s77.eeongous.com

aamirshan · May 5, 2021, 3:22pm

Dear All,

Today i see this in interfaces
s77.eeongous.com
user5228573
pass5228573
Type : L2TP client

I update the mikrotik version , change password , disable services as mention in some post . can any body told me what i need to do so i can take immidiate measures.
e.g firewall rules currenlty i don’t have any rules.

Thanks

rextended · May 5, 2021, 3:32pm

http://forum.mikrotik.com/t/what-is-ip-socks-i-got-hacked-and-they-open-this/146488/1

RouterOS version?
Your PC are infected and “winbox list” stolen?

post the file obtained from this command on forum

/export hide-sensitive file=export

for analisys

aamirshan · May 5, 2021, 3:56pm

What is IP SOCKS ? I got hacked and they open this

RouterOS version?
Your PC are infected and "winbox list" stolen?

post the file obtained from this command on forum
/export hide-sensitive file=export
for analisys

First of all thanks fory your reply i attached the file.
export.rsc (10.5 KB)

rextended · May 5, 2021, 4:06pm

I can’t see any strange
I suggest you to save your config and user-manager backup

/export file=full
/tool user data save name=full

and netinstall the router and paste full rsc on terminal and reload user-manager database.