Community discussions

MikroTik App

Search found 1700 matches: hacked

Searched query: hacked

by optio
Fri Oct 04, 2024 5:53 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Maybe stupid question, but couldn't the (safe/complex/random/whatever) password be asked during the netinstall process for those (older) devices that still have the blank one?
Good suggestion! It will cover user access security if internet access is on any interface.
by optio
Fri Oct 04, 2024 5:30 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

How do you suggest the router will determine which port has internet access, and then disable it? You can't disable all interfaces. Is it possible to have internet access without default route is set? If not, which other than LTE can dynamically set default route without config? Edit: But this is i...
by jaclaz
Fri Oct 04, 2024 5:23 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Maybe stupid question, but couldn't the (safe/complex/random/whatever) password be asked during the netinstall process for those (older) devices that still have the blank one?
by Amm0
Fri Oct 04, 2024 4:49 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Just some clarification, all devices with LTE and WiFI come with default password for at least a year, I think. I have to check for up to date info. I think the last remaining devices with no password are CCR series. and if y'all add eSIM support... you'd have to provision something in config for L...
by normis
Fri Oct 04, 2024 4:44 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Just some clarification, all devices with LTE and WiFI come with default password for at least a year, I think. I have to check for up to date info. I think the last remaining devices with no password are CCR series.
by Amm0
Fri Oct 04, 2024 4:41 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Sure, "interesting case" here, as @optio put... But solution is for @normis/team to update the netinstall and reset-configuration docs to clarify to REMOVE any potential internet source, including SIM cards. So, yes, "what if my SIM is stuck" - you hopefully find this thread. But...
by SystemErrorMessage
Fri Oct 04, 2024 4:34 pm
Forum: General
Topic: cloudflare fights off a record amount of DDoS traffic, mikrotik one of the main culprits
Replies: 5
Views: 584

cloudflare fights off a record amount of DDoS traffic, mikrotik one of the main culprits

... is there any way to check if your mikrotik router has been hacked? i know its possible for asus as ssh access is very useful but i never use asus as my main router only wifi. I know people use mikrotiks a lot ...
by normis
Fri Oct 04, 2024 3:49 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

How do you suggest the router will determine which port has internet access, and then disable it? You can't disable all interfaces.
by anav
Fri Oct 04, 2024 2:42 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Exactly, which I suggested above...
ROS without config should not have internet access because of exposed services.
On that we can agree LOL.
by optio
Fri Oct 04, 2024 1:09 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Exactly, which I suggested above...
ROS without config should not have internet access because of exposed services.
by rextended
Fri Oct 04, 2024 12:52 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

There is an even simpler solution: On newer versions of RouterOS leave LTE turned off, it will be turned on in case of defconf that also set firewall in place.


Reset or netinstall without default config = no interface active except etherX and sfpX, like wifi is disabled if no default config.
by normis
Fri Oct 04, 2024 9:21 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

New devices come with a default password. This is the only way I think can solve this issue.
by optio
Thu Oct 03, 2024 9:50 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

@Ammo As you wrote, not a common case, several cases matched: issue with SIM slot failed ROS upgrade - unable to boot, this is preventing for eg. configuring SIM pin before not expected netinstall (as @rextended suggested) without inserting it into another device public IP over LTE due to changes on...
by rextended
Thu Oct 03, 2024 9:46 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Since in my test lte1 started immediately, but it took a while for the SIM to register to the network, it is more than enough to immediately set the password to the admin user, logging in immediately as soon as RouterOS has started... Easy step for not remove the SIM: Enable PIN, netinstall, do conf...
by anav
Thu Oct 03, 2024 9:30 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

or just apply script... It seem logic is here - more stupid people are ones which cannot for any reason remove SIM than ones that don't know that lte1 needs to be enabled to have internet access (if is mitigated like that) Go ahead and rely on scripts the rest of the "real" IT human race ...
by Amm0
Thu Oct 03, 2024 9:18 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

I think the FUD is a bit overblown. There is nothing to worry about a SIM being in a new unit with factory defaults. The default firewall will protect you and all LTE devices come with a firewall. And on newer AX things, there not a lot of reasons for netinstall, less so in starting from empty confi...
by infabo
Thu Oct 03, 2024 9:17 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Maybe first line in provisioning script could disable all IP services:
/ip/service/disable [find]
Later on when IP firewall rules are added or at end of script you can selectively re-enable needed services with proper "address" restriction.
by optio
Thu Oct 03, 2024 9:12 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Inconvenience to get convenience
by holvoetn
Thu Oct 03, 2024 9:09 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

I get your point and I do agree default inactive interface is the best way, security-wise.
But it may be inconvenient for some to enable it again :D
by optio
Thu Oct 03, 2024 9:07 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Choose: convenience or security ?
Maybe convenience is not right term in case when such HW issues are present and requires a lot of effort to eject SIM including risk to damage it, convenience can be for eg. laziness when simple push-to-eject SIM is available.
by holvoetn
Thu Oct 03, 2024 8:56 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Maybe reading a bit carefully won't hurt ... In some cases removing SIM from slot is not convenient ... then providing simple script to netinstall with command which disables lte1 interface is the way... Convenience is a factor which has a huge impact towards lowering security. Human factor BTW is ...
by infabo
Thu Oct 03, 2024 8:52 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Sure, disable lte1 interface in script. But keep in mind, you have to wait until lte interface is available. Here is how default-configuration does it - in a very cumbersome while loop but this is how (limited) ROS scripting: :local count 0; :while ([/interface lte find] = "") do={ :set co...
by optio
Thu Oct 03, 2024 8:43 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

or just apply script...
It seem logic is here - more stupid people are ones which cannot for any reason remove SIM than ones that don't know that lte1 needs to be enabled to have internet access (if is mitigated like that)
by infabo
Thu Oct 03, 2024 8:35 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

A question of priorities: getting hacked or remove SIM. 🫣
by optio
Thu Oct 03, 2024 8:32 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Maybe reading a bit carefully won't hurt
...In some cases removing SIM from slot is not convenient ... then providing simple script to netinstall with command which disables lte1 interface is the way...
by anav
Thu Oct 03, 2024 8:23 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Genius, brilliant! Solution of the century. So basically remove the invisible cable wire.... who would of thunk it.........
by holvoetn
Thu Oct 03, 2024 8:21 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

You can always install without SIM being present.
Result: no LTE.

Mission accomplished.
by optio
Thu Oct 03, 2024 6:53 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Generally speaking that is correct, but LTE device is specific when performing netinstall without config, it can provide internet connection without any config if connects using network provided APN and default route is dynamically assigned to LTE WAN IP, in other cases you need at least assign defa...
by anav
Thu Oct 03, 2024 4:18 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

The logic is NOT to connect to the internet until firewall rules are in place and admin information/access to router has been changed from default and secured. Relying on default anything in the router is the wrong approach. Just dont attach the cable or sim card etc, until the router is ready to be...
by Iliasla
Thu Oct 03, 2024 9:22 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

When resetting the router configuration, WI-FI interfaces are disabled by default. Developers also need to disable the LTE interface by default. This will be logical and will solve this problem. :D
by BartoszP
Wed Oct 02, 2024 3:13 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

You should keep trying netinstall. One suggestion is to unplug everything else from your router and from your computer. Disable wifi if you are on a laptop.
.....
+ Stop any firewall in the PC
by SystemErrorMessage
Tue Oct 01, 2024 6:36 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

... port 53 as source. for ppp if your customers connect using that you can use explicit allow for that protocol from LAN. The reason why you were hacked is because the input side of the router where you can manage it is accesseable from either WAN/customer. If you need remote access to the device ...
by normis
Tue Oct 01, 2024 10:19 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

a hub will help with connectivity issues, it will improve it, yes.
by CGGXANNX
Tue Oct 01, 2024 10:17 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

It's probably the same hack as this https://forum.mikrotik.com/viewtopic.php?t=211182. Multiple people from my country recently also reported exactly the same on a local forum discussing MikroTik topics. The attackers (probably bots scanning RouterOS routers not protected by firewall) add a new user...
by borte6510
Tue Oct 01, 2024 10:14 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

You should keep trying netinstall. One suggestion is to unplug everything else from your router and from your computer. Disable wifi if you are on a laptop. Then connect the device like this: [PC] ----- cable ---- [basic ethernet HUB or simple ethernet switch] ----- cable ----- [router boot port] l...
by borte6510
Tue Oct 01, 2024 10:13 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

netistall hang point RouterBOOT backup booter 3.27 RouterBOARD 3011UiAS CPU frequency: 1400 MHz Memory size: 1024 MiB NAND size: 128 MiB Press any key within 2 seconds to enter setup Please, check ethernet cable... trying bootp protocol...... OK Got IP address: 192.168.88.3 resolved mac address C0:2...
by normis
Tue Oct 01, 2024 10:07 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

You should keep trying netinstall. One suggestion is to unplug everything else from your router and from your computer. Disable wifi if you are on a laptop. Then connect the device like this: [PC] ----- cable ---- [basic ethernet HUB or simple ethernet switch] ----- cable ----- [router boot port] la...
by infabo
Tue Oct 01, 2024 10:06 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

A user can log in but have no rights to open terminal.
Read users can use Winbox terminal. That's not true.
You have no permission to open terminal in Winbox even if you have winbox permission. As said: !local or !telnet prevents opening a terminal inside Winbox.
by borte6510
Tue Oct 01, 2024 10:03 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

thanks for answer. I got the codes piece by piece. How do I recover the device?
by normis
Tue Oct 01, 2024 9:48 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

A user can log in but have no rights to open terminal.
Read users can use Winbox terminal. That's not true.
by borte6510
Tue Oct 01, 2024 9:40 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

no, just type /export in command line (ssh) and you will see all config, and be able to copy from terminal screen

i understand you. there are more than 5000 hotspot users. and the codes are endless. it gets stuck somewhere. but i am trying with serial console. i will report the results.
by infabo
Tue Oct 01, 2024 9:35 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

I am sorry, just edited my previous answer. User may have !local, !telnet, !ssh and thus can't execute export, or I am missing something?
by normis
Tue Oct 01, 2024 9:31 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

no, just type /export in command line (ssh) and you will see all config, and be able to copy from terminal screen
by infabo
Tue Oct 01, 2024 9:29 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

