgh/thousands-of-customers-at-risk-following-virgin-media-hack-1-4483302[HTML]
    Vix image (usually latest) - VU Solo 4K- WD 1TB INTERNAL HDD - DVB-T Freeview, trialling IPTV options

    If my response has helped you, don't forget to hit the thanks button below. I appreciate you appreciate me

  18. The Following User Says Thank You to duoduo For This Useful Post:

    Bangord30 (22-06-17)

  19. #15

    Title
    Junior Member
    Join Date
    Oct 2012
    Location
    Ireland
    Posts
    27
    Thanks
    13
    Thanked 4 Times in 3 Posts
    I'm with Vodafone.. I done a firmware upgrade on the router which reset the defaults after it reported corruption. I opened the bare minimum of ports needed for the security system, I have noticed that something is opening random ports and pointing them at the PC although these are different to the ones reported from the ISP.

    The ISP was unable to give me the mac address or local IP from where these were coming from.

    However since the router upgrade, no attacks have been reported. I have changed the default password for both router and WiFi.

    Looking like the router may have been the problem (fingers crossed it sorted now)

  20. The Following User Says Thank You to irishpol1 For This Useful Post:

    abu baniaz (23-06-17)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.