Menu
Reply
ALF28
  • 982
  • 18
  • 104
Well-informed
684 Views
Message 1 of 32
Flag for a moderator

HUB 3 ISSUE TODAY

My hub 3 rebooted this morning when I switched it on red lights flashing.

I had problems connecting to the hub on wifi and had to restart my laptop but got it working and used today.

Tonight I checked the setting page to find  someone else has it open, tried default password also but no access to settings page and it say's my password is wrong

strange entry on the network log critical 1970

I have a long password 27 digits so how was it hacked.

Rang 150 which did test and found something wrong and did a reset and later a helpful person checked my records ,but no info on hacking, told to reset the hub and change all password and monitor to see if it happens again see if the hub may be faulty and needing replacement and to run antivirus scan and read the virgin security hub

So would this be a faulty hub, dos attack on my Ip address, hacking, or someone has used a virgin default password to get into my hub and changed the password?

I have used several login passwords during  today, so concerned a hacker may be into my hub at this moment, so will now go and reset the hub 3 and start password changes tonight. I will also check for open ports on the hub3, they were OK yesterday and my hub settings page worked yesterday, the hacking happened at 8.00am approx  today 7/7/20201

alf28

 

[MOD EDIT: Subject title changed for clarity]

Tags (1)
0 Kudos
Reply
jbrennand
  • 24.06K
  • 2.54K
  • 4.37K
Very Insightful Person
Very Insightful Person
672 Views
Message 2 of 32
Flag for a moderator
Helpful Answer

Re: HUB 3 HACKED TODAY

Do the reset this way...

___________________

Firstly, make sure the Hub's sticker/card with the two passwords on it is still there and legible or you will be stuffed ! If its not – DON’T DO IT !
With the Hub switched "on", disconnect any ethernet connections (leave the co-ax connected) and then push in the “reset pin” with the end of a paperclip/thin nail/SIM tray “tool” or similar (bigger items like ball point pen ends may not press it in far enough) until you feel it at the “stop point” and hold it there firmly for a "timed" minimum of 60 seconds do NOT manually restart the Hub at any time. Leave it 10' or so to stabilise and then your passwords/passphrase for both the Hub settings and the Wifi networks will revert to the two printed on the Hub sticker on its base/side/card. Make sure you use the wifi one for devices connecting to the wifi and the settings/admin one to access the Hub

Then change them to new SSID's and  passwords - and then reconnect your devices

That should sort it.


--------------------
John
--------------------

I do not work for VM. My services: HD TV on VIP (+ Sky Sports & Movies & BT sport), x3 V6 boxes (1 wired 2 WiFi,) SH2 in modem mode with Airport Extreme Router +2 Airport Express's. On VIVID200, Talk Anytime Phone, x2 Mobile SIM only iPhones.
Tudor
  • 8.49K
  • 675
  • 1.52K
Very Insightful Person
Very Insightful Person
612 Views
Message 3 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

“My hub 3 rebooted this morning when I switched it on red lights flashing.” Sorry I don’t understand. Was the hub powered off overnight and you switched it on? Is so the LEDs will flash while it synchronises with the CMTS. 

There is a possibility when the hub was turned on it did a firmware update.

Dates of 1970 are when the hub is power cycled and it has not yet gotten the current date/time from the Internet.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply
ALF28
  • 982
  • 18
  • 104
Well-informed
608 Views
Message 4 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

jbrennand

Thanks for the help, I have managed to reset the hub and changed all the relevant passwords.

The settings password change took a few attempts and I had the notice again "someone else is logged in", I think the password is accepted but the settings page fails to appear, and logs it as a failed login preventing another attempt unless you wait for a while.

This may be some type of firmware issue looking at older posts of similar events.

The auto reboot  of the hub  this morning (red lights flashing) that occurred was  unusual and may have caused the issue but the logs show nothing except  for the strange critical 1970 date which usually means something went wrong, but  the hub was not on default settings.

The reset signal sent from virgin may have corrected some issues, as there was a "fault found" but it required a pin reset as well for me to be able to log into the settings page and to amend all the settings.

