• March 30, 2020, 07:57:39 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Web interface accessible from outside network!  (Read 766 times)

kezzism

  • Level 1 Member
  • *
  • Posts: 4
  • System scavenger
    • Personal Works : Kezzism
Web interface accessible from outside network!
« on: November 12, 2019, 08:21:14 PM »

Greetings, I quite like my D-Link DSR-250 although the custom services and firewall rules were a little verbose to configure, I've had it setup to pass through SSH and MOSH connections to a computer on the other side of the thing for a while now and that has worked great!

The Computer communicates with a nameserver to route a custom domain there as well, dynamically. This makes an easy point to SSH into, and I thought that when I configured that I was only going to pass through the ports and services I specified in the router interface. Well apparently I was wrong.

Tried today to pass through port 80 so I could host a regular website there on the PC here intermittently... but when I went to the site, I SAW THE ADMIN INTERFACE OF MY ROUTER EXPOSED ON THE INTERNET What the hell? Sure enough port 80 is occupied by the DSR router like a sitting duck waiting to get pwned! Apparently it's been like this the whole time.

I just removed the rule I wrote passing port 80 through and I CAN STILL GET TO MY ROUTERS ADMIN INTERFACE. Thankfully yes I've changed my password, but we're all only one vendor sploit away from things going south. How can I turn this off?  There doesn't seem to be an option for it ANYWHERE.


LOOK, nowhere in these images is there a 192.168.1.1 or anything describing forwarding the admin interface outwards


Even if I didn't make a cron job on my PC to update my ISP assigned IP address to a site, even before I touched any configuration on this router apparently if someone would have hit up that IP they would have gotten right into the login screen for my router. This is a HUGE problem. How can I fix this?
Logged

kezzism

  • Level 1 Member
  • *
  • Posts: 4
  • System scavenger
    • Personal Works : Kezzism
Re: Web interface accessible from outside network!
« Reply #1 on: November 12, 2019, 08:28:52 PM »

And yes before anyone asks, all the stuff you'd think would be responsible for this kinda thing happening is turned off



Here's an example of accessing the router's admin interface from the site:


EVEN IF I GOOGLE "WHAT IS MY IP ADDRESS" AND PASTE THAT INTO THE URL BAR IT TAKES ME TO THE DSR-250 ADMIN INTERFACE.
In my opinion, not cool.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Web interface accessible from outside network!
« Reply #2 on: November 12, 2019, 08:54:14 PM »

Link>Welcome!

  • What region are you located?

Are you still connected to the same network as the DSR or you doing this from a remote location from out side the DSRs network on the WAN side?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

kezzism

  • Level 1 Member
  • *
  • Posts: 4
  • System scavenger
    • Personal Works : Kezzism
Re: Web interface accessible from outside network!
« Reply #3 on: November 13, 2019, 10:35:55 AM »

I'm in the US

And now that I'm out and about (on Cellular) sure enough I can't reach my Router's configuration page  :P

Oof, I can't reach my services either but that's probably because I haven't fully configured the firewall on the PC yet.

We'll see how this progresses, I'm still surprised that on the local network it's accessible but I guess that's because it does some DNS stuff too
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Web interface accessible from outside network!
« Reply #4 on: November 13, 2019, 11:38:27 AM »

The router management page will always be accessible from the LAN side. If it was disabled, you could not configure it.
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

kezzism

  • Level 1 Member
  • *
  • Posts: 4
  • System scavenger
    • Personal Works : Kezzism
Re: Web interface accessible from outside network!
« Reply #5 on: November 17, 2019, 09:29:51 AM »

On a similar note though, I tried to forward port 80 so I could access a webserver inside my network remotely. Every other port works except for that one when I make services for them. Should I be using the address translation? Like if I want to run that service on port 8000 on the machine inside my network but have that route to port 80 outside so when the IP address gets hit by a browser they're brought to port 8000 inside, what should I put in the options for the service?


Is that where the Source Port Range options come in in the service menu?
Logged