# Issue with DLink 2520u adsl modem-firmware getting hacked repeatedly.



## quicky008 (Sep 27, 2016)

I have a Dlink 2520u adsl modem that's used for internet access on my bsnl bb connection-however the modem has been acting rather strangely of late and tends to get disconnected from the internet every 10-15 mins(even though there's no fault in my connection or phone line).The stock modem that was supplied by bsnl works just fine-so it was pretty obvious that something's wrong with my dlink modem.After googling the issue i learned that there's a bug in 2520u's firmware that makes it susceptible to dns hijacking which can cause it to malfunction.I found that my dns settings have been changed without my knowledge to 128.199.198.127 from 8.8.8.8(i was using Google Dns earlier).Then i performed a full reset of my router and changed the password for its config page after which it worked properly for about 3-4 hours and didn't get disconnected even once during this period.However shortly after that the problem resurfaced once again and the modem started getting disconnected frequently-the only way to get it working was to turn it off and then back on again.


Some users who have also experienced similar issues have suggested that selecting "deny all" under "remote management" in the device's config page might resolve this issue-however when i tried doing so i found that no such options are present in my modem.Then i realized that my modem was running a really old version of the firmware which is outdated and doesn't include many of the options that have been provided by default in newer versions of this device.Then i downloaded the latest firmware from dlink's website and tried updating my device but the update ended with a fatal error,probably because the firmware was not fully compatible with my modem.

So now i am in a real quandary and don't know what i should do-is there any way to fix this problem or do i have to discontinue using it?The device has worked well for the last 4 years and this problem has started only recently.Can this problem be fixed by a firmware upgrade?If yes,please suggest from where can i obtain the most up-to date version of the firmware that would be compatible with my modem.
Various details about my device are listed below:

Model-DSL-2520U
H/W: T1
F/W: IM_1.00


----------



## amit.tiger12 (Sep 27, 2016)

Some says don't keep running router for 24 hours straight. Give a break to router every 4-6 hours.. this will help to boost to its original strength speed coverage lifelong duration


----------



## arijitsinha (Sep 27, 2016)

amit.tiger12 said:


> Some says don't keep running router for 24 hours straight. Give a break to router every 4-6 hours.. this will help to boost to its original strength speed coverage lifelong duration



who said this tiger ji.


----------



## amit.tiger12 (Sep 27, 2016)

arijitsinha said:


> who said this tiger ji.


Old people..


----------



## chris (Sep 27, 2016)

amit.tiger12 said:


> Old people..



lol, we all should practice this, not just modem 
 [MENTION=33037]quicky008[/MENTION]

Is there anyway you can change the IP on which the web interface listen to ? If yes, listen to local IP only (internal) so no one outside can access it. You have secure password ?


----------



## quicky008 (Sep 27, 2016)

^i don't think the IP address is changeable-the modem is configured to display its settings page @ 192.168.1.1 and its seems unlikely that it can be altered.And yes,my password is secure,despite that the firmware gets hacked time and time again.Its appears to be a common issue with DSL-2520u-many users who own this modem have reported that they have also experienced it.The ones who own a newer version of this modem could fix it by changing some settings under remote management,however my modem uses a really old firmware and those settings have not been included in it-so i couldn't do anything to resolve this issue.

If i have no choice but to stop using it,can anyone recommend a cheap and reliable modem(under 1k)that's not susceptible to the "misfortune cookie exploit",unlike dsl 2520u?


----------



## chris (Sep 27, 2016)

I did remember getting kicked from net, i have TP Link modem. I did check the log found i am getting some incomign requests on my IP from diff IPs that is not normal. Switching modem on/off prevented it as it change your IP.  They won't know your new IP.

The modem page of many modems not just listen to  192.168.1.1, but to all IPs. This is bad as anyone on internet can access your modem. I think many new modem allow you to bind web interface to internal IP only.

Can't you upgrade frimware ?


----------



## patkim (Sep 27, 2016)

DLink routers have a page where you can check for new firmware. It connects to remote server and looks for latest firmware for your model. Do you see any such option therein somewhere?

If there is any option to Enable WAN Ping. Disable that as well.


----------



## quicky008 (Sep 28, 2016)

chris said:


> I did remember getting kicked from net, i have TP Link modem. I did check the log found i am getting some incomign requests on my IP from diff IPs that is not normal. Switching modem on/off prevented it as it change your IP.  They won't know your new IP.
> 
> The modem page of many modems not just listen to  192.168.1.1, but to all IPs. This is bad as anyone on internet can access your modem. I think many new modem allow you to bind web interface to internal IP only.
> 
> Can't you upgrade frimware ?



i tried but got a fatal error when i attempted to flash the firmware with the latest version that's available at dlink's website.