A user can log in but have no rights to open terminal.
by borte6510
Tue Oct 01, 2024 9:27 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

I don't understand, what do you mean "no authorization"?
if you can login, you can use export
did you mean file export?

my user is not authorized to write to disk
by normis
Tue Oct 01, 2024 9:24 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

I don't understand, what do you mean "no authorization"?
if you can login, you can use export
by borte6510
Tue Oct 01, 2024 9:23 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

Yes, I can connect to the serial console. My version is 7.13 booter version 3.27 I can't export. No authorization. I can print but the code is interrupted and not all is visible. I've tried over and over. netinstall won't progress. thank you for the answers. still looking for a solution. After a few...
by normis
Tue Oct 01, 2024 8:00 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

Hello everyone. Our 3011 device was hacked. Our users have been put in read mode. reset button is disabled. and I have no backup outside. we use Custom software for hotspot. configuration is important. how can I proceed. thanks. - What RouterOS ...
by wfburton
Tue Oct 01, 2024 12:16 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

I'v had issues in the past with netinstall. Usually the device, or more specifically the ethernet port of the laptop/pc causing the netinstall trouble. Funnily enough, i'v used usb dongles on the same machine that had a fixed etherport tht didnt work, but the usb dongle allowed the netinstall proce...
by killersoft
Tue Oct 01, 2024 12:03 am
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

I'v had issues in the past with netinstall. Usually the device, or more specifically the ethernet port of the laptop/pc causing the netinstall trouble. Funnily enough, i'v used usb dongles on the same machine that had a fixed etherport tht didnt work, but the usb dongle allowed the netinstall proces...
by wfburton
Mon Sep 30, 2024 11:36 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

netinstall does not see the device. stay in there; setting up elf image... or RouterBOOT backup booter 3.27 RouterBOARD 3011UiAS CPU frequency: 1400 MHz Memory size: 1024 MiB NAND size: 128 MiB Press any key within 2 seconds to enter setup trying bootp protocol.........................................
by borte6510
Mon Sep 30, 2024 11:33 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

No point in resetting anything as you have no idea why this happened and thus it will happen again. Do you a copy of the config prior to hacking to show........... Netinstall is the only viable method of putting a clean load, if the device is accessible. I don't have any configuration. I just saw a...
by borte6510
Mon Sep 30, 2024 11:31 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

netinstall does not see the device. stay in there; setting up elf image... or RouterBOOT backup booter 3.27 RouterBOARD 3011UiAS CPU frequency: 1400 MHz Memory size: 1024 MiB NAND size: 128 MiB Press any key within 2 seconds to enter setup trying bootp protocol..........................................
by anav
Mon Sep 30, 2024 10:07 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

No point in resetting anything as you have no idea why this happened and thus it will happen again.
Do you a copy of the config prior to hacking to show...........

Netinstall is the only viable method of putting a clean load, if the device is accessible.
by kleshki
Mon Sep 30, 2024 9:29 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Re: Our mikrotik hacked

Your device probably has reset jumpers, you may try it. Also, netinstall may help, if bootloader is not in protected mode, otherwise gg.
by borte6510
Mon Sep 30, 2024 9:20 pm
Forum: General
Topic: Our mikrotik hacked
Replies: 25
Views: 1177

Our mikrotik hacked

Hello everyone. Our 3011 device was hacked. Our users have been put in read mode. reset button is disabled. and I have no backup outside. we use Custom software for hotspot. configuration is important. how can I proceed. thanks.
by BrateloSlava
Thu Sep 26, 2024 12:26 pm
Forum: Forwarding Protocols
Topic: Rdp failure
Replies: 4
Views: 544

Re: Rdp failure

... is simple to implement, but very easy to detect by attackers. In a couple of hours you will be watching your computers inside the network being hacked from the outside. And the likelihood of being hacked is very high. By (correctly) Setting up VPN access to the local network. In this case, the ...
by jaclaz
Wed Sep 25, 2024 7:17 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Back to the off topic SIM card size issues :shock: . I think that it greatly depends on how the actual socket receptacle is made, in theory the nano is thinner than the micro (by a teeny tiny amount, 0.67 instead of 0.76 mm) to allow the adapter to have a "back sheet" (that can often be re...
by optio
Wed Sep 25, 2024 7:09 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Thank you for getting the point of this topic. Now regarding applying default config on netinstall, my config is build around it, some defaults are slightly changed, some left as is, but if you export whole config and you need to import it again, it needs to be on clean install because if default co...
by Amm0
Wed Sep 25, 2024 6:49 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

I think @optio is getting a bad wrap here. He was trying re-enforce the point that an attack can happen quickly. And LTE can surprise you since it can, sometimes, take no configuration to come up and work with a public IP. (Now... having public IP on LTE is not that common, and more typical CGNAT fr...
by optio
Wed Sep 25, 2024 6:23 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

And it breaks when you use some amount of force to pull it out of tight slot.
by infabo
Wed Sep 25, 2024 6:19 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Yes, these "frames" are connected initially. You need to break out if you need it smaller.
by mkx
Wed Sep 25, 2024 5:36 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Unfortunately my MNO provides only nano SIM cards with adapters like this so I need to use adapter to insert into router. Isn't it that cuttings for different SIM sizes are not through? So if one needs e.g. micro SIM, only outer piece of plastic has to be removed. The rest is still decently sturdy ...
by infabo
Wed Sep 25, 2024 5:05 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

I used different nano-SIMs from different providers with their adapters and never had an issue. I even once had a microSIM trimmed down with a cutter to the size of a nanoSIM (so I could put it into a smartphone), years later used it in an microSIM adapter again. No problem at all.
by jaclaz
Wed Sep 25, 2024 4:57 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Yep, but if the good Mikrotik guys (who have an established record for omitting even vital documentation and even when documenting it, doing it in the most minimal and succinct possible form) felt compelled to put this info in the manual, adding even a picture, it must mean that the issues with that...
by optio
Wed Sep 25, 2024 4:01 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Unfortunately my MNO provides only nano SIM cards with adapters like this so I need to use adapter to insert into router.
by jaclaz
Wed Sep 25, 2024 3:47 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

The good Mikrotik guys did warn you, though :shock: : https://help.mikrotik.com/docs/pages/viewpage.action?pageId=73826313 SIM slot usage https://manuals.plus/wp-content/uploads/2023/10/Chateau-LTE12-Routers-and-Wireless-User-SIM-slot-usage.png SIM card slot is designed to use with Micro SIM cards. ...
by optio
Wed Sep 25, 2024 2:42 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Connecting to the internet prior to having at least the requisite firewall rules in place is a fools game, unless one is into gambling. Well after thinking why I was doing it like that in the past and not bothering much, it was because my MNO always assigned me WAN IP behind CGNAT over network prov...
by jaclaz
Wed Sep 25, 2024 2:17 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Only for the record, and as a side-side note, besides using the "right" adapter and not attempt to combine two into one, metal adapters (as opposed to plastic) do exist, they don't cost (IMHO) excessively more and they are much more sturdy and the SIM fits in them more tightly.
by infabo
Wed Sep 25, 2024 1:34 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Maybe new models, on my SIM slot doesn't have.
Then you maybe crushed it somehow. My first Chateau in mid 2020 already had that.
by anav
Wed Sep 25, 2024 1:28 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Connecting to the internet prior to having at least the requisite firewall rules in place is a fools game, unless one is into gambling.
by optio
Wed Sep 25, 2024 1:01 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Sometimes 1+2 doesn't make 3.
Ikr, but I had that combination, got it from MNO, so I used it.

Chateau has a push-to-eject mechanism. Did not destroy my nano-SIM adapter in years.
Maybe new models, on my SIM slot doesn't have.
by infabo
Wed Sep 25, 2024 12:52 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Yes sure :) Removed once and destroyed nanosim-to-microsim-to-sim adapter because it was very difficult to pull it out.
Chateau has a push-to-eject mechanism. Did not destroy my nano-SIM adapter in years.
by jaclaz
Wed Sep 25, 2024 12:51 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Removed once and destroyed nanosim-to-microsim-to-sim adapter because it was very difficult to pull it out. Sure, life stinks. :( Anyway, there are three common adapters in a kit: 1. nano to micro 2. micro to standard 3. nano to standard Sometimes 1+2 doesn't make 3. The nano to micro is so thin on...
by infabo
Wed Sep 25, 2024 12:46 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

optio, I know. I've read your report. I know you performed a Netinstall without default config. My response was to kleshki's post:
P.S.: still propose MT to disable api/rest stuff in defconf to prevent such things. Those API hacks seem to be common.
by optio
Wed Sep 25, 2024 12:14 am
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Isn't there a (removable) SIM card? :-? Yes sure :) Removed once and destroyed nanosim-to-microsim-to-sim adapter because it was very difficult to pull it out. defconf has firewall rules in place that dont allow api access from WAN. But basically I agree; API should be disabled by default in defcon...
by infabo
Tue Sep 24, 2024 11:57 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

defconf has firewall rules in place that dont allow api access from WAN. But basically I agree; API should be disabled by default in defconf.
by kleshki
Tue Sep 24, 2024 11:26 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Nah there are lots of hosts that are focused on scanning such things. I got caught by the same thing and ALSO with api but on a fresh CHR on VPS. It's actually your fault that you netinstall with WAN/modem link up, eject it until your config is reapplied and device is secure. P.S.: still propose MT ...
by jaclaz
Tue Sep 24, 2024 11:25 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Re: Device got hacked 1 min after connected to internet

Isn't there a (removable) SIM card? :-?
by optio
Tue Sep 24, 2024 10:11 pm
Forum: General
Topic: Device got hacked 1 min after connected to internet
Replies: 51
Views: 3890

Device got hacked 1 min after connected to internet

... open Terminal (Terminal - not permitted (9)) because I wanted to apply my configuration from export. This raised suspicion and I looked into logs: hacked.png Device got hacked approx 1 minute after connected to internet, created backdoor System user and changed api port. Since Chateau LTE12 is ...
by kleshki
Fri Sep 20, 2024 12:49 am
Forum: General
Topic: CHR dhcp-client in defconf
Replies: 4
Views: 521

