How To Secure your Modem

0 Comment
2403 Views

One day I logged into the modem at home and found that there were several attempts to get into it using the default username and password. I usually find these attempts last for five minutes and then stop. But this time it went on all day and came from 50 different IP addresses, I thought I was being targeted until I confirmed that the same attempts happened to a friend and it was from the same IPs, I think it’s a new wave of attacks targeting home modems I had to study the issue from all its aspects.

After I logged into my modem and reviewed the logs I found that the attacker was trying to access the default usernames like:

root, support, enable shell, super user, and telecomadmin

Unfortunately, I didn’t change the default password for, because there is no easy way to change the password. After the hacker successfully logged in, he downloaded the settings file, and then logged out. Accordingly, I learned a lesson from this incident, which helped me to write the following steps that may contribute to facilitating the process of preparing the necessary settings to prevent this kind of penetration. These steps aim to:

Change the preset login information.
Disable remote access to the modem.
The steps mentioned are for the “STC HG8245Q” fiber modem and may be similar to other devices. You should refer to your device’s user manual to find out more.

At first, you need to know that this model of the device has two virtual accounts, as the login information is as follows:

First account: Username: telecomadmin, password: admintelecom
Second account: Username: root, and password: admin
Change your preset login details

Unfortunately, most people with this modem will not be able to change the default username or password through the modem’s web interface, and will need to follow the following steps to change the login information for these two accounts:

First Step: Log in to your modem using the username and password of the first account mentioned above. Then go to System Tools, then to Modify Login Password. Then change the password, and if you cannot modify it from this interface, it means that the password modification feature is disabled from the device’s settings file, and therefore you need to proceed to the second step to modify it.

Step Two: From the same System Tools window, go to the Configuration File section and click on Download Configuration File.

Step 3: Keep a copy of the file you downloaded, and then open the other copy of the file with any text editor, then search for the phrase “Web User Info Instance”, in my file I found it at line 938, then modify the usernames and passwords and save the changes. Preset I had a user named root and telecom admin, and there is also a third user named CLI (root), and I changed it as well, but I’m not sure which port this last user can access.

Fourth Step: Upload the new settings file from the same window from which you downloaded it, or follow these steps:

Go to System Tools, then go to the Configuration File section, and click on the Browse button

Then choose the file you modified recently and click “Update Configuration File”. The modem will download the new file, and it will take 1-2 minutes.

Disable modem remote access

I also advise not to allow access to the modem through the Internet, you can do this by going to the Security tab and then opening the Device Access Control section and unchecking all the services that you do not need especially WAN services. Although these steps are specific to STC, they may be similar to other Internet service providers.

by: Abdullah Al-Ghamijan