Name and admin password was changed (not by me).

Reface · December 5, 2017, 6:34am

Hello.
I have a very strange situation. Yesterday I saw that name of my Mikrotik RB2011UiAS-2HnD-IN was changed to “HACKED”. I had an empty password of admin, but it was changed. All other configuration (I mean internet access and wifi) was the same, but it cannot be a statement, because I couln’t check configuration by winbox and console.
I understand that empty password of admin it is very silly mistake, but I have to change configuration of my RB2011 very often (I have a very diffucult home network), because RB2011 is a new device of my network and I need some time to configure it.
So. It is a pitty, but I can’t load a config, because yesterday I made a reset by nettools. I remember all my configuration.
On firewall was enabled rule for access to RB only from - my network^
chain - input
src.address - 192.168.5.0/24
protocol - tcp
dst. port - 80, 8291,22
in. interface - bridge1 (lan ports - 2,3,4)
Wifi - wpa2 and mac authentication.
And this rules on picture:

Questions:

How my Mikrotik was hacked? Or is it joke from RouterOS (6.40.5)?
I reseted Mikrotik by netinstall without saving configuration. Is this reset clear all configuration, scripts and possible virus code or I have to clear nand?

jarda · December 5, 2017, 9:49am

Create your own user with admin rights and your password and remove admin user from the system.

The system is surely clear after netinstall.

There is no known way how to put a virus or any other custom code into ROS.

Reface · December 5, 2017, 10:29am

jarda, thank you for information. I’ll follow your advice about new user an admin rights.
And thank you for a very good news about ROS!

P.S. All my questions have answers. Please close my topic.