CHR dhcp-client in defconf

... situation, where I did fresh CHR installation on a VPS using dd, and was literally too slow to login though VNC and change password before getting hacked - because router received IP and has no password at default, so had to request OS reinstall.
by jaclaz
Wed Sep 18, 2024 2:36 pm
Forum: Beginner Basics
Topic: Lost permisions on router
Replies: 11
Views: 704

Re: Lost permisions on router

It sounds like your device has been attacked/hacked, there are several reports that an user "system" is created with all privileges and admin is limited to only a few ones. https://forum.mikrotik.com/viewtopic.php?t=202945 Only way out ...
by abbio90
Mon Sep 16, 2024 8:28 pm
Forum: General
Topic: Permissions Trouble
Replies: 2
Views: 362

Re: Permissions Trouble

if it was exposed they probably limited your admin account and created the system account. they often get hacked with APIs
by TheCat12
Tue Sep 10, 2024 4:02 pm
Forum: Beginner Basics
Topic: Trouble with DNAT rules
Replies: 2
Views: 433

Re: Trouble with DNAT rules

... is your whole firewall filter, you better unplug your router from the internet, add all missing rules from the forward chain and pray nobody has hacked anything on your network because at this state you're an open door. After you have done that, you can resume searching the issue in your dst-nat ...
by peich1
Sat Aug 31, 2024 6:54 pm
Forum: General
Topic: executing script from winbox failed, please check it manually
Replies: 13
Views: 2261

Re: executing script from winbox failed, please check it manually

If you didn't run script from Windox and you have log with its source could be that device is hacked, examine if you have some job running in /system/script/job , it should be empty if there is no active CLI sessions and no running scripts/events. I would recommend netinstall ...
by optio
Tue Aug 27, 2024 8:50 pm
Forum: General
Topic: executing script from winbox failed, please check it manually
Replies: 13
Views: 2261

Re: executing script from winbox failed, please check it manually

... Server, etc. didn't test error for all ROS events... If you didn't run script from Windox and you have log with its source could be that device is hacked, examine if you have some job running in /system/script/job , it should be empty if there is no active CLI sessions and no running scripts/events. ...
by tangent
Fri Aug 02, 2024 12:44 pm
Forum: RouterBOARD hardware
Topic: How to intentionally make cable that will negotiate at 10 mbps?
Replies: 16
Views: 1815

Re: How to intentionally make cable that will negotiate at 10 mbps?

... to get the effect reliably so the lesson doesn't fail due to clever electronics in the PHY compensating for the purposeful nonidealities in the hacked-up cable. Simplified, equation (1) from my link above is L=X/(2πf). It gives you the inductance of the bead (or beads, in series) needed to get ...
by anav
Tue Jul 30, 2024 2:12 am
Forum: Forwarding Protocols
Topic: How to access local LAN behind second Mikrotik router using WireGuard?
Replies: 15
Views: 1138

Re: How to access local LAN behind second Mikrotik router using WireGuard?

... log=yes protocol=tcp to-addresses=192.168.50.19 to-ports=25 { **** HOSTING AN UNencrypted MAIL SERVER IS A VERY BAD MOVE AND INVITING GET HACKED !!!!} add action=dst-nat chain=dstnat dst-address-list=MyWAN dst-port=110,143,465,587,993,995,4190, log=yes \ protocol=tcp to-addresses=192.168.50.19 ...
by infabo
Thu Jul 25, 2024 10:16 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11841

Re: Default password Frustration

... professionally with ROS nor have knowledge of ROS or networking in general. This is disgusting. You literally should have issues (and probably get hacked) if you're too lazy to set your own password yourself. As in real life, every action (or lack of) has its consequences. Pay someone to do it ...
by ksx4system
Wed Jul 24, 2024 10:56 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11841

Re: Default password Frustration

... really go to hell. That's like lobbying for cars without seatbelts... This is disgusting. You literally should have issues (and probably get hacked) if you're too lazy to set your own password yourself. As in real life, every action (or lack of) has its consequences. Pay someone to do it ...
by skycanfiya
Tue Jul 09, 2024 12:40 pm
Forum: General
Topic: System login
Replies: 19
Views: 2665

Re: System login

I had a same issue, it is the api service didn't turn off, someone hacked in and did the same thing.
by abbio90
Sun Jul 07, 2024 8:26 am
Forum: General
Topic: System login
Replies: 19
Views: 2665

Re: System login

it was probably exposed with a public IP during installation and they hacked it. happened to me too.
IMG_20240707_072642_434.jpg
by marekm
Thu Jul 04, 2024 8:30 pm
Forum: Announcements
Topic: Newsletter #119 | July 2024
Replies: 37
Views: 48964

Re: Newsletter #119 | July 2024

... The warnings about ground loops etc. may suggest the power supply has positive ground, or possibly floating. Perhaps external -48V DC could be hacked by using the hot-swap PSU connector instead of inserting the PSU itself. Older CRS328-24P had negative ground for both +24V and +48V PoE. Fully ...
by Kanzler
Tue Jul 02, 2024 11:52 am
Forum: General
Topic: System login
Replies: 19
Views: 2665

Re: System login

I think it’s worth writing to support@mikrotik.com and clarifying whether such a user could appear after the update. Because at first glance it looks like the router is hacked
by anav
Mon Jun 03, 2024 3:41 pm
Forum: Beginner Basics
Topic: Unable to connect to SMTP service port on WAN IP. [SOLVED]
Replies: 3
Views: 1808

Re: Unable to connect to SMTP service port on WAN IP. [SOLVED]

Using an un encrypted mail system/server is asking to get hacked.
by HannesKruger
Mon May 27, 2024 11:44 am
Forum: General
Topic: Building SDWAN for MikroTik: Here's an Honest Account of What It's Like
Replies: 2
Views: 2190

Building SDWAN for MikroTik: Here's an Honest Account of What It's Like

... plane of a lot of MikroTik routers, you have a target on your back. If you end up being the reason all your users' MikroTik routers were hacked... that's it, curtains. Skills are expensive. Over the last five years, we've spent more than the cost of 10 brand-new Tesla Model 3s, and we've ...
by mkx
Fri May 17, 2024 4:10 pm
Forum: General
Topic: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks
Replies: 25
Views: 3129

Re: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks

... due to some reason (1. just because they can; 2. these don't seem "legit" connections so let's save our users from being extensively hacked; 3. because some government agency tells them to do so; etc.) There was an ISP in my country, which provided (and still does) internet via PPPoE ...
by pe1chl
Wed May 15, 2024 12:26 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 116896

Re: v7.15rc [testing] is released!

... would consume all memory, and then MikroTik would run the risk that an outraged user would spam all the way over internet that their router was hacked because it failed to block an attacker even though they had configured protective measures? That would not be great, either. You cannot defeat ...
by patrikg
Tue Mar 26, 2024 9:13 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 708

Re: RB952Ui was hacked

Oohhh I get it, thanks for that, but i have to make some tools for hold the reset button in in 10 min. reformat-hold-button-max: 10m That have solved my own problem very early with I have change the routerboot from bootp to dhcp, and not get it back to bootp to enable use of netinstall-cli. https://...
by pajapatak
Tue Mar 26, 2024 8:51 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 708

Re: RB952Ui was hacked

Even if protected-routerboot is enabled, it is still possible to do a recovery, according to RouterBOARD documentation: https://help.mikrotik.com/docs/display/ROS/RouterBOARD . As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than refo...
by mkx
Tue Mar 26, 2024 6:00 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 708

Re: RB952Ui was hacked

If reset button is indeed disabled[*] (a.k.a. protected routerboot), then your RB951Ui just became e-waste. [*] In theory it's not possible to enable protected routerboot without physical access to device, so it's unlikely that remote hacker did it. If you didn't do it yourself, then it still should...
by rarriazu
Tue Mar 26, 2024 5:55 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 708

RB952Ui was hacked

Hi, my RB952Ui was hacked because I didn't have a password. Now, I can't log in with Winbox or Netinstall. The reset button is disabled. Is there any way to recover it ?
Thanks
by johnson73
Tue Mar 19, 2024 9:13 am
Forum: General
Topic: VPN User credentials Not AD User credentials
Replies: 14
Views: 1317

Re: VPN User credentials Not AD User credentials

... environment as the primary one, then you absolutely need to arrange the traffic flow as shown in my example. Otherwise, your router can be hacked, your local LAN can be accessed and it will cause you a lot of other problems. Sonicwall and Cisco are a slightly different level of hardware ...
by infabo
Fri Mar 15, 2024 10:36 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

Requests from the server itself to wp-cron.php. Nothing wrong with that. Nevertheless, I think you should make yourself familiar with WordPress. Keeping it updated and secure is crucial when exposing it to public internet.
by anav
Fri Mar 15, 2024 8:40 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

Unplug router from internet. Netinstall latest stable firmware Put back config WITHOUT any port forwarding. a. think about having ONLY a server with a secure login process b. think about limiting in source address list which public IPs can access server. c. even better use wireguard and have people ...
by vmax
Fri Mar 15, 2024 5:06 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

maybe file is not attached.?? I cannot see it in my post.
Please advice if the file is not received by you.
by vmax
Fri Mar 15, 2024 5:04 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

Hello Erlinden,
please accept my apologies for this inconvenience.
If i know cannot asking you.
Attached please find configuration file named: forchecking.rsc

At your disposal with respect.
by erlinden
Fri Mar 15, 2024 4:33 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

In /ip/firewall/connections you can see all connections, just filter on Dst. Address 192.168.88.100 to get the list of Src. Addresses. Still unclear what makes you think your router is part of the hack. Especially because the only log you provide is from the XAMPP server. Can you provide your router...
by vmax
Fri Mar 15, 2024 4:19 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

Hello Normis. Thank you for replay. I have involved router, because as per my point of view, if router is hacked bad persons can send requests from internal IP. For first time i see hacker that attack using internal IP and cannot see real IP or MAC inside of router. In the log ...
by normis
Fri Mar 15, 2024 3:49 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Re: Router maybe is hacked. Please help

