Through 2026 a wave of botnets has been quietly taking over aging home routers and using them to launch denial-of-service attacks, scan the internet, and relay traffic so the real attackers stay hidden. Campaigns tracked this year have hijacked thousands of old Linksys and D-Link models, exploited outdated DD-WRT firmware, and targeted unpatched routers across many brands. If your router is several years old and has never been updated, it is a realistic target. Here is how to check and what to do.

How old routers get hijacked

Most of these attacks rely on the same things: known vulnerabilities that were patched years ago but never applied, exposed remote management, and UPnP left enabled on the internet-facing side. Devices that stopped receiving firmware updates - so-called end-of-life hardware - are the easiest marks, because the security holes simply never get closed.

Signs your router may be compromised

Infections are designed to be quiet, but watch for:

  • Noticeably slower internet or high "idle" activity - the router's lights flicker constantly even when nobody is using the network. (See what your router lights mean.)
  • The router running hot or rebooting on its own.
  • Settings you did not change - new DNS servers, altered admin password, or unfamiliar port-forwarding rules.
  • Unknown services or open ports, such as an SSH service on an unusual port that you never enabled.
  • Your ISP or a service flagging your connection for suspicious traffic.

What to do right now

  1. Reboot the router. Many of these infections live only in memory, so a power cycle clears the active malware (though not the underlying vulnerability). See how to reset your router.
  2. Update the firmware to the latest version from the manufacturer. This closes the holes the botnet used to get in.
  3. Change the admin password to something strong and unique - never the factory default. Our default password directory shows just how guessable factory logins are.
  4. Disable remote administration so the management interface is only reachable from inside your home.
  5. Turn off UPnP unless you specifically need it - see should you disable UPnP?
  6. Factory reset if you suspect a persistent infection, then reconfigure from scratch with the steps above.

When updates are not enough

If your router no longer receives firmware updates, no amount of configuration makes it safe - the known holes stay open forever. The durable fix is replacement. We cover the warning signs and timing in when should you replace your router, and you can find current options in our router reviews.

Lock down the rest of your network

A clean router is one layer. Pair it with WPA3, a segmented network for smart-home gadgets, and good password hygiene from the best home network security plan.