Issue with DLink 2520u adsl modem-firmware getting hacked repeatedly.

[quicky008]

I have a Dlink 2520u adsl modem that's used for internet access on my bsnl bb connection-however the modem has been acting rather strangely of late and tends to get disconnected from the internet every 10-15 mins(even though there's no fault in my connection or phone line).The stock modem that was supplied by bsnl works just fine-so it was pretty obvious that something's wrong with my dlink modem.After googling the issue i learned that there's a bug in 2520u's firmware that makes it susceptible to dns hijacking which can cause it to malfunction.I found that my dns settings have been changed without my knowledge to 128.199.198.127 from 8.8.8.8(i was using Google Dns earlier).Then i performed a full reset of my router and changed the password for its config page after which it worked properly for about 3-4 hours and didn't get disconnected even once during this period.However shortly after that the problem resurfaced once again and the modem started getting disconnected frequently-the only way to get it working was to turn it off and then back on again.


Some users who have also experienced similar issues have suggested that selecting "deny all" under "remote management" in the device's config page might resolve this issue-however when i tried doing so i found that no such options are present in my modem.Then i realized that my modem was running a really old version of the firmware which is outdated and doesn't include many of the options that have been provided by default in newer versions of this device.Then i downloaded the latest firmware from dlink's website and tried updating my device but the update ended with a fatal error,probably because the firmware was not fully compatible with my modem.

So now i am in a real quandary and don't know what i should do-is there any way to fix this problem or do i have to discontinue using it?The device has worked well for the last 4 years and this problem has started only recently.Can this problem be fixed by a firmware upgrade?If yes,please suggest from where can i obtain the most up-to date version of the firmware that would be compatible with my modem.
Various details about my device are listed below:

Model-DSL-2520U
H/W: T1
F/W: IM_1.00

 

[amit.tiger12]

Some says don't keep running router for 24 hours straight. Give a break to router every 4-6 hours.. this will help to boost to its original strength speed coverage lifelong duration

 

[arijitsinha]

Some says don't keep running router for 24 hours straight. Give a break to router every 4-6 hours.. this will help to boost to its original strength speed coverage lifelong duration

who said this tiger ji.

 

[amit.tiger12]

who said this tiger ji.

Old people..

 

[chris]

Old people..

lol, we all should practice this, not just modem
[MENTION=33037]quicky008[/MENTION]

Is there anyway you can change the IP on which the web interface listen to ? If yes, listen to local IP only (internal) so no one outside can access it. You have secure password ?

 

[quicky008]

^i don't think the IP address is changeable-the modem is configured to display its settings page @ 192.168.1.1 and its seems unlikely that it can be altered.And yes,my password is secure,despite that the firmware gets hacked time and time again.Its appears to be a common issue with DSL-2520u-many users who own this modem have reported that they have also experienced it.The ones who own a newer version of this modem could fix it by changing some settings under remote management,however my modem uses a really old firmware and those settings have not been included in it-so i couldn't do anything to resolve this issue.

If i have no choice but to stop using it,can anyone recommend a cheap and reliable modem(under 1k)that's not susceptible to the "misfortune cookie exploit",unlike dsl 2520u?

 

[chris]

I did remember getting kicked from net, i have TP Link modem. I did check the log found i am getting some incomign requests on my IP from diff IPs that is not normal. Switching modem on/off prevented it as it change your IP. They won't know your new IP.

The modem page of many modems not just listen to 192.168.1.1, but to all IPs. This is bad as anyone on internet can access your modem. I think many new modem allow you to bind web interface to internal IP only.

Can't you upgrade frimware ?

 

[patkim]

DLink routers have a page where you can check for new firmware. It connects to remote server and looks for latest firmware for your model. Do you see any such option therein somewhere?

If there is any option to Enable WAN Ping. Disable that as well.

 

[quicky008]

I did remember getting kicked from net, i have TP Link modem. I did check the log found i am getting some incomign requests on my IP from diff IPs that is not normal. Switching modem on/off prevented it as it change your IP. They won't know your new IP.

The modem page of many modems not just listen to 192.168.1.1, but to all IPs. This is bad as anyone on internet can access your modem. I think many new modem allow you to bind web interface to internal IP only.