The "hack" is coming from the internet to your wordpress server. Why would the router be involved at all? The hacker can visit your wordpress site just like any other internet user.
by vmax
Fri Mar 15, 2024 3:44 pm
Forum: Scripting
Topic: Router maybe is hacked. Please help
Replies: 7
Views: 1452

Router maybe is hacked. Please help

... IP is not visible. I am asking for guidance on how to find out where the attack is coming from. The computer has Malwarebyts licensed. Is mikrotik hacked or WinBox or something else. Here is an example from the server access log: 192.168.88.100 - - [15/Mar/2024:14:14:57 +0200] "POST /wp-cron.php?doing_wp_cron=1710504897.6459970474243164062500 ...
by atais
Fri Feb 23, 2024 12:36 am
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2645

Re: Problem with port forwarding on L009UiGS

... one is Static: 192.168.100.100 and they both are added to the MySever list which is used in NAT rules. It works. Should I be happy :D? Or I have hacked something again ;-)?
by anav
Sat Jan 20, 2024 5:50 pm
Forum: Beginner Basics
Topic: Dual WAN, same Gateway, no need for load balancing or failover, just specify which vlans use which wan port
Replies: 23
Views: 6121

Re: Dual WAN, same Gateway, no need for load balancing or failover, just specify which vlans use which wan port

... address from a trusted subnet. 6. SECURITY ISSUE ---> one should never provide direct external access to configuration ports........ asking to get hacked. Also source port makes no sense. /add action=accept chain=input comment="Allow Winbox & SSH" dst-port=8291,22 \ protocol=tcp src-port=8291,22 ...
by danjde
Wed Jan 17, 2024 5:47 pm
Forum: General
Topic: Does not go outside the network
Replies: 9
Views: 882

Re: Does not go outside the network

... It has currently been sitting on top of the roof weathering the elements for years! I was interested in understanding if it could have been hacked but the problem seems to be another.. Again (if I can fix it), do you consider the update safe? Do I lose my settings? Thanks again!!
by Amm0
Mon Jan 15, 2024 2:34 pm
Forum: Beginner Basics
Topic: doh server connection error network is unreachable over DNS 1.1.1.1
Replies: 54
Views: 11172

Re: doh server connection error network is unreachable over DNS 1.1.1.1

... certs from a forum isn't a good idea, download them from the website itself is only slightly better. Although your current DNS servers have to be hacked for it to be a problem in the later case.
by Amm0
Sat Jan 13, 2024 9:38 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 61
Views: 5453

Re: port forwarding

Running your own game server with a port exposed is a dangerous game, you will be hacked or ddossed for sure. Best bet is cloudflare as that doesnt expose your public IP. Even the zerotier option is good because you control who has access to your server and again ...
by Rihards9229
Sat Jan 13, 2024 9:16 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 61
Views: 5453

Re: port forwarding

Running your own game server with a port exposed is a dangerous game, you will be hacked or ddossed for sure. Best bet is cloudflare as that doesnt expose your public IP. Even the zerotier option is good because you control who has access to your server and again ...
by anav
Sat Jan 13, 2024 9:12 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 61
Views: 5453

Re: port forwarding

Running your own game server with a port exposed is a dangerous game, you will be hacked or ddossed for sure. Best bet is cloudflare as that doesnt expose your public IP. Even the zerotier option is good because you control who has access to your server and again ...
by johnson73
Sat Jan 13, 2024 7:45 pm
Forum: General
Topic: Firewall-dynamic firewall rules
Replies: 9
Views: 1618

Re: Firewall-dynamic firewall rules

... to your ssh, winbox or Telnet, etc. It looks like you have too many ports open on your router. Blocks the Telnet port so that your router is not hacked from the outside... of course, if it is not necessary for some important task. And as the "good practice" shows, it should be blocked ...
by mkx
Tue Jan 09, 2024 10:38 pm
Forum: Beginner Basics
Topic: Lots of difficulty configuring IPV6 and IPV4 in dualstack
Replies: 1
Views: 1763

Re: Lots of difficulty configuring IPV6 and IPV4 in dualstack

... difference is that only router is wide open to attacks while LAN is slightly shielded behind NAT (which will mean nothing if/when your router gets hacked). Next: upgrade router to more recent ROS. Version 7.12.1 seems to be a good one (pretty stable and quite recent; newer ones got some major changes ...
by cbwecomm
Sat Jan 06, 2024 3:04 am
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 174
Views: 37998

Re: hAP ax3 wireless problem [SOLVED]

... Tried setting antenna gain. Tried setting power levels. Tried setting chains. Nothing made a difference. Both devices are configured with a simple hacked together script we use (Global variables just allow us to not have to type things multiple times), built off of a default config from an ax2 ...
by infabo
Wed Jan 03, 2024 1:05 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

But healthy again afterwards 😂
by kanuns
Wed Jan 03, 2024 12:21 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

Netinstall and learn a lesson the hard way.
I did - its bitter tasting medicine.
by infabo
Tue Jan 02, 2024 2:42 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

If user accounts are part of the configuration files then yes: no access even after keep configuration setting.
by pe1chl
Tue Jan 02, 2024 2:37 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

Maybe this is your last chance to regain access to your device again without losing your whole config. Yes, you can get the config again but that will include your loss of access! So not useful to do that. The only thing that can be useful before netinstall is look around in the user interface if y...
by infabo
Tue Jan 02, 2024 2:12 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

Netinstall and learn a lesson the hard way.
☝️
by JCDC
Tue Jan 02, 2024 1:50 pm
Forum: General
Topic: rb5009 lock out [SOLVED]
Replies: 10
Views: 2705

Re: rb5009 lock out [SOLVED]

... error, just saying invalid password. last thing I did was active API and create home assistant user and password, don't understand wether i got hacked in some way throuh the API beacause I haven't changed my password and it was stored in my brower. winbox gives me the same result as webfig or ...
by holvoetn
Tue Jan 02, 2024 1:44 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

Netinstall and learn a lesson the hard way.
by MaxwellsEq
Tue Jan 02, 2024 1:42 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

In general, if a system has been hacked, you can have no faith in its configuration. As you say, because you couldn't run terminal, you couldn't export the current (suspect) configuration. But your problems started before you were hacked. ...
by kanuns
Tue Jan 02, 2024 1:21 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

When you still have admin access to the router you can use the /export command. /export show-sensitive file=routername Then you download the routername.rsc file from the router and save it. Sorry but there is no method to recover lost access to the router and keep the configuration. You need to app...
by infabo
Tue Jan 02, 2024 12:46 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

"The "Keep old configuration" process involves downloading the configuration database from the router, reinstalling the router (including disk formatting), and uploading the configuration files back to it. However, it's important to note that this process solely applies to the configu...
by pe1chl
Tue Jan 02, 2024 12:45 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

When you still have admin access to the router you can use the /export command. /export show-sensitive file=routername Then you download the routername.rsc file from the router and save it. Sorry but there is no method to recover lost access to the router and keep the configuration. You need to appl...
by infabo
Tue Jan 02, 2024 12:43 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

by kanuns
Tue Jan 02, 2024 12:22 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

But I havent done anything. Its the first screen I am getting.

So now my only chance is to reset the router?

just for my knowledge, can you please also tell me what is the scenario on which the textual configuration is exportable ?

Thanks in advance
by pe1chl
Tue Jan 02, 2024 12:10 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

No, it is too late for all that.
You should have saved the backup and export files BEFORE this happened...
Now, the best thing is to netinstall, remove the checkmark for "keep old configuration", and start over from defaults.
by kanuns
Tue Jan 02, 2024 11:32 am
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

Hi,
I am not able to see any Textual Config option. Can you please help me in this regard. Where can I export the existing configuration so that I can check what the user configured before hacking. Is that also possible to get the password of the users?

Regards
by tdampier
Mon Jan 01, 2024 10:31 pm
Forum: Beginner Basics
Topic: HW-accelerated routing & firewall
Replies: 2
Views: 1080

HW-accelerated routing & firewall

... return traffic also don't I? I am actually not being paranoid as a work computer which was on the same network when I had a simple flat one was hacked via the company network and then in turn hacked my entire network. Due to my work and complex home/work configuration they eventually even my ...
by kanuns
Mon Jan 01, 2024 2:20 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

Well, thanks, I wanted to get the Textual config. Ill try this netinstall thing. Many thanks.
by mkx
Mon Jan 01, 2024 2:18 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Re: Router (Possibly) Hacked [SOLVED]

By default there is no user System. So your router is likely hacked. Netinstall router and use textual config export as reminder what was configured. If you only have binary backup, then restore it after netinstall, do configuration export and netinstall ...
by kanuns
Mon Jan 01, 2024 2:11 pm
Forum: General
Topic: Router (Possibly) Hacked [SOLVED]
Replies: 16
Views: 3986

Router (Possibly) Hacked [SOLVED]

... and it has full rights. By default admin users has normal rights but I cannot open terminal/backup settings etc. I dont know if my router is hacked or there is a default user named as System. Can anyone give me aa idea ?
by rextended
Thu Dec 28, 2023 1:06 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

That was a joke which you may have missed.
(sure?)
ah, I thought I had choice the wrong timing 2/4 (is 3/8) :lol:
Image
by holvoetn
Thu Dec 28, 2023 11:47 am
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

That was a joke which you may have missed.
(but your comment was one too :lol: )
by rextended
Thu Dec 28, 2023 11:29 am
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

"just press the reset button according to the notes of Beethoven's 5th symphony and you have all privileges again"
But what are you talking about? I tried and it didn't work...
by infabo
Wed Dec 27, 2023 11:23 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

Thanks, I already have one myself. But to discontinue such a helpful device makes me sad
by wfburton
Wed Dec 27, 2023 10:19 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

eBay?
by infabo
Wed Dec 27, 2023 10:10 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

And... woobm has been discontinued.
😭
by wfburton
Wed Dec 27, 2023 8:04 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

Your going to have to do a netinstall. Sorry to say. Even if you connect to the serial port your still going to need a valid user name and password with admin privileges.

