Noticing suspicious activity on your home network can be a panic-inducing situation. If you have a feeling that someone hacked the Wi-Fi, it's necessary to act quickly and calmly. Often, this isn't a direct hacker attack, but simply the connection of a neighbor's gadget or a password leak through an app.
The first step is to analyze the current situation without making any sudden moves. You need to determine whether the network is truly compromised or whether it's a router software error. In this article, we'll cover specific action steps that will help. regain control over your digital space.
Ignoring the issue can lead to identity theft or the use of your channel for illegal activities. Therefore, it is important not only to change your password, but also to carry out complete revision security settings.
⚠️ Warning: If you find an unknown device in the list of connected devices, immediately disconnect the router from the internet (pull out the ISP cable) to cut off the attacker's connection to the outside world. However, do not turn off the device itself, as this could disrupt the logs.
Signs of unauthorized network access
You can detect an intrusion by indirect but obvious signs of equipment operation. Users often don't notice these signs right away, attributing them to a poor signal or old equipment. However, a combination of several factors should raise your suspicions.
The first and most obvious sign is a sharp drop in internet speed. If your data plan offers high speeds and videos take hours to load, your channel may be clogged with other people's traffic. This is especially noticeable when downloading large files or playing online games, where the bandwidth increases. ping.
The second sign is strange behavior of the indicators on the router body. The light Wi-Fi or WAN may blink at a frantic rate, even when all your devices are in sleep mode. This indicates background data transfer.
- 📉 A sharp drop in connection speed during peak hours and at night.
- 💡 Active data transfer indication when gadgets are turned off.
- 🔒 Access to the router admin panel is blocked (the password has changed).
- 📱 Unknown devices appear in the DHCP client list.
It's also worth paying attention to search query redirection. If you enter a query in your browser and end up on strange websites with ads, it means there's a problem with the network. DNS hijackerThis is a sure sign that the router settings have been changed by outsiders.
How to check the list of connected devices
For an accurate diagnosis, you need to log into your router's administrative panel. This is the "brain center" of the network, displaying all connection information. It can be accessed through a browser on any connected device.
Open your browser and enter your router's IP address in the address bar. Most often, this is 192.168.0.1 or 192.168.1.1The exact address, as well as the default login and password, are usually located on a sticker on the bottom of the device. If the default information doesn't work, it may have been previously changed by you or an attacker.
After logging in, find a section called "Client List," "DHCP Client List," "Wireless Status," or "WLAN Status." This displays all devices currently connected to your access point.
Review the list carefully. Modern routers often display not only the IP address, but also the device name (for example, iPhone-Alex, Smart-TV) and MAC address. If you see a device named "Unknown" or a gadget you definitely don't recognize, that's a warning sign.
| Parameter | Norm | A suspicious sign |
|---|---|---|
| Number of devices | Equal to the number of your gadgets | Exceeds the actual number |
| Device name | Understandable (Samsung, PC) | Unknown, Generic, Random |
| Traffic activity | Uniform or on request | Constantly high load |
| MAC address | Well-known manufacturers | Unknown vendor |
To check MAC addresses, you can check the settings on your phones and laptops. If there's an extra address on the list that isn't on any of your devices, it means someone hacked the Wi-Fi and is using your network right now.
Emergency measures: blocking and changing passwords
If an intrusion is confirmed, you need to act immediately. The easiest way is to change your Wi-Fi password. This will force the connection to be disconnected for all connected devices, including the attacker's device.
Go to your wireless network settings (Wireless Settings) and find the "Password" or "Pre-Shared Key" field. Create a complex combination of upper- and lower-case letters, numbers, and special characters. Don't use simple sequences like 12345678 or date of birth.
☑️ Emergency network protection
However, if an attacker has managed to gain access to the router's admin panel, simply changing the Wi-Fi password may not be enough. They may have created a backdoor or changed the administrator password. Therefore, be sure to also change the password for accessing the router's settings in the "System Tools" or "Administration" section.
After changing the passwords, reboot the router. This will clear the router's RAM of any temporary scripts that may have been injected into the system. After powering on, the router will begin operating with the new security settings.