I will continue to monitor the settings page to ensure that this does not happen again, it may be a problem with the settings page. I have no apps so that was not a conflict unless the issue is caused by using 2 different laptops and browsers or not logging out, but the settings web page does usually time out but perhaps it has remained logged in for some reason causing the issue and a power down did not resolve this either .I will use the same laptop and ensure I Iog out of the settings page each time.

As the issue happened after  the hub 3 red lights were flashing, I suspected the hub may have been rebooted by virgin or an attack on the hub or some type of maintenance from virgin, but now solved for the time being, I have had the same thing happen before and it will be in my posts.

The pin reset works by resetting to default all the settings, so they then need editing for passwords ssid etc,

alf28

0 Kudos
Reply
ALF28
  • 982
  • 18
  • 104
Well-informed
544 Views
Message 5 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

UPDATE ON HUB ISSUES

The settings page works OK now following the pin reset and password changes, however a lot of work to change passwords on 3 computers, 2 printers, v6 and now box. My hp printer still refusing to work.

LAPTOP ISSUE-open ports found using the router-check app on my tablet.

Following a router check which shows all connected devices, one laptop had a few open ports that should not be there.

Ports-135,139,445, 5357 all open so I have closed them.

135-epmap Microsoft rpc service dce endpoint reso (can be used for hacking tool edump)

139-netbios session service NetBIOS -SSN  (can be used for file sharing) may be my epson printer updates but not open on my other laptop

445-smb directly over ip microsoft-ds   (can be used for file sharing) may be my epson printer updates but not open on other laptop

5357-web services for devices wsdapi (network discovery was turned on-can be used for malicious activity on public network should be off)

I reset the firewall and switched off network discovery, and no open ports are showing now.

The only recent change to my computer was the software download  iobit free driver booster, may remove this, but it did show a lot of out of date drivers but have not updated anything.

Not sure if any of this is related to my recent hub issue when it auto rebooted, and I lost access to the web settings page.

As I do have sensitive files on my laptop, banking etc I hope they are safe? I will remove them to USB stick now and hope no passwords have leaked with the open ports.

I am still unsure what happened, or if any unauthorized access or hacking occurred and virgin (150) could not confirm anything, just said there was a "fault" identified by their reset signal which was corrected.

My epson printer has 6 open ports showing, but can not do anything about that.

My other hp printer has died at the moment, will use a usb cable.

alf28

 

 

 

0 Kudos
Reply
ALF28
  • 982
  • 18
  • 104
Well-informed
512 Views
Message 6 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

UPDATE ON HUB ISSUES-antivirus checks

My other laptop had issues with antivirus Malwarebytes which seemed to have updated then disappeared from my computer, may have been corrupted so I had to re-install by downloading a fresh copy.

Also at the same time windows decided to update,  so not sure what was going on, but the antivirus is working now.

I have quick scanned for malware on both my laptops and both were  clean,  but will do further full scans soon.

This issue has taken me days to sort out- something unexplained and events like open ports and antivirus corrupted may be unrelated or possible the hub was corrupted or hacked, I will never know but hope it is solved now. Also got 2 weird emails, one  from Tesco rewards but was a USA  American engineering company and it came via moscow, usa, and germany, the other from windows secuity- Ossisto365 active directory security and health assessment.  These strange spam emails  arrived  yesterday the same day as the hub issue so could be linked.

alf28

0 Kudos
Reply
ALF28
  • 982
  • 18
  • 104
Well-informed
481 Views
Message 7 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

UPDATE ON HUB ISSUES-"CONCLUSIONS"- password failed but now solved.

Having spoken to 2 local experts who are computer professionals, they both confirmed the  virgin hub does the job and no need for your own router, it would not be any more secure except more settings perhaps available, and they require fiddling with to make them work. One has a virgin hub in his own local  shop.

They advised me to always contact the  hub provider in the event of a hub/password problem, which I did, ringing 150 for help and advice.

The only 2 possibilities with my hub is that it was either faulty and lost the stored password for some reason or was hacked and the password changed  by somebody else which was indicated as it said my recorded password was incorrect, and I am careful always to record my passwords and test them often, it worked until Wednesday and the hub red lights started flashing and locked the hub, Virgin has no explanation themselves, other than do the pin reset which worked, and  the virgin remote reset found an unknown fault which indicated that the hub had issues.