Good luck
by holvoetn
Wed Dec 27, 2023 7:57 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

And... woobm has been discontinued.
by infabo
Wed Dec 27, 2023 7:03 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

There is the Woobm USB Stick that emulates a serial console port. but still you need to login with a valid user/password.
by anav
Wed Dec 27, 2023 4:37 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

Why did you have unsecure API enabled and running.
Perhaps you need to take some courses before being allowed to setup a router?

Netinstall, stop arguing do it, you wont get any other advice, stop wasting our time.
by FabFab10
Wed Dec 27, 2023 4:20 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

@infabo
some devices let you connect to a console port and make some recovery procedures.........
I hoped there was one using a different connection
by infabo
Wed Dec 27, 2023 1:00 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

If there was a legal and official way to gain admin privileges again.....lol? Then everyone could make themselves admin? to be honest: what answer did you expect to hear? "yes sure, just press the reset button according to the notes of Beethoven's 5th symphony and you have all privileges again&...
by FabFab10
Wed Dec 27, 2023 12:44 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

Honestly i'd rather prefer trying to resolve it (if possible) and I have already disabled some unnecessary services.
But i need to regain full access to the system
by erlinden
Wed Dec 27, 2023 12:38 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

Sounds like you know what happened...were you hacked or not? If this situation is caused by a known user (like yourself), you might want to resolve it. If it's not, you really really should use netinstall.
by FabFab10
Wed Dec 27, 2023 11:58 am
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

Thanks for your reply. I'm pretty sure there was just a user modification, so if there is a way to regain group control of my user that will be fine. I know Netinstall would replace everything but if there is a way to modify group belongin for my user that would fix it. It happened with API service....
by elbob2002
Wed Dec 27, 2023 11:54 am
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

Re: I Tink i got hacked

You should netinsall to factory reset the router. It's the only way to be certain that the compromise has been completely removed: https://help.mikrotik.com/docs/display/ROS/Netinstall That won't prevent you from future hacks though so likely you have an issue with your firewall rules or services op...
by FabFab10
Wed Dec 27, 2023 11:17 am
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 2076

I Tink i got hacked

Hello, i found my admin user belongin to a new "admin" group and i can't any longer open a terminal window (telnet and SSH have been disabled for this group). I also found a new "Ssytem" user which has all privilegs. Is there any way to recover full access without having to fully...
by johnson73
Thu Dec 14, 2023 5:02 pm
Forum: General
Topic: Possible hardware issue/loop CCR1009-7G-1C-1S+
Replies: 2
Views: 1451

Re: Possible hardware issue/loop CCR1009-7G-1C-1S+

... not have enough secure access 2) problem with firewall rolls. The default rolls have been deleted and replaced with incomprehensible entries 3) hacked IP cameras that did not have secure access, resulting in flood and traffic congestion in the internal network. It is recommended to use a vpn ...
by mkx
Thu Dec 14, 2023 8:26 am
Forum: General
Topic: What is the packets coming from cable modem to router
Replies: 19
Views: 3027

Re: What is the packets coming from cable modem to router

You should not simply add accept rules (even ISP's devices can get hacked). If everything seems to work for you, then you can simply ignore these log entries. If it bothers you in any way, then you can sniff the packets and see what's their purpose. From ...
by gigabyte091
Mon Dec 11, 2023 7:33 pm
Forum: Beginner Basics
Topic: Back to home supported router
Replies: 37
Views: 6725

Re: Back to home supported router

Yea, but both of us know what will people do with this disclaimer :lol:

That would be only good for Mikrotik, if some customer gets hacked or get charges for illegal activities on the Internet and they try to involve Mikrotik, Mikrotik can simply say that they had disclaimer.
by gigabyte091
Mon Dec 11, 2023 6:46 pm
Forum: Beginner Basics
Topic: Back to home supported router
Replies: 37
Views: 6725

Re: Back to home supported router

... vector more feasible due to its simplicity. Well, in that case, we should all stop using internet as there is always possibility that someone get hacked. Or use some of the VPN providers that "keeps your data safe". Mikrotik provided nice tool for all of us that don't have access to ...
by ventusz
Tue Nov 21, 2023 12:08 am
Forum: General
Topic: DHCP problem with Chinese wireless repeater connected to Mikrotik AP
Replies: 6
Views: 9326

Re: DHCP problem with Chinese wireless repeater connected to Mikrotik AP

... big time). I can't really see a DHCP Request or ACK at all, only Discover and Offer. With my phone hotspot as a router I can see the 4-way dhcp. I hacked myself into the repeater via serial connection and it's running OpenWRT. Now that may be well beyond the scope of this forum, however I might ...
by RichardCourtney
Tue Nov 07, 2023 8:20 pm
Forum: General
Topic: GPON ONU module alternatives
Replies: 11
Views: 3799

Re: GPON ONU module alternatives

PPPoE issue perhaps?

Both ae based on the Realtek chips. I can tell that the Dimiks is a hacked version.
The web interface they removed the upper left corner graphic that was, I am sure, ODI.

I have a static public IP so I don't register with PPEo.
by pe1chl
Thu Oct 26, 2023 11:21 am
Forum: General
Topic: Locked out of CCR1009-7G-1C-PC router, possibly hacked
Replies: 4
Views: 1178

Re: Locked out of CCR1009-7G-1C-PC router, possibly hacked

It is really very common that when first using netinstall (or when using it while in distress) one simply cannot get it to work. Besides the mistake that you made in this case, it generally is a picky program that will fail on many system configurations. It is always advisable to do a rehearsal of a...
by cadutchman
Thu Oct 26, 2023 2:01 am
Forum: General
Topic: Locked out of CCR1009-7G-1C-PC router, possibly hacked
Replies: 4
Views: 1178

Re: Locked out of CCR1009-7G-1C-PC router, possibly hacked

Hi all, I was able to reset/netinstall the router. I made a rookie mistake. I was plugged into the Eth1 port and I had to be plugged into Eth7, POE/Boot port. Once I did that, the Netinstall went smoothly! Now I have a backup router for my core, cheers!
by cadutchman
Tue Oct 24, 2023 9:40 pm
Forum: General
Topic: Locked out of CCR1009-7G-1C-PC router, possibly hacked
Replies: 4
Views: 1178

Re: Locked out of CCR1009-7G-1C-PC router, possibly hacked

Tried that several times, did not work. Just to be sure I had the process down, I tried it on another RB and it worked fine.
by cadutchman
Tue Oct 24, 2023 8:28 pm
Forum: General
Topic: Locked out of CCR1009-7G-1C-PC router, possibly hacked
Replies: 4
Views: 1178

Locked out of CCR1009-7G-1C-PC router, possibly hacked

I am not sure if the router was hacked/compromised or the RouterOS got corrupt, but I cannot access the router via winbox using my username and password anymore. I did not change the password for sure. And I cannot reset it either using any ...
by Josephny
Fri Oct 20, 2023 5:58 pm
Forum: General
Topic: Time to move from hEX to RB5009?
Replies: 20
Views: 2580

Re: Time to move from hEX to RB5009?

Wow, kraal, you must have hacked my life! This is all for personal use -- so the users are tremendously demanding and unforgiving. I happen to have an RB5009 sitting around just being a dude server (nothing else). And, the hEX is running ...
by jkroon
Mon Oct 16, 2023 3:34 pm
Forum: General
Topic: DNS doesn't fallback to TCP if response is indicated to be truncated
Replies: 2
Views: 755

DNS doesn't fallback to TCP if response is indicated to be truncated

... 1 Recursion available: 1 Reserved: 0 Answer authenticated: 0 Non-authenticated data: 0 reply-code: 0 (no error) Please note that for the above I hacked djbdns to truncate to 512 bytes rather than directly after the question section in the response (ie, normally it won't include even a part of ...
by gabacho4
Sat Sep 23, 2023 10:14 pm
Forum: Wireless Networking
Topic: Cube alignment acceptable?
Replies: 5
Views: 2206

Re: Cube alignment acceptable?

... There are password managers that do the same thing but I don't like to give things like passwords to other companies who themselves then get hacked (I'm looking at you LastPass).
by amsteen
Wed Sep 13, 2023 8:06 pm
Forum: General
Topic: Wifi access list
Replies: 7
Views: 2512

Wifi access list

... right. Last days I notice that some clients disconnects from wifi and they do many trials to connects again I found out that there is some one hacked wifi password and use their Mac address on his device to connect. How I know this > I notice that one of my client was outside while wifi registration ...
by Amm0
Tue Sep 12, 2023 8:06 pm
Forum: Scripting
Topic: REST API schema for Postman & more
Replies: 8
Views: 7727

Re: REST API schema (using RAML) for Postman

... still needs some work... At some point I'll fix this up a bit more. I'd only done POST originally...so the GET/PATCH/DELETE methods I just quickly hacked in, but got messy. I did convert the RAML to OpenAPI, but didn't verify it, but might be helpful since more REST tools support OpenAPI. The RAML ...
by IlKa
Sun Sep 10, 2023 2:15 am
Forum: Beginner Basics
Topic: New to Mikrotik, RB5009UG+S+ questions
Replies: 1
Views: 1350

Re: New to Mikrotik, RB5009UG+S+ questions

... traffic between them. Otherwise I suggest to put each server into the separate network and filter traffic between them. So if your server gets hacked, hacker wouldn't be able to go to another server from it. Network segregation is a thing! And do you really want to have DHCP for your servers? ...
by MonkeyDog
Wed Sep 06, 2023 11:57 am
Forum: General
Topic: RouterOS slow down
Replies: 5
Views: 1391

Re: RouterOS slow down

... denial-of-service ones. So the first action should be to upgrade to latest long-term version (6.49.8 ) and then analyze whether the device was hacked as well (in which case netinstall has to be performed, together with configuring device from scratch, without using binary backup files). Thanks, ...
by mkx
Wed Sep 06, 2023 9:22 am
Forum: General
Topic: RouterOS slow down
Replies: 5
Views: 1391

Re: RouterOS slow down

... denial-of-service ones. So the first action should be to upgrade to latest long-term version (6.49.8 ) and then analyze whether the device was hacked as well (in which case netinstall has to be performed, together with configuring device from scratch, without using binary backup files).
by circos
Thu Aug 31, 2023 8:44 pm
Forum: Beginner Basics
Topic: Security the Network by Mikrotik MAC address selection
Replies: 9
Views: 3652

Re: Security the Network by Mikrotik MAC address selection

... from beginning... no ones answer my question Why would we help you do something foolish? Doesn't that make us partially complicit if you later get hacked, after coming to rely on your bogus security solution? how can I in other option secure access from devices called IoT (like a refrigerator) ...
by tangent
Wed Aug 30, 2023 9:54 pm
Forum: Beginner Basics
Topic: Security the Network by Mikrotik MAC address selection
Replies: 9
Views: 3652

Re: Security the Network by Mikrotik MAC address selection

... such as dot1x. no ones answer my question Why would we help you do something foolish? Doesn't that make us partially complicit if you later get hacked, after coming to rely on your bogus security solution? how can I in other option secure access from devices called IoT (like a refrigerator) ...
by pe1chl
Tue Aug 08, 2023 3:57 pm
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 53641

Re: v7.11rc is released!

