I just wanted to post in here to ask people to check their DNS settings in their routers. One of our businesses uses a 2925 and found it on Friday (11/05/2018) had incorrect DNS server listed!

I Googled the IP address and reported it to this site on Monday. I looked back today and it's filling quickly with people with Drayteks!

https://www.abuseipdb.com/check/38.134.121.95

We were running v3.8.4 firmware, now I've updated it to v3.8.8. I've also disabled ALL remote management! We have more routers in a good number for home-based staff, we're about to start to manually check them but I do not want to have to turn off remote management, they are home-based staff after all!

It may be a remote management issue - possibly your user left it at default password (even for a moment - everythings constantly being scanned)
or it might be a LAN-side CSRF:

https://www.draytek.co.uk/support/guides/kb-avoiding-csrf-attacks

As Admin says, I use a 2925, and have no issues at all in that manner.

Perhaps DrayTek could add configuration change to Notification Object?

admin wrote: It may be a remote management issue - possibly your user left it at default password (even for a moment - everythings constantly being scanned)
or it might be a LAN-side CSRF:

https://www.draytek.co.uk/support/guides/kb-avoiding-csrf-attacks

The password was quite long and was only changed back in Feb.

This is more widespread than it would seem see https://www.abuseipdb.com/check/38.134.121.95?page=2#report

I doubt this is down to a remote admin issue.