Can't backup

Hello everyone, recently my CCR 1036 decided to restart constantly. I managed to do a NetInstall with the latest RoS and everything went back do normal. But I noticed that I cannot save or create any files on the router. I’m now sending daily backups to an ftp server just to make sure I don’t loose too much in case of something happens.

Is there anyway to fix this? Or am I doomed to buy another box to replace this dying one?

Thanks again!

take backup ypur config and then reset configuration your device then install ROS again with netinstall.

I have the export of the equipment, it was just after a netinstall that the problem appeared. I might try this, but since its a production equipment with about 2000 clients on it. I`ll better make sure its the on the red eye shift.

Another thing I just noticed is that the users I created to administrate the router get deleted. I can’t find anything on logs about who did it, but only default user with default password was kept, and I had disabled it and changed its password when I did the netinstall on it.

what version you installed on your router?
try Previous version of that!!!

Mikrotik had a vulnerability which allowed login through winbox without password. It is already patched, but maybe You had a vulnerable version. Since your users are gone, that is a possibility.

Another possibility is the internal storage is getting old. Check if there is enough free space, if there isn’t too many bad blocks, and try to write something - just to make sure it is ok. If it’s ok, I’d bet on invasion.

In this case, the best way is to (re)start from zero.

1. Take a backup. Just because.
2. Take an export. This is important, as you should do a full audit on it, and restore the configs You see fit from here.
3. Take the unit offline.
4. Do a netinstall. Use different user/password from before.
5. Restore, from the already audited export, what you want.
6. Review firewall and access policies, since they got in from somewhere.

… and then junk it. If the device was hacked, this backup should never ever be restored by any chance. If device was not hacked … you’ll have it up and running with revised configuration anyways.

Never underestimate Murphy’s law. He may forget to backup some key or certificate - that would have to be changed, but he may need it one last time - and a backup would save him.

I was going to suggest checking “/system health print” for the bad block counter as it sounds like the flash is trash, but my CCR1016 is lacking that…

Well, just an update. I managed to get the equipment back and running after upgrading the firmware to the latest version. After a week or so problems started again. I’m sending the equipment to repair now.