... they may assign outside moderators (like is happening here) which suddenly have access to your private files, and/or the forum software may be hacked and anyone may be able to download your private files. Of course that issue more or less exists with Jira as well, but at least there we may ...
by helipos
Wed Jul 19, 2023 4:30 pm
Forum: General
Topic: Mikrotik devices dying
Replies: 7
Views: 1169

Mikrotik devices dying

... where they are dying is behind a CG-NAT system which is pretty tough to get in to, so while I can't rule it out, I see no evidence they have been hacked. A hack coming from the wireless side is unlikely, this place is in the arse end of nowhere. So I'm after ideas. As to what might be going on ...
by kashifmax
Sun Jul 16, 2023 12:26 pm
Forum: The User Manager
Topic: No Userman Web Interface on RouterOS 7 [SOLVED]
Replies: 3
Views: 9136

Re: No Userman Web Interface on RouterOS 7 [SOLVED]

Yes you are right, can be hacked easily and that is I why I updated the RouterOS to v7. But unfortunately no Userman interface.
Thank you
by rextended
Tue Jul 11, 2023 3:54 pm
Forum: The User Manager
Topic: No Userman Web Interface on RouterOS 7 [SOLVED]
Replies: 3
Views: 9136

Re: No Userman Web Interface on RouterOS 7 [SOLVED]

... to still use 6.38, already years ago you must have switched to the last long-term (actually the 6.48.7). All versions from 6.29 to 6.42 can be hacked extremely easily, like a can of tuna....
by atomicduck
Tue Jul 04, 2023 12:08 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6873

Re: INFO: MikroTik new default device password practice

... I never type, I set the pass alphanumeric as large as the system accepts. Say 50, 100 or more random generated characters. So devices can never be hacked due to poor account security. Security holes are another thing, but from what I have seen with MT devices till now is that they are fairly secure. ...
by pe1chl
Tue Jul 04, 2023 11:54 am
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6873

Re: INFO: MikroTik new default device password practice

... that the owner himself now no longer can login, should he want to do that later (e.g. because their ISP advised them that their router has been hacked and is used for DDoS). So the real solution is to have a unique password per device. And it should be randomly generated and not e.g. derived ...
by atomicduck
Tue Jul 04, 2023 10:37 am
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6873

Re: INFO: MikroTik new default device password practice

I do use KeePass as well. Storing password in a cloud together with many other user, is a big bait for any hacker so it will be hacked soner or later. (or lost since site has corrupted disk) Same logic here. I have thousands of passwords, keys and encryption certificates. I do backup ...
by Jotne
Tue Jul 04, 2023 10:28 am
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6873

Re: INFO: MikroTik new default device password practice


Hm. Istn't evernote a bit unsafe? I use KeePass and store everything there. Encrypted and safe. :-)
I do use KeePass as well. Storing password in a cloud together with many other user, is a big bait for any hacker so it will be hacked soner or later. (or lost since site has corrupted disk)
by Amm0
Wed Jun 28, 2023 3:15 pm
Forum: Beginner Basics
Topic: Modbus read only
Replies: 11
Views: 2251

Re: Modbus read only

... be too hard for Mikrotik to add: https://modbusfw.sourceforge.net. Given modbus often connects to physical things that if controlled wrongly/hacked could actually be bad/dangerous it be worth considering on their part. e.g. while DoS attack are bad, commanding a downstream modbus power/water ...
by anav
Thu Jun 15, 2023 7:22 pm
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 366
Views: 137050

Re: v7.10 [stable] is released!

... of the use cases compared to the real need by home users and some business users to secure servers. In fact, while MT is opening up routers to get hacked with that so questionable 'feature', they refuse to implement one that actually allows users to run servers WITHOUT exposing their public IP ...
by garybdavis
Tue Jun 06, 2023 4:28 pm
Forum: Wireless Networking
Topic: hAP ac2 - Dual Repeater with Private Network
Replies: 2
Views: 1327

hAP ac2 - Dual Repeater with Private Network

... give me IP addresses and I can ping the router but not the internet. So close... A final thought, some years ago I had a MikroTik routerboard hacked and used as a DDNS attack - to the point that the router had to be reimaged. I'm paranoid now so first thing I did with this new box is spend ...
by rextended
Sat Jun 03, 2023 9:40 am
Forum: General
Topic: Tik compromised after upgrade, security concern
Replies: 4
Views: 768

Re: Tik compromised after upgrade, security concern

... but the only sure thing from the screenshot, that you have the admin account active, I'm assuming it's because of your misconfiguration that they hacked it for you. The first level of security is how the device is configured.
by Johannes33
Wed May 24, 2023 4:22 pm
Forum: Beginner Basics
Topic: set ip address after deleting default config?
Replies: 2
Views: 539

set ip address after deleting default config?

... do not get anything in the neighbors tab. Does anyone know why? Fourth I'm wondering if this can be the cause of a corrupted nand. The rb3011 was hacked before, perhaps there where a lot of r/w so my nand got a little corrupt? If so how do I reformat the nand?
by justinus
Mon May 22, 2023 11:43 pm
Forum: Beginner Basics
Topic: Brand new CRS-305-1G-4S+-IN, login doesn't work
Replies: 4
Views: 1028

Brand new CRS-305-1G-4S+-IN, login doesn't work

... login will not work - it says invalid username or password every time. I have seen some posts regarding people getting their router logins hacked or changed, but this is a brand new device that has never been connected to the internet. I am extremely confused and have no idea how to access ...
by tofik
Fri May 19, 2023 1:17 pm
Forum: Beginner Basics
Topic: This is a test. Sorry... - pop up from MT android app
Replies: 1
Views: 608

This is a test. Sorry... - pop up from MT android app

Hi,
Just received this kind of message, look on the pic,

is it a real test or I might be hacked?
Image
by Pea
Wed May 17, 2023 10:01 am
Forum: General
Topic: Has my Mikrotik been hacked?
Replies: 5
Views: 1158

Re: Has my Mikrotik been hacked?

As mentioned, do Netinstall and move on. Use new username and password after this.
https://wiki.mikrotik.com/wiki/Manual:Netinstall
by drdog
Wed May 17, 2023 9:10 am
Forum: General
Topic: Has my Mikrotik been hacked?
Replies: 5
Views: 1158

Re: Has my Mikrotik been hacked?

Keep in mind routerboot is just another disk partition, while unlikely it's possible for it to be compromised and allow malware to persist post-netinstall. In this case where the scheduler was used, it's more likely that RouterOS itself was compromised rather than the device itself. Thanks RICH for...
by drdog
Wed May 17, 2023 8:59 am
Forum: General
Topic: Has my Mikrotik been hacked?
Replies: 5
Views: 1158

Re: Has my Mikrotik been hacked?

For all questions the answer is: Yes, it's possible. Just netinstall your routers if you are not sure about them. Thanks for taking the time to reply BartoszP. However your answer could be more informative than just, to paraphrase, “yes to everything”. If the RB was compromised it would be helpful ...
by R1CH
Tue May 16, 2023 5:59 pm
Forum: General
Topic: Has my Mikrotik been hacked?
Replies: 5
Views: 1158

Re: Has my Mikrotik been hacked?

Keep in mind routerboot is just another disk partition, while unlikely it's possible for it to be compromised and allow malware to persist post-netinstall. In this case where the scheduler was used, it's more likely that RouterOS itself was compromised rather than the device itself.
by BartoszP
Tue May 16, 2023 3:56 pm
Forum: General
Topic: Has my Mikrotik been hacked?
Replies: 5
Views: 1158

Re: Has my Mikrotik been hacked?

For all questions the answer is: Yes, it's possible.

Just netinstall your routers if you are not sure about them.
by drdog
Tue May 16, 2023 3:48 pm
Forum: General
Topic: Has my Mikrotik been hacked?
Replies: 5
Views: 1158

Has my Mikrotik been hacked?

Having read about people noticing unusual scripts in their filing system, I had a look at my core RB. Sadly I didn’t get screen grabs for all, but I’m fairly confident that: No scripts on drive Nothing in scheduler Nothing in script list. However I noticed the jobs tab in script list and looked at t...
by whoodini
Tue May 09, 2023 12:28 am
Forum: General
Topic: HAP AC2 goes shortly online and then it suddenly shuts down
Replies: 4
Views: 706

Re: HAP AC2 goes shortly online and then it suddenly shuts down

... I didn't open it to measure the Voltage under load. To be honest, this is not the first time but rather the second time when one of my devices got hacked. I know this points out that I am clearly at fault, it was almost a year ago, same device different location, different version of ROS ~v6.47, ...
by bpwl
Mon May 08, 2023 7:53 pm
Forum: General
Topic: HAP AC2 goes shortly online and then it suddenly shuts down
Replies: 4
Views: 706

Re: HAP AC2 goes shortly online and then it suddenly shuts down

my HAP AC2 got hacked by a white-hat-hacker ????? Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The router was behind a DSL modem If you did not set port ...
by whoodini
Mon May 08, 2023 1:03 am
Forum: General
Topic: HAP AC2 goes shortly online and then it suddenly shuts down
Replies: 4
Views: 706

HAP AC2 goes shortly online and then it suddenly shuts down

Hi there, some how my HAP AC2 got hacked by a white-hat-hacker, which as far as I figured, has made it to shutdown or to turn off all WAN and LANs as soon as is it done booting. I see it booting, I see it initialising the WAN and LANs and ...
by catch23
Wed May 03, 2023 1:57 am
Forum: Beginner Basics
Topic: Don't understand firewall rule problem
Replies: 15
Views: 1334

Don't understand firewall rule problem

... web server (192.168.89.7). I wanted to create a DMZ where the web server can live separately from all other servers and computers so if it is hacked, the hacker cannot easily access the other servers and computers. I also need to be able to access the web server via SSH on port 22 (or some ...
by TheLorc
Fri Apr 28, 2023 7:11 pm
Forum: Beginner Basics
Topic: Is there a way to see all previous failed logins on Winbox?
Replies: 35
Views: 4729

Re: Is there a way to see all previous failed logins on Winbox?

