"You've Exceeded 10 Attempts to Login ..." But I haven't !!

[southleft]

When trying to login to our router i unknowingly mis-typed the password and pressed the Enter key. The message returned was "You have exceeded 10 attempts. Please wait two hours and try again." BUT, i haven't logged into this router in over a month. I powered the router off and waited 10 or 15 minutes then powered it back on. This time i typed everything correctly and it let me log in with no error message. Therefore, no change of username or passphrase has occured.

1. So, i'm wondering was this simply a glitch or has someone been attempting to hack into our router? Outside our fence, across the street, there's a gravel strip where cars on work vans occasionally park for a minute or sometimes rather longer. About two years ago our router did get hacked. I'm certain of this because they changed the username and password. Luckily, only one PC was powered on in the house and the anti-virus software protected it. We experienced no loss of data, no banking or ID theft problems, etc. I reset the router and enabled a more complex username and passphrase. No problems since then, until i received that login error message today.

2. Anyway, is there a way to see or read previous login attempts? I don't have the router maker's config. software installed (if there is one, can't remember). We just type 192.168.x.x and use the utility that appears in the browser which includes Basic and Advanced tabs plus a left-hand menu with the usual categories.

Modem: Linksys CM3024 DOCSIS 3
Router: TP-Link Archer C9 (AC-1900) dual-band
Security: WPA-2
Wi-fi: 2.4GHz and 5.0GHz are both enabled with complex passphrases.
Separate complex passphrases are set for Guest network which is turned Off anyway, and hasn't been enabled for several months.
OS: Windows 10 Home 64-bit; also Windows 8.1 64-bit on other PCs

 

[PliotronX]

Double check if HTTPS, SSH, telnet, or management is accessible to the internet because without whitelisting, they are hit constantly by foreign countries running bots. I am not sure how to check as I run DDWRT on my Tp link but I will peruse some screenshots.

 

[southleft]

Thanks for your reply. Unfortunately, i don't clearly understand your suggestion. If you mean does my browser have internet access to https:// websites then, yes, no problem. We are not blocked from anywhere as far as i can tell. Also, i've signed into the router once each day since my original post, and there have been no unwanted messages of any kind including "you have exceeded 10 attempts ..."
I simply wanted to know if there's a simple way to check if there really were numerous failed attempts to hack into our home network. Maybe there's a log stored somewhere in Windows?

 

[Ketchup]

I would be looking at the router more than I would the modem. If the router current connections and connection history only show devices you know about, I wouldn't worry. Looks like there is a page on your Modem for DOCSIS events, but that may come across more like gibberish than anything.

 

[Rifter]

I simply wanted to know if there's a simple way to check if there really were numerous failed attempts to hack into our home network. Maybe there's a log stored somewhere in Windows?

Rest assured there is likely 100's if not 1000's of people/bots either probing ports or making login attempts to your home network daily, such is life on the internet.

Take the suggestion above and ensure you only allow access to your router from the LAN side not the WAN side and then it doesnt matter if anyone is making attempts to get into your network as you can only access the router via LAN, so unless they are physically in your house you should be good.

 

[PliotronX]

Thanks for your reply. Unfortunately, i don't clearly understand your suggestion. If you mean does my browser have internet access to https:// websites then, yes, no problem. We are not blocked from anywhere as far as i can tell. Also, i've signed into the router once each day since my original post, and there have been no unwanted messages of any kind including "you have exceeded 10 attempts ..."
I simply wanted to know if there's a simple way to check if there really were numerous failed attempts to hack into our home network. Maybe there's a log stored somewhere in Windows?

Sorry about the confusion! I can see how the terms I threw at ya look like just the page where you change settings and what I defined above are typical management interfaces or protocols. Yes, the configuration page uses HTTPS but the concern I have is if it and the rest are accessible from the internet or just your local network. If you wish, you can PM me your current internet address and I can check it out because the configuration page of the C9 does not appear to have this granular control so I would hope that it is just disabled to the internet but you can't be too sure. You could also try creating another administrator account and deleting the admin account as that is a very typical and utilized attack method. This might keep the account locking from happening in itself but you really want to make sure if possible that the router is just about invisible to the internet.

 

[southleft]

"Yes, the configuration page uses HTTPS but the concern I have is if it and the rest are accessible from the internet or just your local network."

So, the question is whether my router's configuration page is accessible from the internet as well as from our home network, is that correct?

1. How do i test that myself?
2. How do i prevent my system from replying to a PING test from the internet?

Just for fun, i went to Gibson's "Shields Up!" website. Results are:
UP&P test - Passed OK
Common Ports - FAILED.
(Ports are "Stealth" but PING received a response.)
All Service Ports - FAILED.
(Ports are "Stealth" but PING received a response.)

 

[PliotronX]

"Yes, the configuration page uses HTTPS but the concern I have is if it and the rest are accessible from the internet or just your local network."

So, the question is whether my router's configuration page is accessible from the internet as well as from our home network, is that correct?

1. How do i test that myself?
2. How do i prevent my system from replying to a PING test from the internet?

Just for fun, i went to Gibson's "Shields Up!" website. Results are:
UP&P test - Passed OK
Common Ports - FAILED.
(Ports are "Stealth" but PING received a response.)
All Service Ports - FAILED.
(Ports are "Stealth" but PING received a response.)

You will need another internet connection for example mobile hotspot and laptop and you can just enter your C9 WAN IP into any web browser to see if the login page loads. Then add https:// before the IP in the web browser for the same. You should be able to pull up a command prompt box (start and cmd) to enter telnet [ip] to see if that responds. For SSH, download putty and just enter in your ip to connect. A more advanced test would be using Zenmap with aggressive profile (to hit all public facing ports) and check the results. There may be a half configured VPN on 1194, 8443, 1701 or 1723.

For disable ping, the option is always named differently between manufacturers, echo response, ICMP response, stealth mode, etc. This may be located outside of security settings so I would scour all of the advanced pages including the WAN page.

Edit- this might be the ticket

https://goo.gl/images/PjThri

 

[Charlie22911]

There are also various web based port scanners, with some paid services for more indepth tests if you are unsure of what you are doing. You can also check shodan.io to see if anything comes up for your WAN IP.