I went to access the webserver to program the unit and instead I was presented with the attached image.
The link embedded in the image is legit (https://www.fbi.gov/contact-us/field-of ... os-attacks).
This is VERY worrisome. How did my device get compromised so that the webpage was re-written? And, why does the FBI think it is being used for DDoS?
I have pulled the device from production and accessed it directly from my laptop (nothing else plugged in) and I get the same message. So, this is not a re-direct. Somebody actually got access to the underlying webserver and rewrote the default index.html page. If I go to main.html, or index.php, I get the correct login screen.
I have not factory defaulted the device to see if that fixes the issue. I want to see if there is anything that can be gleamed from its current state.
The switch still works.
Please advise what needs to be done.
