A local private club have recently gotten WiFi installed however they are doing it by just using a normal BT service that you or I would use at home....

My question is how can it be set up to stop malicious users from say changing the admin password through typing the router IP into the address bar or from unfair use such as downloading torrents etc?

4 Answers 4


You mention two different things, admin access to the router and network usage.

To restrict admin access, such as changing passwords, change the password of the admin account. You need to log into the router to do that. There is usually no need to change the address of the router as it will be known to users anyway (otherwise the network doesn't work!), so leave it as it is if you don't have special needs.

To restrict usage of your network, you can use port blocking. Depending on your router, this may be a tedious task. What you need to do is block all ports of applications that you do not want in your network - BitTorrent typically uses Port 6881 to Port 6999, but some clients randomize their port at startup. A step further you could block everything and only allow specific ports, such as 80 for http/websurfing, Port 21 for ftp, and so on. It is very likely that functionality for your guests will be severly limited. Furthermore, if they really want to, they can always build a secure tunnel to vpn out of your net.

If you are concerned about certain websites (Porn), you can use a URL filter that blocks certain domains. However, this does not stop torrenting.

Overall, I would recommend to block the default ports for file sharing (like mentioned above) in combination with URL filtering, if that concerns you at all. But make sure your admin password is really changed!

One more thing: Keep log files. If you see something happening you don't want to see, this makes it easier to figure out what exactly happened and how to stop is from happening again. Plus, in case you get into legal trouble, you may be able to figure out whose fault it was (from a login name or mac-address). As I come to think about it, how exactly do you manage access?

  • Thanks for a good answer, only problem with what you have said is the part on the admin password, BT home hub has a button that allows anyone to reset the admin password without knowing the previous password. See here: btybb.custhelp.com/app/answers/detail/a_id/32234/~/… (btw the router is placed in a location that guests will be able to get physical access too) At the moment there is just an access password as any WiFi system has to allow you to connect. (WPA2-Personal / AES encrytion)
    – Colin747
    Commented Apr 18, 2013 at 21:13
  • I'd also say to configure the router so that it can only be configured on Wired LAN (if that's an option). Keep the router in a locked closet, have a Laptop with ethernet in the cases you need to configure it. Commented Apr 18, 2013 at 21:15
  • Indeed, physical access complicates security. Is there any option to turn off this functionality? If putting the router in a secure location is not an option, I would consider buying a new one. Depending on your guests, may a little duct tape possibly enough?
    – zuiqo
    Commented Apr 18, 2013 at 21:53
  1. Change the admin password so it's not default
  2. Change the admin IP to something other than the default
  3. If the router supports QOS (quality of service) settings then set torrents and other "bad" traffic to the lowest priority.
  • The problem with changing the admin password is that BT routers have a button to reset the admin password without needing to know thr current password. From what I can see BT home hub has no QoS options.
    – Colin747
    Commented Apr 18, 2013 at 20:54
  • 1
    Most consumer routers have a reset button. Physically secure the router so people can't get to it.
    – John
    Commented Apr 18, 2013 at 21:10

The other answers cover the basics, but if you need to set up QoS to make sure people don't destroy your bandwidth with torrenting, you should look into using TomatoUSB with a supported router and setting up Quality of Service (QoS). The supported routers are mostly consumer grade routers that run $100 or less, and TomatoUSB is free and open source. As well following the basic advice in the other answers, QoS lets you restrict bandwidth for certain activities, plus it has port blocking, logs, and everything else you'd expect.

  • After a quick look at the supported router list it doesn't look like the bt router is supported. Not sure if they'll buy a decent third party router :/
    – Colin747
    Commented Apr 18, 2013 at 21:16
  • You can pick up a supported router, like a Linksys WRTG54L, for $50 if you're really cheap. And it's better than having people mess around with their router settings. If you have to convince them, just remind them that the money spent fixing one time someone changes something in the router, or the gains in speed from making sure people can't eat up all the bandwidth with torrents, make it worth it.
    – ChimneyImp
    Commented Apr 18, 2013 at 21:54
  • They really need to put the router in a cabinet or high enough that it can't be reached for that reset button to be pressed.
    – hookenz
    Commented Apr 18, 2013 at 21:55
  • @MattH, that would make sense.
    – ChimneyImp
    Commented Apr 18, 2013 at 21:56

Depending on the size of your WIFI box you could adapt one of these containers, assuming you put in holes for cords and airflow to prevent access to the reset switch. It would limit physical access unless you have the key or smash the case.

Image secure enclosure example from fixturescloseup.com

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .