Have my GS1900 switches been hacked?

PersonX

Some strange things are going on with my Zyxel Switches.

A few months back I discovered I could no longer login on my GS1900-8HP. It refused my login/password.

I did a factory reset to solve it (and of course put again a custom login/password).

Now a few months later its static IP has been changed into a dynamic one and I could no longer log-in but could log in with the default admin / 1234 combination.

And now my GS1900-24E is also behaving strangely. It is still on its static IP but I can't login anymore using my login/password. So I'll probably have to factory reset that one.

This all makes me wonder whether someone has hacked my switches somehow?

Zyxel_Melen

Hi @PersonX,

It might be because someone in your network tried to access your switches and he guessed your password correctly.

It is recommended to use "Remote Access Control" to allow a specific IP range to access your switch. It can prevent unauthorized clients in other IP subnets from accessing. Please navigate to Menu > Configuration > Management > Remote Access Control > Global to set up and monitor if this problem occurs again.

PersonX

Thanks Melen,

My password looks like this "zpgNPQtz5fOzld4" so it would be amazing if someone was able to guess it.

Also I'm in a residential set-up with 2 small kids who don't know how to work with a computer and my wife who is IT-agnostic.

I had a look at your suggestion, but I must admit it looks quite daunting to set-up this remote access control correctly.

westcoast

Hi @personX,

According to your reply for Melen, there's only you and two kids as far as you know who have acces to your environment. In this case I belive it means that If your switches are been hacked, your intire network has been hacked. So there is another player fooling around…. he can only acces your environment form the outside I presume.

Perhaps you should review your security on a larger scale.