Just found all our routers are hacked. Hackers leaves scripts behind that allow php. Passwords compromised? Not sure how hacker got in since some routers have different passwords so???
php is a seeding thing, right?
Check your logs and work backwards to undo the hackers scripts, schedule, and firewall rules. Hacker also adds a new user called Service. Also enables SSH ports, ect.
After cleaning update to newest firmware, reboot.
Mikrotik?