[jeroenhd]

> I later found out that IPv6 was globally addressed with no firewall.

Crazy! What brand router was this? I've never seen an IPv6 capable router configured to permit all traffic by default.

[tonymet]

MSI. Many router vendors have sloppy configuration . It's always good to double check.

[BenjiWiebe]

Me neither, and I've even checked an old ISP-provided router.

[psd1]

Mate. The shit that a retail ISP will send to the punters. Adjust your expectations sharply downward.

The reason this crap ends up in botnets is because it suits retail ISPs to have a common password for their own access. I've found that password on a forum and used it to get higher privileges than I had with my own login. And yeah, web management over the WAN was enabled by default.