Blocking Virus from Mikrotik

zriah · June 2, 2018, 5:29pm

There is a web-based virus on mikrotik. When clients type address, it says “your connection is not hidden” NET:ERR_CERT_AUTHORITY_INVALID"
Then try to reload, it redirected to sohu.com address. Anyone else had trouble with this? Or how can i fix these?

BartoszP · June 2, 2018, 7:23pm

Are you sure taht it is Mikrotik problem? Have you tried other router?

msatter · June 2, 2018, 7:28pm

When I search for sohu.com I find this:

https://forum.mikrotik.com/viewtopic.php?f=2&t=68290&hilit=Sohu.com

R1CH · June 2, 2018, 7:47pm

Perhaps your router was compromised and an attacker is intercepting your DNS.

zriah · June 2, 2018, 7:49pm

Totally sure, other router has no problem like this. Only mikrotik connections are being effected.

zriah · June 2, 2018, 7:58pm

I can connect couple websites, not all of them. Also, on Apple devices, it redirects to a fake apple security (apple id) page.

BartoszP · June 2, 2018, 8:21pm

What is DNS setting for these clients?
What is DHCP server setting in Mikrotik?
Are you sure that router redirects pages?

anav · June 2, 2018, 8:23pm

If you let the web into your mikrotik, anything is possible!

Follow these instructions…
https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

zriah · June 2, 2018, 8:46pm

Clients uses Google DNS (8.8.8.8 and 8.8.4.4) Also, changed to another DNS but still same issue.
DHCP Settings: 10.10.24.0/20

I don’t sure about mikrotik redirects pages. But it’s being affected by only mikrotik clients on the WAN. The other networks are not affecting. Clients can uses instagram, whatsapp,youtube etc. applications on their devices. Only most of HTTP and HTTPS redirects.

henry81 · June 3, 2018, 1:48pm

Is this issue address? I have same issue like this and i keep resetting the device which is not good.

henry81 · June 20, 2018, 9:37pm

Any update on this issue? this is so prostrating. Mikrotik need to address this issue.

BartoszP · June 20, 2018, 10:25pm

Check this: http://forum.mikrotik.com/t/vpnfilter-official-statement/119763/1
Do you have updated ROS?

anav · June 21, 2018, 1:48am

Download the software upgrade for the OS. Remove your router from the internet, Upgrade your OS to the latest version, change all your passwords, do not use the same ones you used before and change the admin name as well.
And use the links provided to better secure the router. Dont allow external connections to the router itself and if you have to use VPN tunnels.

Steveocee · June 21, 2018, 1:33pm

OP please post your current running config. This may be something such as a DNS hijack but could be significantly worse if your router is genuinely compromised.

henry81 · June 24, 2018, 12:46pm

So this means Mikrotik is easy to hack than other router devices. I only experience this one in mikrotik device, and how come when resetting it will fix the problem and back again after a month? fyi password has been change already.

nescafe2002 · June 24, 2018, 12:52pm

MikroTik already addressed this issue in all release channels. Just upgrade to the latest version, set a new password and check your configuration to be sure.

If you continue having problems despite upgrading, send supout.rif to support.