  [MENTION=4314]patkim[/MENTION]-I can find no option to enable/disable wan ping in my router's config page-can you tell me where should i look for it?(there's no such option under "wan" in my router).And there's no page for checking the latest version of the firmware either.


----------



## patkim (Sep 28, 2016)

Generally  routers do have an option to enable/disable WAN PING. possibly this model DSL2520 may not be having that option. Also check under firewall or advanced network sections in case any.


----------



## topgear (Sep 28, 2016)

[MENTION=33037]quicky008[/MENTION] - I've uploaded a Firmwire Update file for your Router .. see if you can upload the firmwire of the router with this and get some more options.

2520UT1.en_upgrade :: Free File Hosting - File Dropper: File Host for Mp3, Videos, Music, Documents.

PS : Don't blame if it breaks your router and you are not able to update the firmwire. You may change the router to a new one so no harm in giving it a try.


----------



## amit.tiger12 (Sep 28, 2016)

^download it from official website...

D-link slow in terms of updates..


----------



## topgear (Sep 28, 2016)

^^ That's a way too old Router OP is using ( Based on HW version of OP's router ) so Op is not able to find it on D-Links official website. I got the firmwire from a very good source and uploaded on Tinyupload.

BTW, from Norton Safeweb tinyupload does not looks like a very safe place. So RE Uploaded the file here :
2520UT1.en_upgrade :: Free File Hosting - File Dropper: File Host for Mp3, Videos, Music, Documents.


----------



## quicky008 (Sep 28, 2016)

Many thanks topgear-i will try it later and see how it goes!


----------



## amit.tiger12 (Sep 28, 2016)

Be careful while flashing firmware


----------



## quicky008 (Sep 29, 2016)

I have updated it and currently it shows that the new firmware is "ME_1.00" which was released in feb 2011,unfortunately however this new firmware too doesn't contain the options i was looking for-it still resembles the older one i was using earlier.

After updating,the router has worked for the last hour and a half without any issues-I'll have to keep it running all night and check whether it starts acting up again or not.

- - - Updated - - -

After using it for 5-6 hrs straight without issues the router was hacked again and its dns settings were changed,it seems no matter what i do this router will get hacked sooner or later-so i'll probably have to stop using it any further.

Btw i found this page within my router's configuration settings:

d link 2520u - Album on Imgu

Can enabling/disabling any of the options here resolve my problem?


Also can anyone recommend any decent adsl modem within 1k that's not prone to hacking?How about the  TP-LinkTD-8816 ?Although the security firm Checkpoint lists it as one of the devices that's susceptible to dns hijacking,is this vulnerability also present in the newer versions of this modem?


----------



## topgear (Sep 29, 2016)

Except HTTP for LAN remove the tick mark from every other services. But before doing that Reset router, Set a new password and then remove the tick marks.


----------



## chris (Sep 29, 2016)

topgear said:


> Except HTTP for LAN remove the tick mark from every other services. But before doing that Reset router, Set a new password and then remove the tick marks.



This will get it resolved, you don't need anyone over WAN (internet) access your modem pages, if you allow, they try to hack and get in.

Since hacker changed DNS, he may able to get you password with phishing pages, unless you use https for sites. So change your important passwords if you suspend any phishing.


----------



## quicky008 (Sep 29, 2016)

Thanks a lot,topgear and chris:I did what topgear instructed today in the morning and the router has been running non-stop since then and fortunately,that issue has not resurfaced as of yet.If it stays this way atleast till tomorrow,then it can be concluded that performing the above steps has finally fixed this utterly annoying problem for good.

The funny thing is i sent an email to d-link's customer care over 3 days ago in order to apprise them of this issue and ask what should i do to fix it,but they haven't bothered to reply till date-this speaks volumes about how terrible their after sales support actually is-i think i'm gonna avoid buying any d-link products from now on.


----------



## chris (Sep 30, 2016)

quicky008 said:


> The funny thing is i sent an email to d-link's customer care over 3 days ago in order to apprise them of this issue and ask what should i do to fix it,but they haven't bothered to reply till date-this speaks volumes about how terrible their after sales support actually is-i think i'm gonna avoid buying any d-link products from now on.



I don't link d-link now as i am happy with TP-LINK and its features. Maybe newer d-link models have these features like bandwidth limiting.

But i think most company won't provide such customer support as it is hard for them to handle, also this product may be in EOL. You may have better luck trying their community support forum D-Link Forums - Index


----------



## quicky008 (Sep 30, 2016)

Dsl 2520u is not an eol'd product-its still being sold by dlink all over india and is quite popular amongst people who use an adsl connection for internet access.

