I had one customer last week having all the devices on her network receiving errors that the site they were trying to connect to “was not secure/Your connection is not private errors”. Occurred on multiple browsers and devices. The screens were showing redirects to replicon.com and clickserve.dartsearch.net. We tried multiple things to try and fix this and nothing worked until we bypassed the R190W router and the problem disappeared. We replaced the router with another brand and all has been working fine since then.
The yesterday the exact same thing happened with another customer with a R190W router.
Routers were on R4.75-R2, have since upgraded to 4.81-R4.
Has anyone else seen this type of thing?
Yes, I will raise a ticket.
Have the DNS settings on the router been changed? If so, does the system log say anything about when those settings were changed?
EDIT: I looked at your support ticket and see that the DNS mode on the router is set to Manual and the primary DNS server was 77.73.131.151. A little googling suggests that this is indeed a malicious DNS server.
It is likely that some malware on your network (or the customer’s home network, although if it is affecting multiple customers it is more likely to be yours) has logged in to the router and changed the DNS settings.
You need to ensure that all the routers are running up-to-date software. If you are using default passwords (or easy-to-guess passwords) on these routers, you need to change them as soon as possible.