I just ordered a new router, a Netgear WNDR3700.
While this latest Netgear dual-radio router has been winning positive reviews, I really wasn’t in the market for a router. I’d been using a perfectly functional Dlink DiR-655. Then I updated the firmware to version 1.33NA and all hell broke loose.
My home network is relatively complex, in that it’s a mixed network, with both gigabit wired connections and Wi-Fi. I’ve got Cat 5e drops in the family room, living room, my wife’s office and the kids’ bedrooms. All these are tied into a Leviton structured wiring panel with a pair of Netgear 16-port gigabit Ethernet switches.
The router is connected to an SMC gateway that mainly functions as a cable modem to Comcast Business – it’s routing features and DHCP are disabled. The Dlink router is tied to the gateway through its WAN port, while one CAT 5e cable runs from one of the router’s four gigabit Ethernet ports to one of the Netgear switches.
Wi-Fi needs are a little simpler. We have a couple of laptops that occasionally connect via wireless, a Nintendo Wii that’s rarely used, an iPad and an iPhone. Security is set to auto select between WPA/WPA2 plus either TKIP or AES. I’ve never worried about wireless throughput, because our Wi-Fi needs are pretty simple.
One day, I realized I’d had the Dlink router for over a year, so decided I’d update the firmware.
Big mistake.
The latest version of firmware for the 655 is 1.33NA. I had been running 1.21 with no issues whatsoever. Dlink did publish a notice that, as of 1.31, you couldn’t downgrade to a lesser version. Even after updating the firmware, I’d been having no difficulties.
Then, about ten days ago, my web browsers throughout the house were being hijacked.
After a firmware update, the DIR-655 will sometimes hijack your web browser and redirect it to the SecureSpot site.
This happened to every system in the house, whether connected via wired or Wi-Fi. My initial reaction was that some type of Trojan had infiltrated all my systems, despite AV software and the hardware firewall.
A call to Dlink tech support revealed that this was a known issue, though the support person didn’t know the root cause. The temporary fix is to enable Securespot in the router advanced management page, then disable it.
Securespot is a web filtering and parental control system that uses a remote web site, coupled to settings in the router, to control access to the web.
There are a number of threads on the Dlink forums about this topic, as well as becoming noted by a number of, including Revision 3 and other sites. A Dlink technical engineer, going by the handle “Lycan”, eventually posted in the Dlink forums, with information on the root cause. Here’s what he wrote, verbatim, in the key post:
“I’ve discussed the issue at length with Besecure (Securespot). The issue is that their regestration servers have moved. This means that anyone that had tried the trial for the service is having their routers reactivated.
Currently we are working to *possibly* release a non-securespot firmware to address the issue from our side while bsecure gets their server issue sorted.”
So Dlink is aware of the root cause of the problem. Supposedly, this weird hijacking should only occur if users have registered previously for Securespot’s free trial – even if they quit after the initial trial period. As I noted earlier, the temporary fix is to enable and then disable SecureSpot in the advanced management page in the DIR-655 web interface.
The key word here is “temporary.” My systems still get hijacked by SecureSpot, roughly every other day. It’s one of the most annoying and ridiculous bugs I’ve encountered in a long time.
To date, there has been no updated firmware and no permanent fix. Other than Lycan trying to stem the tide, Dlink’s response has been almost nonexistent.
So I’m getting a new router. Judging from the tone of many frustrated Dlink customers, I’m not alone.
Loading tweets...
13 comments
1 ping
Brandon Champion says:
May 11, 2010 at 1:35 pm (UTC -7 )
I have 1.32NA, which has a bad problem with DNS several times a week… but I think I’d rather have that problem than get redirected to SecureSpot randomly.
Mike says:
May 11, 2010 at 2:17 pm (UTC -7 )
Ugly. One of those cases where the old “if it ain’t broke – don’t fix it” alarm would have come in handy…
OnShoreLeave says:
May 11, 2010 at 5:50 pm (UTC -7 )
Check out the rollback firmware if you haven’t found it yet.
http://www.ispgeeks.com/wild/modules.php?name=Forums&file=viewtopic&p=15943
Markeyse says:
May 12, 2010 at 11:39 pm (UTC -7 )
I installed a dlink router at a clients house, and never really liked it. If you do get a new one, look at either Linksys or Netgear.
Mike Kozlowski says:
May 13, 2010 at 12:14 pm (UTC -7 )
I’m really curious about how well the 3700 works. I’ve been meaning to buy a replacement for our aging WRT54G, and had been eyeing that one, but was scared off by some bad reports.
Joe C. says:
May 17, 2010 at 3:21 pm (UTC -7 )
I also noticed that the stability was definitely affected after upgrading to 1.33 on my DIR-655 as well. How can I check to see if I’m also experiencing hijacking?
frank d says:
May 20, 2010 at 5:14 pm (UTC -7 )
dlink has an updated firmware out to fix this
http://www.dlink.com/products/default.aspx?pid=DIR-655&tab=3
C.J. says:
May 22, 2010 at 9:01 am (UTC -7 )
Sadly, I had this same problem…and gave up after reading the d-link forum thread and purchased the apple wireless router. No problems….EASY set-up…I just wish dlink would reimburse us…what a waste of money…I thought I had purchased a quality router….
DaveMcLain says:
June 18, 2010 at 7:13 pm (UTC -7 )
I had a DIR-655 router in my home network for a while. It was given to me by a friend and it came with an early firmware version. When I first set it up of course I updated the firmware to version1.32, MISTAKE! This version had the flaky DNS functions. I used it for a while and then switched to a Linksys WRT320N which has been an EXCELLENT router. The D-Link and the Linksys have both had fine coverage in my house.
I believe that the D-Link hardware is fine but their firmware is pretty awful. Lots of features but low reliability. They have a new 1.34 version out now but I’m using the D-Link in another installation strictly as an AP. It does this well and it’s been very reliable with most of the firmware “features” set to off.
David McCabe says:
June 19, 2010 at 8:17 pm (UTC -7 )
Glad I read this as I check for updates every couple of months. Thanks Loyd.
Nathan says:
July 1, 2010 at 8:04 am (UTC -7 )
Don’t buy any wireless router with an Ubicom chipset! The D-link DiR-655 is one of them.
Xel says:
August 27, 2010 at 2:29 pm (UTC -7 )
The problem of the Browser search Hijacking is caused by the firmware (spyware) on the D-Link Routers. They are making money from it by benefiting from searches. To test it, hook up your computer straight to the ISP modem without going through the router. Most likely that will eliminate the hijacking issue. Write to D-Link and complain. Better yet, take the router back for a refund and get a different brand.
Al says:
April 10, 2011 at 4:47 pm (UTC -7 )
I just (what I thought was upgraded) to a DLink about a month ago and bam! I I’m hijacked by their search. I rebooted the modem and router and so far so good, but this is a year later! I never had this problem with my Linksys.
Tweets that mention The Case of the Hijacking Router « All Topics « Improbable Insights -- Topsy.com says:
May 11, 2010 at 11:54 am (UTC -7 )
[...] This post was mentioned on Twitter by loydcase. loydcase said: The Strange Case of the Hijacking Router: http://bit.ly/cxI15J [...]