... of blocking all protocols except for Winbox and web. So it seems AVG was the problem. It caused me a lot of problems because I also actually got hacked this week on my own PC lol, so i thought it was related but i dont think it was.
by rextended
Tue Apr 04, 2023 10:34 am
Forum: General
Topic: I don't know what's going wrong
Replies: 7
Views: 869

Re: I don't know what's going wrong

i have an Ac2 hap and same configuration but connect to sites that don't need VPN and always show server to test network speed in my country and not Estonia like my mikrotik Ax2.
Put "/export" results on forum, after remove sensitive data...
Your device can be hacked...
by ljp379
Sat Apr 01, 2023 7:00 am
Forum: Beginner Basics
Topic: Which router model for Internet Cafe (150 PCs)?
Replies: 8
Views: 2211

Which router model for Internet Cafe (150 PCs)?

... and 1Gbps fibre internet and needs to setup bandwidth control, game priority and anti hacking. I have RB4011 and tested last year. But it was hacked like DDOS attack and changed to normal QoS router. Is the RB4011 enough for 150 client PCs? Can you recommend which model is enough for internet ...
by mkx
Wed Mar 15, 2023 4:22 pm
Forum: General
Topic: Routers Coming with Default Passwords
Replies: 69
Views: 9877

Re: Routers Coming with Default Passwords

... with higher prices and thus people without any knowledge (a.k.a. dummies) tend to stay away from those devices. From there, if your router gets hacked because you used password 'admin', that's your problem. Again, if device is sold on consumer market, it should be assumed that LAN devices are ...
by mhoppes
Wed Mar 15, 2023 3:48 pm
Forum: General
Topic: Routers Coming with Default Passwords
Replies: 69
Views: 9877

Re: Routers Coming with Default Passwords

... For example, access from the WAN can be disabled by default and only accessible via LAN, that's a good start. From there, if your router gets hacked because you used password 'admin', that's your problem.
by pronet
Mon Feb 27, 2023 11:14 pm
Forum: General
Topic: How to mass configure 50 hAP units ?
Replies: 19
Views: 2377

Re: How to mass configure 50 hAP units ?

+1 )
From 2008 just a +1 ) ?
Hacked account....
Nope, but it‘s rather an intresting topic.. ;-)
by rextended
Mon Feb 27, 2023 10:13 pm
Forum: General
Topic: How to mass configure 50 hAP units ?
Replies: 19
Views: 2377

Re: How to mass configure 50 hAP units ?

+1 )
From 2008 just a +1 ) ?
Hacked account....
by holvoetn
Thu Feb 23, 2023 10:37 pm
Forum: Beginner Basics
Topic: Cannot reach Mikrotik wireguard server
Replies: 24
Views: 1933

Re: Cannot reach Mikrotik wireguard server

I hope it is not too late by then, your router being hacked and/or your provider having disconnected you for having an open DNS resolver... Ok. But have you solution for me ? Do you know why i can't connect to the wireguard server? Did you even read ...
by blackoutfolo
Thu Feb 23, 2023 10:28 pm
Forum: Beginner Basics
Topic: Cannot reach Mikrotik wireguard server
Replies: 24
Views: 1933

Re: Cannot reach Mikrotik wireguard server

I hope it is not too late by then, your router being hacked and/or your provider having disconnected you for having an open DNS resolver...
Ok. But have you solution for me ? Do you know why i can't connect to the wireguard server?
by pe1chl
Thu Feb 23, 2023 10:24 pm
Forum: Beginner Basics
Topic: Cannot reach Mikrotik wireguard server
Replies: 24
Views: 1933

Re: Cannot reach Mikrotik wireguard server

I hope it is not too late by then, your router being hacked and/or your provider having disconnected you for having an open DNS resolver...
by rextended
Thu Feb 23, 2023 6:44 pm
Forum: General
Topic: Brute passwords of microtik devices from the local network, how to identify malware?
Replies: 19
Views: 4578

Re: Brute passwords of microtik devices from the local network, how to identify malware?

rextended, is this a case where blackhole of bogons is effective ??
No, is the classic case of the Palantír is needed...
If IP is coming from LAN, is not a bogon from WAN the problem...

For example the BIOS/EFI of the PC can be hacked and is useless also change the internal HDD....
by k6ccc
Wed Feb 22, 2023 5:08 pm
Forum: Beginner Basics
Topic: Cannot access to webfig from internet
Replies: 3
Views: 594

Re: Cannot access to webfig from internet

DANGER! DANGER! Will Robinson! DANGER! DANGER!! Without some additional security, leaving Webfig accessible from the internet is just asking to get hacked. At the very least use some combination of: Port Knock, restricting access to specific known IP addresses, using non-standard ports. FAR better ...
by rextended
Tue Feb 21, 2023 6:08 pm
Forum: General
Topic: Anyone have VLAN and Chromecast working?
Replies: 16
Views: 7456

Re: Anyone have VLAN and Chromecast working?

... or Sonos? The phone is more exposed, than the other two device, to security risk. Entrusting such important things to a peripheral that is easily hacked (and losted, stoled, broked, etc.) makes no sense. All devices can be hacked by producer or knowing bugs...
by Znevna
Fri Feb 17, 2023 7:37 am
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 293
Views: 47632

Re: FEATURE REQUEST: full cone NAT

... I help them configure their routers, I prefer to disable insecure options by default (like UPnP, or WPS) so I'm not the one to blame when they get hacked. So the "full cone NAT" option would be a nice middle ground (easy to enable with no special configuration unlike port forwarding, ...
by marekm
Fri Feb 17, 2023 1:35 am
Forum: RouterOS beta
Topic: FEATURE REQUEST: full cone NAT
Replies: 293
Views: 47632

Re: FEATURE REQUEST: full cone NAT

... I help them configure their routers, I prefer to disable insecure options by default (like UPnP, or WPS) so I'm not the one to blame when they get hacked. But without UPnP and without full cone NAT, I need to explain to them how to set up port forwarding etc. So the "full cone NAT" option ...
by edyatl
Wed Feb 01, 2023 11:05 am
Forum: General
Topic: Removing an account from this forum without any reason or notification. [SOLVED]
Replies: 14
Views: 2811

Re: Removing an account from this forum without any reason or notification. [SOLVED]

... has not been included in any data breaches […] As if the truth of the universe is in that database, maybe your chrome password database has been hacked and you don't even know it. Since anything you (and I) post cannot be proven, it is too presumptuous of you to accuse the forum. Do you have ...
by rextended
Wed Feb 01, 2023 10:03 am
Forum: General
Topic: Removing an account from this forum without any reason or notification. [SOLVED]
Replies: 14
Views: 2811

Re: Removing an account from this forum without any reason or notification. [SOLVED]

... has not been included in any data breaches […] As if the truth of the universe is in that database, maybe your chrome password database has been hacked and you don't even know it. Since anything you (and I) post cannot be proven, it is too presumptuous of you to accuse the forum.
by rextended
Wed Feb 01, 2023 12:22 am
Forum: General
Topic: Removing an account from this forum without any reason or notification. [SOLVED]
Replies: 14
Views: 2811

Re: Removing an account from this forum without any reason or notification. [SOLVED]

Probably both account are hacked for password leak shared from other social media, or just a simple password easy to find. When one account is hacked, and has just few useless posts is deleted. Nothing to add. And since you've registered ...
by vecernik87
Wed Feb 01, 2023 12:11 am
Forum: General
Topic: Removing an account from this forum without any reason or notification. [SOLVED]
Replies: 14
Views: 2811

Re: Removing an account from this forum without any reason or notification. [SOLVED]

... not affiliated with mikrotik so I can't explain why these particular cases happened. However, common thing on all forums is link farming through hacked accounts. e.g. You password leaks from some service and it is same as your mikrotik forum password. Spammers buy a database of leaked credentials ...
by drasir
Tue Jan 31, 2023 1:30 pm
Forum: Scripting
Topic: Please remove SSL requirement for REST Api
Replies: 15
Views: 3421

Re: Please remove SSL requirement for REST Api

i am totally capabale of locking of access by myself. said every hacked user ever :D P.S.: I will look into it, although usually downgrading security for sake of "less hassle" is not a good idea I get your point, sure. However, whole of RouterOS's ...
by normis
Tue Jan 31, 2023 8:40 am
Forum: Scripting
Topic: Please remove SSL requirement for REST Api
Replies: 15
Views: 3421

Re: Please remove SSL requirement for REST Api

i am totally capabale of locking of access by myself.
said every hacked user ever :D

P.S.: I will look into it, although usually downgrading security for sake of "less hassle" is not a good idea
by pcunite
Wed Jan 18, 2023 8:02 pm
Forum: Useful user articles
Topic: MultiWAN with RouterOS
Replies: 51
Views: 19704

Re: MultiWAN with RouterOS

... the size of your standard scope. It takes two command lines to show this awkward representation and linking. Forum member anav has beautifully hacked this concept by always setting the default Scope to 10 and using the Target Scope parameter to change the relationship . Note that two linked ...
by anav
Wed Jan 18, 2023 2:00 pm
Forum: General
Topic: A version of Winbox with port knocking?
Replies: 8
Views: 950

Re: A version of Winbox with port knocking?

