01-12-2018 05:50 AM - edited 01-12-2018 05:53 AM
For info, came across this article today.
A quick search of these forums shows its already been discussed, but as its a new article (10th Jan), and people may ask questions thought it worth dropping in here for awareness....
“Tens of thousands of MikroTik and Ubiquiti routers are currently available online, featuring alarmistic hostnames such as "HACKED FTP server," "HACKED-ROUTER-HELP-SOS-WAS-MFWORM-INFECTED," or "HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD." “
01-12-2018 06:00 AM
If you look on shodan you see routers by ISP, those ISP should be named and shamed for using a default password. This is not a problem with the makers of the hardware this is a problem with stupid network operators. I feel bad for the end users that are paying money to a company that cares so little about there own network.
01-12-2018 07:27 AM
As noted in the OP this is not new. It isn't even unique to the two named vendors.
As noted in the referenced article this likely has most to do with end-users installing these devices and keeping the default credentials. That has been noted in these forums several times, in some cases with much worse results than a simple hostname change.
Big ISPs that provide equipment to end users have mostly migrated away from well-known default credentials and instead will typically have a label/sticker on the CPE router with the defaults printed. Those defaults, while not necesarily "strong", are unique and (much more importantly) not "well known". This is done since it is expected that end-users in fact will never change them.
When someone obtains a router on their own, such as from UBNT, there is an expectation that they should change the well-known defaults but alas there are too many that do not do so. The wizards (the last I checked) even provide for this change as a default configuration but too many still don't do this
Most providers, even small ones, know better and change the default credentials as part of standard configuration.
01-12-2018 07:46 AM
Here is a list(top3) of the routers with the hostname of found grouped by ISP HACKED-ROUTER-HELP-SOS-HAD-DUPE-PASSWORD
Uarnet 1,066 (isp in West Ukraine)
TzOV Biznes i Technologii 833 (isp in Ukraine)
Wiltel Comunicaciones SA 582 (isp in Argentina)
Tell me how one ISP has over 1000 people by a router from ubnt and not change the password. Those devices are managed or supplyed by the ISP. Btw below is a list by device type(top5)
Not one of the above devices is something that a normal end user would buy.
The fault lies 100% will the ISP.
01-17-2018 08:42 AM
Granted sometimes I am indeed guilty of being lazy and the username may stay the same, but i always always ALWAYS change the password immediately. Its not rocket science, its common sense.