Saw this in a log this morning from an AP running 2.9.24
09:23:15 system,error,critical login failure for user via bandwidth-test
Does this mean someone is doing a port scan and hit whatever port
the system uses for bandwidth testing, or is someone who knows the
system is mt and has a mt is trying to penetrate the system..
What ports do bandwidth scans use anyway - if they’re special then I’d
block them.
In INPUT chain, drop all traffic from all IP addresses that you don`t need. This should do the job.
You could always just disable the Bandwidth Test Server while you aren’t using it 
Not sure if there are other ways to login to the bw server tho.
i would like to propose the bw test server should be disabled by default in the OS.
hmm..i for one use it alot and i know two other guys that use MT stuff here and we all love the feature.
i like having it enabled out the box.
loading via bandwith-test - means that someone without knowledge about your users tried to run BT. default settings require authentification.
do as posted above - restrict unwanted access to input chain, disable all services you do not need.