⚠️ Note: After changing your Wi-Fi password, all your devices (TVs, phones, smart bulbs) will lose their connection to the network. You will need to manually re-enter the new password on each one.
Setting up MAC address filtering
One of the most reliable security measures is MAC address filtering. Every network adapter in the world has a unique identifier—a MAC address. You can configure your router to allow only a specific list of devices onto the network.
To do this, find the "MAC Filtering" or "Access Control" section in the admin panel. Enable "Allow" mode for the listed MAC addresses. Then manually add the MAC addresses of all your trusted devices to the list.
Now, even if someone learns your Wi-Fi password, they won't be able to connect because their physical address isn't whitelisted by the router. This creates a double barrier for hackers.
Where can I find my phone's MAC address?
On Android: Settings → About Phone → General Information (or Status). On iPhone: Settings → General → About. Look for the line "Wi-Fi MAC Address" or "Wi-Fi Address."
The downside of this method is its labor-intensive nature: whenever friends come over, you'll have to manually enter their addresses into your router settings each time to give them internet access. So, while this method is good for home networks, it's not always convenient.
Selecting an encryption protocol and hiding the network
The security of your network directly depends on the encryption protocol used. Outdated standards WEP and even WPA can be hacked with special programs in a matter of minutes. Make sure the wireless standard is selected in the settings. WPA2-PSK or, ideally, WPA3.
Hiding the network name (SSID Broadcast) is also an effective method. If you disable network name broadcasting, it will disappear from the list of available connections on neighbors' phones and in Wi-Fi scanners. You can only connect to it manually by entering the exact network name (SSID) and password.
To hide your network, find the "Enable SSID Broadcast" setting and uncheck it (or select "Disable"). This will stop the router from broadcasting its presence but will still function.
- 🔐 Use only WPA2-AES or WPA3.
- 🙈 Disable SSID broadcast.
- 📡 Disable the WPS function (it has vulnerabilities).
- 🔄 Update your router firmware regularly.
Be sure to disable the feature WPS (Wi-Fi Protected Setup). It allows connection using a PIN code or a push-button, but it has critical vulnerabilities that make it easy to brute-force the password. It's best to keep this feature disabled in modern routers.
Checking your router for viruses and resetting settings
In rare cases, a router can be infected with malware that changes DNS servers or creates backdoors. If the problem persists after changing all passwords, a virus may remain in the device's memory.
The most radical and effective method is a full factory reset (hard reset). There's a small hole on the router's body with the inscription ResetPress it with a paper clip for 10-15 seconds until the indicators blink.
After this, the router will be "as good as new." You'll need to reconfigure your internet connection (using your provider's credentials) and configure new Wi-Fi security settings. This ensures that any third-party scripts and settings made by hackers are removed.
⚠️ Important: Before resetting, make sure you have a contract with your provider or the information to set up a PPPoE/L2P connection, otherwise the internet may not work after the reboot.
Also, don't forget to check for firmware updates. Manufacturers regularly release patches to fix security holes. Go to "System Tools" → "Firmware Update" and check for a new version.
FAQ: Frequently Asked Questions
Can my neighbor steal my internet if I changed my password?
If you've changed your password to a strong one (WPA2/WPA3) and disabled WPS, it's virtually impossible to hack your internet connection by brute-forcing. However, if a neighbor has physical access to your router or exploited a WPS vulnerability before changing the password, they could theoretically still have access. Changing the password and rebooting the router solves this problem in 99% of cases.
Does the router owner see what websites I visit?
Yes, your router's logs (System Log or Security Log sections) may store DNS requests or IP addresses of visited resources. However, if HTTPS is used (the lock in the browser), the contents of your messages and passwords cannot be viewed, only website domains.
What is the best app to show who is connected to Wi-Fi?
Popular apps like Fing, Network Scanner, and Wi-Fi Analyzer scan the network and display device names, manufacturers, and IP addresses. But the most accurate source of information is always the router's admin panel.
Is it dangerous to leave WPS enabled?
Yes, it's dangerous. The WPS protocol has a vulnerability that allows a brute-force attack to recover the PIN code in a matter of hours. Even if you have a strong Wi-Fi password, enabling WPS can become a backdoor for an attacker. It's best to disable this feature in your settings.