Initially I was able to connect using winbox using the username an password on s sticker.
Still on 7.12.2, I took a backup under Files menu. Then I downloaded 7.16 arm64 main package and dragged it under winbox system packages. Then i initialiased manual upgrade by opening a terminal under winbox. It asked if a want to see the license and chose yes. I kept pressing enter to get to the end of the lisence.
Then something strange happened. It asked for a old password and also a new password. Even more strange was that the password in the sticker didn’t work as a old password. Instead, I used empty password as old and entered the sticker password as new because i didnt want to rethink a new password in middle of upgrade process. I seemingly was succesfull in updating the new password. At this time, as a part of the upgrade process, i entered /system reboot and chose Y. The router booted up and winbox login screen showed 7.16 version but I was not able to connect using my "new"password or empty one. I have tried Mac address login and ip address login via rb5009 port 2. Both fail.
I have not connected the rb5009 Wan port(port 1) to internet, not even once. However, I have had my windows 10 winbox laptop connected to internet via a mobile hotspot, only short times while the laptop winbox has been connected to the router.
Is my rb5009 hacked and if so, how to regain access to it?
I seem to remember that it was already reported in at least one case that a Mikrotik device that should have had the sticker password was actually found as having a blank one, probably because of an hiccup of some kind in factory.
So it is possible that the “old” password was blank (by mistake).
What may have happened is that you mis-read the (printed in teeny-tiny characters) sticker password and thus you typed it wrong.
Check if it is one of those password containing “visually confusing” characters, such as 012568/OIZSGB and try the possible few variations.
You should still be able to make a reset of the router and - should it not work - there is still netinstall (but this latter procedure is complex and better if avoided).
As indicated, use combinations of
1 / l (lower case L) / i (lower case i)
zero or capital O
…
Also, it’s not because in the MAC address 0 is shown with striked font, this means in the password O is not zero (really, I have seen it already).
It has been confirmed process has been changed to avoid using these confusing characters and to use a font for both passwd and MAC to show striked zero.
But what has already left factory, is in the field …
Clearly Holvoe, Mikrotik staff use apple products and zyxel networking equipment and not MT products, as that kind of oversight only happens when you dont actually use the equipment for real.
Thank you all for your kind assistance. It is indeed appreciated.
Actually what seemingly happened was this. While continuously pressing enter in my effort to get rid of “reading” the license, I most probably, unintentionally, accepted “remove default configuration” from the router and also a setup of a new password. In all my confusion, I did ignore checking CAPS lock status and entered the old pass word (=empty, where CAPS lock didn’t make difference). Then entered my new password twice from the sticker (again CAPS lock didn’t matter, because I didn’t change the CAPS lock in between).
As we speak, I can now access my router and I have no reason to believe it having been hacked. I have now hardened the router in a variety of ways (Disabling services, disabling MAC access. limiting access by IP etc…).