I will monitor the hub setting page daily from now on, (and it does time out after a few minutes). If the hub is faulty, it may do this again where the password fails, and it says someone else logged in, then the password fails, and the only remedy is the long-winded hub pin reset and change all passwords. The virgin rep advised that if this happens again, contact virgin to get a hub replacement. I had the same problem last year, so it is not an isolated event and the hub 3 was replaced already once a few years back when it was faulty and kept loosing settings etc and poor connection.

alf28

 

0 Kudos
Reply
Tudor
  • 8.49K
  • 675
  • 1.52K
Very Insightful Person
Very Insightful Person
445 Views
Message 8 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

and no need for your own router, it would not be any more secure” totally disagree. Since 00:01 this morning I have had 48 stopped intrusions into my systems, none of which would have been trapped by the VM hub. Boy, am I glad my bank does not rely on such a low level of security.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
ALF28
  • 982
  • 18
  • 104
Well-informed
412 Views
Message 9 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

Thanks for reply Tudor

HUB 3 INTRUSION- low level of security?

"Since 00:01 this morning I have had 48 stopped intrusions into my systems, none of which would have been trapped by the VM hub"

How are you detecting these intrusions and can you block them, I used to use bullguard  security, which did  flagged intrusions and block them but I have tried  Wireshark but was too complex for a novice like myself.

Should we be  concerned regarding such a high level of intrusions getting through the hub firewall as there are approx. 4.8 million virgin media cable customers.

Hackers are attacking all the time, so the system needs to be robust with strong passwords. My antivirus Malwarebytes has no firewall. Basically the virgin hub is the entry point my network but has no firewall settings such as low/medium high as most firewalls do have. The incoming ports to the virgin hub are closed/shielded so how can hackers get through  unless it is via virgin media  themselves?. I recently found a bunch of open ports on my computer which I have closed resetting the windows defender firewall.

My recent hub issues have me wondering, since  my settings password was changed by somebody, does the hub 3 security  requires additional measures or equipment or software such as own router that is compatible with modem mode and actually works, and intrusion detection blocking using software firewall on computer (or is windows defender good enough) I am not sure if my hub3 was corrupted, hacked or a hardware/network issue but as the hub has no firewall logs it is not easy to investigate so the pin reset was used to get my password restored. I am concerned as I do banking online like many do now.

My network log is not refreshing but the last records on the day it lost the password as follows- (no logs for 8/7/21 or today 9/7/21)

Also getting occasional pixelation watching films on v6 box, but upstream and downsteam logs look normal

Time Priority Description

07/07/2021 21:14:29noticeLAN login Success;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 21:13:36Warning!LAN login FAILED : Incorrect Username / Password / ConnectionType;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 21:10:8noticeLAN login Success;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 21:09:32Warning!LAN login FAILED : Incorrect Username / Password / ConnectionType;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 21:05:57noticeLAN login Success;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/01/1970 00:01:39criticalNo Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 20:21:19Warning!LAN login FAILED : Incorrect Username / Password / ConnectionType;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 17:09:16noticeLAN login Success;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/01/1970 00:01:43criticalNo Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 16:48:44noticeLAN login Success;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
07/07/2021 16:46:47Warning!LAN login FAILED : Incorrect Username / Password / ConnectionType;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
03/07/2021 19:25:49criticalNo Ranging Response received - T3 time-out;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 14:37:24noticeLAN login Success;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:56:58Warning!RCS Partial Service;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:56:58criticalSYNC Timing Synchronization failure - Loss of Sync;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:55:49Warning!RCS Partial Service;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:55:49criticalSYNC Timing Synchronization failure - Loss of Sync;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:55:47Warning!RCS Partial Service;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:55:47criticalSYNC Timing Synchronization failure - Loss of Sync;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;
01/07/2021 09:55:22Warning!Lost MDD Timeout;CM-MAC=**:**:**:**:**:**;CMTS-MAC=**:**:**:**:**:**;CM-QOS=1.1;CM-VER=3.0;

 

I would be interested to improve security and any recomendtions would be helpful. Which router do you use and is it easy to set up and is it costly?

alf28

0 Kudos
Reply
ALF28
  • 982
  • 18
  • 104
Well-informed
393 Views
Message 10 of 32
Flag for a moderator

Re: HUB 3 HACKED TODAY

0 Kudos
Reply