> "I added firewall rules that blocked access to the router from outside the local network," Alexey said.
This could very well be what's causing the outrage from operators... suddenly losing connection with your router that's in some data center 3 hours away - requiring a drive-over just to discover it's some dude adding rules to your production equipment would be upsetting.
There's legitimate reasons for remote operators to have remote access from outside the network. Obviously the router should be secured with latest updates that guard against known exploits, but this could be a major pain for some operators.
(you'd also have to roll back to some backup since there's no telling what else the guy changed, even if you feel he's more-or-less trustworthy... which means more downtime for your customers)
assuming, at least, that the Google translation is decent: "It seems to be even good, but the admin’s account has severely cut the rights, the attackers created another one with full rights. The office is far away, the provider settings are pppoe, we can’t remove back-ups, we can also unload the config, advise how to be?"
But still, why would you upset? At the very least this guy has made you aware of a known security hole in your router. Sure, the timing maybe inconvenient, but at least you now know there is a problem you have to attend.
Would you rather leave the hold open and be happy in your ignorance if the security problem in your network?
It is trivial to secure a system by powering it off and disconnecting it from the Internet.
That also makes said system useless for getting work done.
Many people do not care about security at all; they just care that it "works". If we want the world to be more secure, the best (but hardest) way to make that happen is to make it cheaper/easier/faster to be secure than to be open (for example, Let's Encrypt).
yes, you can also dump toxic waste into the river, and that "works" just as well, but it makes you a bad citizen. of course, most people don't care about that, so it takes other people to force them to stop dumping.
This could very well be what's causing the outrage from operators... suddenly losing connection with your router that's in some data center 3 hours away - requiring a drive-over just to discover it's some dude adding rules to your production equipment would be upsetting.
There's legitimate reasons for remote operators to have remote access from outside the network. Obviously the router should be secured with latest updates that guard against known exploits, but this could be a major pain for some operators.
(you'd also have to roll back to some backup since there's no telling what else the guy changed, even if you feel he's more-or-less trustworthy... which means more downtime for your customers)