The reason they didn't respond to my queries could be because either they've an extremely apathetic and lackadaisical attitude towards their customers and therefore they don't even bother to reply,unless perhaps the problem is extremely serious in nature or they're dealing with someone important,who if ignored could potentially cause them a lot of trouble,or their technical support staff is extremely inept & lacks adequate technical knowhow,so they simply have no idea of how they're supposed to solve problems that are a bit abstruse or complex by nature.

Anyway,i'm thankful to you and topgear for lending me your valued advice and suggestions-the modem is working fine as of now,lets hope it will stay that way and not get hacked again anytime soon.


----------



## patkim (Sep 30, 2016)

> The reason they didn't respond to my queries could be because either they've an extremely apathetic and lackadaisical attitude towards their customers and therefore they don't even bother to reply,unless perhaps the problem is extremely serious in nature or they're dealing with someone important,who if ignored could potentially cause them a lot of trouble,or their technical support staff is extremely inept & lacks adequate technical knowhow,so they simply have no idea of how they're supposed to solve problems that are a bit abstruse or complex by nature.



I have this experience with almost all customer cares. Most importantly 'Fitness for Right Purpose' is missing from most of the consumer products. They just work but not how you expect them to work. I have DIR 615 router and there are at least a dozen bugs in it. Ironically in my observation updating firmware fixes one but breaks some other!!

Glad to know that this forum helped you solve your issue to a manageable level.

I would just suggest that you ping your router WAN IP from other internet connection and check if your router responds. Ideally by default as a security measure it should not respond.


----------



## quicky008 (Oct 1, 2016)

^thanks patkim,i too am glad that my problem appears to have been solved for now,thanks in no small part to the stellar advice given by Topgear.Do you know of any way to ping an ip address from an android phone(via its gprs/3g connection).Does android offer any utilities/tools like command prompt of windows that can be used to ping an address?

- - - Updated - - -

i tried to ping my current ip address via Ping.eu-it reported that although 9 packets were sent,none were received so all packets were lost-so i suppose my router didn't respond to the ping command,right?


----------



## topgear (Oct 1, 2016)

Glad to know your issue has been resolved. But D-Link totally lacks of customer support. They just released a half baked product on market which is well notorious for getting hacked from a long time. D-Link never released a firmwire for older hardware version. This clearly shows in the first place how good D-Links support is for a hardware they sell which is a very crucial component for privacy and security. So you can guess already how good D-Links customer support is and what type of qualified technician they take as employee.

BTW, As for the ping issue - Are you using a rooted phone ? Anyway, You can use Termux which is a very powerful command line app for android or install some app like these :

Fing - Network Tools – Android Apps on Google Pla
IP Tools: Network utilities – Android Apps on Google Pla
PingTools Network Utilities - Android Apps on Google Pla


----------



## patkim (Oct 1, 2016)

Generally the IP address range of ISP's is known and hackers may ping the ranges as one of the ways to know if the connection is active. With most home users having WiFi, poorly configured routers become easy target for hacking. It's good to know that ping is not responding and seems disabled in your router settings may be as a default.


----------



## quicky008 (Oct 1, 2016)

Yes,its evident that dlink's customer support is truly abysmal-despite releasing a glitchy and flawed product that contains serious lapses in security they haven't taken a single step to rectify this issue,even newer versions of this router (as well as some other dlink modems like the dsl 2600u)contain this flaw but no official firmware update has been issued by them till date to patch this serious loophole,even though this particular exploit had been discovered long ago and and its characteristics are fairly well documented. 

If they were incapable of delivering a fix they could have atleast acknowledged that their product had this flaw and suggested a step by step method to fix it manually by changing the required parameters in the router's config page-but it seems they're not even the least bothered by their customers' problems and so they didn't have the decency to do that either.

Its only because of the methods that have been discovered by some enterprising individuals who were fed up with dlink's poor customer support to fix this problem has it been possible for users who were plagued by this issue to continue using this device(like me),otherwise they would've had no choice but to toss it into the garbage! Even their tech-support staff seem to be totally incompetent and absolutely lacking in any sense of professional ethics-when someone asks for their help they don't even have the courtesy to reply or offer him any kind of support!

So which company can be considered to be the most reliable when it comes to networking devices?I thought tplink was better,until i read several complaints on sites like amazon.in by users who had faced numerous problems with their products(including the very same exploit that i encountered with my dlink router) but had received no help whatsoever from tplink,despite complaining to them repeatedly and so they were asking everyone boycott their products.Is netgear any good?


----------

