Netonix "Seized" by FBI

User avatar
joeyr-stc
Member
 
Posts: 17
Joined: Fri Dec 15, 2017 1:50 pm
Has thanked: 2 times
Been thanked: 1 time

Netonix "Seized" by FBI

Fri Aug 02, 2024 11:26 am

One of my Netonix switches (WS-8) on ver: 1.5.16 had its webserver "seized" by the FBI (see attached image). It is claiming that the device is acting as a 'DDoS-for-hire service'.

I went to access the webserver to program the unit and instead I was presented with the attached image.
The link embedded in the image is legit (https://www.fbi.gov/contact-us/field-of ... os-attacks).

This is VERY worrisome. How did my device get compromised so that the webpage was re-written? And, why does the FBI think it is being used for DDoS?

I have pulled the device from production and accessed it directly from my laptop (nothing else plugged in) and I get the same message. So, this is not a re-direct. Somebody actually got access to the underlying webserver and rewrote the default index.html page. If I go to main.html, or index.php, I get the correct login screen.

I have not factory defaulted the device to see if that fixes the issue. I want to see if there is anything that can be gleamed from its current state.
The switch still works.

Please advise what needs to be done.

Image
Joey Robertson
STC
Mobile, AL

User avatar
sirhc
Employee
Employee
 
Posts: 7419
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Netonix "Seized" by FBI

Fri Aug 02, 2024 12:06 pm

Go to proper thread

viewtopic.php?f=17&t=8066
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 50 guests