100s of attempts a week to remote login

[PaulAllen]

Hello new to this site, I'm Paul hello. 

Here's my problem well not mine my Grans, I look in her routers firewall log and see 100s of remote attempts a week to gain remote access mostly from china. what can I do about this.

so far I have written to china telecom and showed them the logs and they just blanked me so I'm guessing they don't care or it's state sponsored so they can use it to hide behind to hack more sensitive targets.

My computer level is stone-age so don't be to technical with any answers, I know how to turn it on and push the buttons uggg and how to play games.

Thanks for your answers if any 

Paul Allen (stone-age man)

[1PW]

Hello new to this site, I'm Paul hello. 

 I look in her routers firewall log and see 100s of remote attempts a week to gain remote access mostly from china.

 

Hello Paul:

 

Just short of normal, this is what almost all of us might see in our router logs.  Although it's disconcerting, you should take comfort in knowing the router is doing its job.

 

Like some forms of email spam, the attacks will likely stop with time, only to be replaced by their successors.

 

Keep your grandmother's router firmware updated along with her system/applications software and hopefully a thoughtful grandson has made sure she has a good quality automatically updated anti-virus application and Malwarebytes Anti-Malware with a Lifetime license.

 

I hope this helped.

[Firefox]

Indeed what 1PW has stated, these port scans are common and pretty much unavoidable. The only thing you can do is keep that router updated and secure, and do not allow remote administration to it and you should be fine.

[PaulAllen]

Thanks gents for the reply

This has been going on for over a year every day relentlessly is that still OK? and I have just discovered an infected userinit.exe file (found by combofix) on her main computer.

I do play games on this computer but only Neverwinter and dont visit any bad sites and I know she does not do anything bad on it as in looking at dubious sites so where and how did this file infect it. Its got past scotty dog, avast, mbam pro, mbae, and comodo firewall and hips. (no bad emaisl have been opened by either of us)

is it me or could something be up here?

I never get anything on my own pc or have any attacks on my router apart from the odd port scan like you say certainly not the amount she gets on a daily basis if they keep rising she will be competing with NASA or some places in silicon valley lol.

Thanks again gents

[John L. Galt]

First off, they're right - it's routine to see such attack attempts.  In years past I used to collect the attempts and submit them to http://dshield.org/ but the major avenue of collecting those logs, namely Kiwi Syslog Daemon, which used to be a free product but was bought out by Solarwinds and is no longer free

 

The best thing you can do now is to make sure the router has a super strong password, that you change it often, and unless you absolutely have to have it on, I'd advise turning off remote management as well.