... step there is. But no internet = no VPN. Or do you mean something else ? The more service exposed to internet the more can break or be hacked. I could set VPN behind port knocking perhaps but have not done so. I like the equipment to drop all inbound traffic by default and not popup ...
by Kindis
Wed Jan 18, 2023 1:56 pm
Forum: General
Topic: A version of Winbox with port knocking?
Replies: 8
Views: 950

Re: A version of Winbox with port knocking?

... step there is. But no internet = no VPN. Or do you mean something else ? The more service exposed to internet the more can break or be hacked. I could set VPN behind port knocking perhaps but have not done so. I like the equipment to drop all inbound traffic by default and not popup ...
by r00t
Sat Jan 14, 2023 12:05 am
Forum: General
Topic: Blacklisted Device by Mikrotik ?
Replies: 5
Views: 1003

Re: Blacklisted Device by Mikrotik ?

... never seen counterfeit Mikrotik device yet... so, what actually happened here, if it's completely different HW inside that runs ROS? Or perhaps hacked license on official Mikrotik board? It all seems like a lot of effort someone would go to actually make a compatible hardware and possibly still ...
by rextended
Wed Jan 11, 2023 11:15 pm
Forum: General
Topic: Re: removed
Replies: 12
Views: 1270

Re: removed

Another account hacked by telegram leak...
by Darryl
Wed Jan 11, 2023 2:39 pm
Forum: General
Topic: RouterOS can't use ingress port 53 [SOLVED]
Replies: 18
Views: 3356

Re: RouterOS can't use ingress port 53 [SOLVED]

... should work, you actually don't have anything in firewall blocking any connection to router itself ... which also means device can be easily hacked from internet. So if connecting to DNS service on router works from LAN but doesn't from internet, then your ISP doesn't offer internet lines ...
by mkx
Tue Jan 10, 2023 11:24 pm
Forum: General
Topic: RouterOS can't use ingress port 53 [SOLVED]
Replies: 18
Views: 3356

Re: RouterOS can't use ingress port 53 [SOLVED]

... should work, you actually don't have anything in firewall blocking any connection to router itself ... which also means device can be easily hacked from internet. So if connecting to DNS service on router works from LAN but doesn't from internet, then your ISP doesn't offer internet lines ...
by nextgen86
Thu Dec 22, 2022 11:15 am
Forum: General
Topic: Mikrotik hacked and hard reset disabled
Replies: 12
Views: 6365

Re: Mikrotik hacked and hard reset disabled

I can fix the Mikrotik Routerboard
exposed to the bootloader without losing the license. all types of direct proxy in the hardware section immediately sent to me in Indonesia
by anav
Thu Dec 01, 2022 10:02 pm
Forum: General
Topic: Optimize Firewall - Raw? more Security?
Replies: 12
Views: 2423

Re: Optimize Firewall - Raw? more Security?

In terms of the serial number, not sure, but it was advice from someone far my expert than myself, and it is done to protect the router if hacked I guess.

plain /export file=anynameyouwish is fine.
by rextended
Fri Nov 11, 2022 3:37 pm
Forum: General
Topic: attacking my mikrotik device
Replies: 20
Views: 2732

Re: attacking my mikrotik device

... and the last is 7.6 and is better remove all old mess and restore default firewall and other rules that work with firewall 2) if your device is hacked, you clean the hack i don't know why mikrotik enable this default ospf and pptp enterface in Routers . its not the first time that attacker uses ...
by Techsystem
Fri Nov 11, 2022 6:41 am
Forum: General
Topic: attacking my mikrotik device
Replies: 20
Views: 2732

Re: attacking my mikrotik device

... they are part of functions that RouterOS can be configured to handle. Post your config and we can help out figure out what are wrong. Bad config/hacked etc. sorry if my language seems to be unappropriate, you can find my router config in the last comment.
by Jotne
Thu Nov 10, 2022 11:23 pm
Forum: General
Topic: attacking my mikrotik device
Replies: 20
Views: 2732

Re: attacking my mikrotik device

... they are part of functions that RouterOS can be configured to handle. Post your config and we can help out figure out what are wrong. Bad config/hacked etc.
by anav
Thu Nov 10, 2022 10:21 pm
Forum: General
Topic: attacking my mikrotik device
Replies: 20
Views: 2732

Re: attacking my mikrotik device

Yes, if hte router is hacked there was an unsafe config most likely
First step disconnect from net.
Second step netinstall a fresh version of stable software.
Third step manually add back in the config for required traffic.
by gabacho4
Thu Nov 10, 2022 8:58 pm
Forum: General
Topic: attacking my mikrotik device
Replies: 20
Views: 2732

Re: attacking my mikrotik device

Your router has likely been hacked. That IP belongs to a hosting service so odds are it has been made part of some sort of botnet. You need to perform a net install on the router, recreate your configuration, and ensure that you don't change any firewall rules without understanding 100% what they do.
by Sob
Sun Nov 06, 2022 12:41 am
Forum: Beginner Basics
Topic: browser TLS error using Mikrotik hardware
Replies: 12
Views: 2555

Re: browser TLS error using Mikrotik hardware

... anything "funny" with it. When you get TLS errors (what exact errors do you get?), it means that something is wrong. And unless it was hacked and something hidden is now living inside it, it's not your LHG's fault, it's just forwarding packets and doesn't care what's inside them.
by anav
Tue Nov 01, 2022 2:48 pm
Forum: General
Topic: hacked - strange thousand connections on 23 port
Replies: 5
Views: 1307

Re: hacked - strange thousand connections on 23 port

Netinstall 7.6 then use this basic novice firewall for starters. - https://forum.mikrotik.com/viewtopic.php?t=180838 Also the scripts at the end, if you do not understand them, what they do, then dont put them back in, they seem way overblown as is. State instead the requirements to ensure user traf...
by anav
Tue Nov 01, 2022 2:47 pm
Forum: General
Topic: hacked - strange thousand connections on 23 port
Replies: 5
Views: 1307

Re: hacked - strange thousand connections on 23 port

Concur with Sid, Simple, yes simple to hack as there in no protection on the input chain firewall rules for the router itself.
by sid5632
Tue Nov 01, 2022 2:03 am
Forum: General
Topic: hacked - strange thousand connections on 23 port
Replies: 5
Views: 1307

Re: hacked - strange thousand connections on 23 port

The default rule at the ends of the forward and input chains accepts all traffic unless you drop it.
Apart from incoming DNS, you have NO effective filter on the input chain. This is a bad thing (tm).
Not quite sure what your use of that output rule is for.
by samotoka
Mon Oct 31, 2022 11:48 pm
Forum: General
Topic: hacked - strange thousand connections on 23 port
Replies: 5
Views: 1307

Re: hacked - strange thousand connections on 23 port

The config is very simple by the way # model = 2011UAS-2HnD # serial number = /interface bridge add admin-mac=D4:CA:6D:31:F8:59 arp=proxy-arp auto-mac=no comment=LAN mtu=1500 name=bridge1 /interface ethernet set [ find default-name=ether1 ] speed=100Mbps set [ find default-name=ether2 ] speed=100Mbp...
by anav
Mon Oct 31, 2022 11:44 pm
Forum: General
Topic: hacked - strange thousand connections on 23 port
Replies: 5
Views: 1307

Re: hacked - strange thousand connections on 23 port

Post your config, anything else unusual, scripts entered you didnt know about it?
If you were not secure with your config before what makes you think you know how to deal with it now?
by samotoka
Mon Oct 31, 2022 11:35 pm
Forum: General
Topic: hacked - strange thousand connections on 23 port
Replies: 5
Views: 1307

hacked - strange thousand connections on 23 port

Hello friends
Yesterday i sow something very disturbing
My two Mts are hacked
I know netinstall but ...

/ip firewall filter
add action=drop chain=output protocol=tcp src-port=23

is good enough
Is there other solution
by pe1chl
Sun Oct 23, 2022 7:40 pm
Forum: General
Topic: Downgraded firmware, users reset, lost sticker - how to gain access
Replies: 14
Views: 1441

Re: Downgraded firmware, users reset, lost sticker - how to gain access

... password or you will get locked out. But on the other hand it will cut down on the immense number of routers and other devices that get "hacked" by criminals and used for e.g. DDoS attacks. MikroTik already has a huge problem with that, and being a EU manufacturer with a large number ...
by k6ccc
Wed Oct 19, 2022 4:58 pm
Forum: SwOS
Topic: SwitchOS CLI
Replies: 27
Views: 18769

Re: SwitchOS CLI

... password is thicker layer. Two factor authentication is another layer. Using a VPN adds a layer, but by itself is not total security. VPNs can be hacked... HTTPS vs HTTP is just another layer. It means that it is harder to read the password (among other stuff) with a packet sniffer. Does not make ...
by rextended
Wed Oct 19, 2022 2:30 am
Forum: SwOS
Topic: SwitchOS CLI
Replies: 27
Views: 18769

Re: SwitchOS CLI

... same username and password on a mainframe and a switch, attractively, apart from disfiguring it, with the SwOS you can do nothing, if someone have hacked the device on which you write the password, https or not, who cares... if someone already intercept your traffic, "imagine" if it cares ...
by bbs2web
Wed Oct 19, 2022 12:24 am
Forum: Forwarding Protocols
Topic: another clickbait title: Is RouterOS at risk of VLAN stacking flaw (on never implemented IPv6 RA guard)?
Replies: 9
Views: 2594

Re: another clickbait title: Is RouterOS at risk of VLAN stacking flaw (on never implemented IPv6 RA guard)?

Unfortunately couldn't find a way of implementing IPv6 RA Guard (rfc6105) so I hacked switch rules and bridge filters together to achieve the desired results. CRS - Hardware offloaded (MC-LAG compatible) bridge with IPv6 Router Advertisement (RA) Guard: https://forum.mikrotik.com/viewtopic.php?t=190101 ...
by Doberman
Mon Oct 17, 2022 1:12 pm
Forum: General
Topic: wired internet problem ... in the hunt for a ghost
Replies: 9
Views: 942

Re: wired internet problem ... in the hunt for a ghost

... it to be the cause of issues. So the third alternative is someone actually changed something on the router, so you have two admins or more OR got hacked. Hello Anav. Thats were my assumptions too. But this part with changes to the PC "falls into the water" because it's not about one ...