i just got a wireless router from a friend so my son could play his Wii/Dsi online.the problem i am having is that i cant figure out how to lock it and i cant find it anywhere on my CPU to change setting etc.

also how bad is it to leave it unlocked? can some one hack my computer?
i have already noticed other people using my signal.

any help would be appreciated.

open up a web browser and go to 192.168.1.1 or 192.168.0.1. That should bring you to the web interface of the router. What brand is it?

i just got a wireless router from a friend so my son could play his Wii/Dsi online.the problem i am having is that i cant figure out how to lock it and i cant find it anywhere on my CPU to change setting etc.

also how bad is it to leave it unlocked? can some one hack my computer?
i have already noticed other people using my signal.

any help would be appreciated.

Somebody could REALLY fuck you up if you leave it unsecured.
They could set you up BIGTIME if somebody does not like you and wants to screw your life up.

Once you answer Myles question, there's "default" logins like admin/admin (user-password) and the first thing you do is change those defaults. That's crucial. Most geeks know these settings and if you overlook this, somebody could lock you out of your own router.

Once you login and change the default password, enable WEP and it's also best to configure the network to only allow the IP's of your computers and require authorization to add another, even if the SSID is known and the password is known. Enable the highest level of encryption the router supports. and do not broadcast the SSID.

admin/admin - admin/password - no login/password - no login/admin are the standard linksys/dlink/netgear ones.

Use WPA2 with SHA encryption. Never use WEP,it would take me 15-30 min to crack and gain full access to your network. WPA would require me to capture a 4way handshake then start cracking it off site. Once I get it then I gain full access to your network.

open up a web browser and go to 192.168.1.1 or 192.168.0.1. That should bring you to the web interface of the router. What brand is it?

i'll check and post when i get home from work.

admin/admin - admin/password - no login/password - no login/admin are the standard linksys/dlink/netgear ones.

Use WPA2 with SHA encryption. Never use WEP,it would take me 15-30 min to crack and gain full access to your network. WPA would require me to capture a 4way handshake then start cracking it off site. Once I get it then I gain full access to your network.

You're assuming his router supports it. Most of the older routers do not.
and since you're such an uber-hacker and all, why didn't you patch those freeware programs you used on Ron's website???

You're assuming his router supports it. Most of the older routers do not.
and since you're such an uber-hacker and all, why didn't you patch those freeware programs you used on Ron's website???

What freeware programs did I use on Ron's site? I used a framework and coded it from there. Same thing that is running on it now. If I recall the part of the site that was exploited was the gallery that was there before I helped him with his site.

I'm hacking you now since I have your IP :nutkick

Stay on subject Greg.
I can tell you one thing about coding... You can work on one thing forever, but just how much does a customer want to pay for.

Im on your gige Cryptic, there is no stopping me now.

And Greg, if you had your php permissions set properly, it stops most of the exploits in unpatched programs, like the photo gallery that was injected into.

I learned that lesson with a customer who had Joomla installed and too many PHP permissions and directory rights... Holy fvck you can take down the hole box.

You're assuming his router supports it. Most of the older routers do not.
and since you're such an uber-hacker and all, why didn't you patch those freeware programs you used on Ron's website???

You should know what your talking about before you spew your bullshit.

You should know what your talking about before you spew your bullshit.

You should mind your own fucking business asshole...

You should mind your own fucking business asshole...

You should take your own advice ASSHOLE.:thumbsup

*circles*
http://farm1.static.flickr.com/165/426345293_17f4e52693.jpg

*circles*
http://farm1.static.flickr.com/165/426345293_17f4e52693.jpg

No No just pillow talk.:rolf

*circles*
http://farm1.static.flickr.com/165/426345293_17f4e52693.jpg

http://image3.examiner.com/images/blog/EXID13230/slideshows/090901051826Turkey%20Vulture%201%20cropped.jpg

*circles*
http://farm1.static.flickr.com/165/426345293_17f4e52693.jpg

WAIT WAIT WAIT!

Is that a BLACK GUY playing hockey? I call photoshop.

:durr

WAIT WAIT WAIT!

Is that a BLACK GUY playing hockey? I call photoshop.

:durr

wtf? :rolleyes:

admin/admin - admin/password - no login/password - no login/admin are the standard linksys/dlink/netgear ones.

Use WPA2 with SHA encryption. Never use WEP,it would take me 15-30 min to crack and gain full access to your network. WPA would require me to capture a 4way handshake then start cracking it off site. Once I get it then I gain full access to your network.


thanks for your help. both of you above post where very helpful. :thumbsup

i did change the password/log in and hid the ssid but it seems the dsi will only work with a WEP setting unless I'm missing something.

this i kinda neat posting with a gameboy. lol

That's right, the ds might be gimped in that area. Try updating the system or just live with WEP. If someone really wants to get in your network they will always find a way.

thanks for your help. both of you above post where very helpful. :thumbsup

i did change the password/log in and hid the ssid but it seems the dsi will only work with a WEP setting unless I'm missing something.

this i kinda neat posting with a gameboy. lol

You're welcome... I kinda figured you had a router that only supports WEP. I guess "use the highest level of encryption the router will support" wasn't a clear enough statement to some people... :rolleyes:
One other thing that can help, if you didn't change the default SSID, do that also. Somebody wardriving could still guess the typical default SSID's like "NETGEAR" or "Linksys" if they wandered into your zone. If they have a sniffer they will find your signal anyway, but it will still put up another line of defense to the typical kiddie wardrivers with laptops if you change the default SSID.
Make sure you have a decent firewall and set it up properly and you should be ok.

Now Andy, am I allowed to comment on the PHP comments you made, or will I get bitch-slapped?
You said "stay on topic" and then you proceeded to answer the off-topic PHP info. :goof

I'll risk answering... My server was not "brought down" and no damage was done. There was a directory with 777 permissions (!) on the partition for Clocks Off Racing.
The firewall prevented "problems"
Go ahead and try to gain shell access, you'll get your IP banned automatically... :thumbsup

It's always a cat-and-mouse game. You block this attack and they try that. Been going on as long as there's been an internet...

A guy like Myles could earn a good living by being hired to "intentionally attack" a server and identify exploits. Companies pay good money for those skills...

My situation was similar. Joomla required permissions to write to a directory (for lazy administration so everything could be done from a web GUI) So customer big hammered the a directory with the 777 permissions. That and having some PHP functions not disabled allowed an exploit to be uploaded to that 777 directory. Functions were remotely executed which made server slow/unresponsive. Nothing was truly compromised. It just pissed me off.


Here's an example list of functions that should be considered to be disabled in the php.ini

"apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"

My situation was similar. Joomla required permissions to write to a directory (for lazy administration so everything could be done from a web GUI) So customer big hammered the a directory with the 777 permissions. That and having some PHP functions not disabled allowed an exploit to be uploaded to that 777 directory. Functions were remotely executed which made server slow/unresponsive. Nothing was truly compromised. It just pissed me off.


Here's an example list of functions that should be considered to be disabled in the php.ini

"apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"


Yuppers... Thing is, as you well know, the exploits keep coming. How many "CRITICAL UPDATE" notices have you got from VB this week? :D
Patch this, patch that, SQL injection exploit warning, etc...
Sometimes updating PHP turns into a nightmare because programs don't keep up with the changes and are rendered null and void, and then your clients call up screaming that their website is broken...

Oh yea, forgot also- if you setup the firewall correctly, it will alert you if any programs on any of the client side are using SENDMAIL or ewhatever, and you can track unusual activity such as a hacker using an website to send out "You must update your Paypal info NOW" kinda crap...