Can't you upgrade frimware ?

i tried but got a fatal error when i attempted to flash the firmware with the latest version that's available at dlink's website.

[MENTION=4314]patkim[/MENTION]-I can find no option to enable/disable wan ping in my router's config page-can you tell me where should i look for it?(there's no such option under "wan" in my router).And there's no page for checking the latest version of the firmware either.

 

[patkim]

Generally routers do have an option to enable/disable WAN PING. possibly this model DSL2520 may not be having that option. Also check under firewall or advanced network sections in case any.

 

[topgear]

[MENTION=33037]quicky008[/MENTION] - I've uploaded a Firmwire Update file for your Router .. see if you can upload the firmwire of the router with this and get some more options.

2520UT1.en_upgrade :: Free File Hosting - File Dropper: File Host for Mp3, Videos, Music, Documents.

PS : Don't blame if it breaks your router and you are not able to update the firmwire. You may change the router to a new one so no harm in giving it a try.

 

[amit.tiger12]

^download it from official website...

D-link slow in terms of updates..

 

[topgear]

^^ That's a way too old Router OP is using ( Based on HW version of OP's router ) so Op is not able to find it on D-Links official website. I got the firmwire from a very good source and uploaded on Tinyupload.

BTW, from Norton Safeweb tinyupload does not looks like a very safe place. So RE Uploaded the file here :
2520UT1.en_upgrade :: Free File Hosting - File Dropper: File Host for Mp3, Videos, Music, Documents.

 

[quicky008]

Many thanks topgear-i will try it later and see how it goes!

 

[amit.tiger12]

Be careful while flashing firmware

 

[quicky008]

I have updated it and currently it shows that the new firmware is "ME_1.00" which was released in feb 2011,unfortunately however this new firmware too doesn't contain the options i was looking for-it still resembles the older one i was using earlier.

After updating,the router has worked for the last hour and a half without any issues-I'll have to keep it running all night and check whether it starts acting up again or not.

- - - Updated - - -

After using it for 5-6 hrs straight without issues the router was hacked again and its dns settings were changed,it seems no matter what i do this router will get hacked sooner or later-so i'll probably have to stop using it any further.

Btw i found this page within my router's configuration settings:

d link 2520u - Album on Imgu

Can enabling/disabling any of the options here resolve my problem?


Also can anyone recommend any decent adsl modem within 1k that's not prone to hacking?How about the TP-LinkTD-8816 ?Although the security firm Checkpoint lists it as one of the devices that's susceptible to dns hijacking,is this vulnerability also present in the newer versions of this modem?

 

[topgear]

Except HTTP for LAN remove the tick mark from every other services. But before doing that Reset router, Set a new password and then remove the tick marks.

 

[chris]

Except HTTP for LAN remove the tick mark from every other services. But before doing that Reset router, Set a new password and then remove the tick marks.

This will get it resolved, you don't need anyone over WAN (internet) access your modem pages, if you allow, they try to hack and get in.

Since hacker changed DNS, he may able to get you password with phishing pages, unless you use https for sites. So change your important passwords if you suspend any phishing.

 

[quicky008]

Thanks a lot,topgear and chris:I did what topgear instructed today in the morning and the router has been running non-stop since then and fortunately,that issue has not resurfaced as of yet.If it stays this way atleast till tomorrow,then it can be concluded that performing the above steps has finally fixed this utterly annoying problem for good.

The funny thing is i sent an email to d-link's customer care over 3 days ago in order to apprise them of this issue and ask what should i do to fix it,but they haven't bothered to reply till date-this speaks volumes about how terrible their after sales support actually is-i think i'm gonna avoid buying any d-link products from now on.

 

[chris]

The funny thing is i sent an email to d-link's customer care over 3 days ago in order to apprise them of this issue and ask what should i do to fix it,but they haven't bothered to reply till date-this speaks volumes about how terrible their after sales support actually is-i think i'm gonna avoid buying any d-link products from now on.

I don't link d-link now as i am happy with TP-LINK and its features. Maybe newer d-link models have these features like bandwidth limiting.

But i think most company won't provide such customer support as it is hard for them to handle, also this product may be in EOL. You may have better luck trying their community support forum D-Link Forums - Index