Community discussions

MikroTik App
 
Johannes33
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Dec 26, 2016 1:26 am

Can default configuration be hacked?

Thu Sep 13, 2018 6:14 pm

Hi,
The essence of my question is if hackers, having access to my router, could put malicious code in the default configuration or routerBOOT which I later use to build a new configuration on?

I got hacked with the mikrotik.php.
I did a firmware update to the latest firmware (/system routerboard upgrade, I think it cleanse the boot sequence from malware but I'm not 100% sure) and netinstall with latest ROS.
I thought that would have wiped everything.
I use the default the configuration as a base for my setup. Is the default configuration bundled with the routerOS file for my rb?
I saved a default config from when the rb was new and it is different from the one I get when I reset my rb.
When I connect directly to the internet I can access netflix but when I use the rb3011 I get an error saying that I'm using a proxy.
So could I still be hacked?
 
R1CH
Forum Guru
Forum Guru
Posts: 1099
Joined: Sun Oct 01, 2006 11:44 pm

Re: Can default configuration be hacked?

Thu Sep 13, 2018 9:01 pm

If you didn't change passwords then the attackers just reconnected with the stolen password and re-infected the router.
 
Johannes33
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Dec 26, 2016 1:26 am

Re: Can default configuration be hacked?

Thu Sep 13, 2018 10:33 pm

I did the whole process offline: where I did the netinstall,
changed password and username for the admin account and so on using the "https://wiki.mikrotik.com/wiki/Manual:S ... our_Router" guide.
I used the default settings, the rest I got fresh from the internet.

I think it is fishy when I get blocked by Netflix when connecting through the router but not when connecting directly from my computer. That is why I thought something must remain from the hack, but what I do not know. I'm worried that the hackers perhaps has edited the default config script somehow. I wonder if it does not get updated by the netinstall. Otherwise I think what is left, as possibilities goes, is that it is the routerBOOT that has some hack.

I have read a lot about resetting the RB. All say that the device should go back to factory default when using netinstall and I also updated the firmware.

Hence my question.

Edit:
On other peculiarity. I can not restore using my .rsc files. I get "Failed to restore system configuration
file not found". I had the same problem before the netinstall.
 
gerakon
Member Candidate
Member Candidate
Posts: 105
Joined: Sat May 24, 2014 8:14 am

Re: Can default configuration be hacked?

Wed Sep 19, 2018 1:09 am

If you reset the config to factory defaults, it will use the default configuration for that version of router OS. The default config has changed quite a bit from 6.39 to 6.42.x. I would not expect the original default config that came with the router OS version that shipped with the device to match the default configuration after you erase the config on the latest version of RouterOS.
 
3firs
just joined
Posts: 5
Joined: Mon Oct 01, 2018 1:30 am

Re: Can default configuration be hacked?

Mon Oct 01, 2018 1:54 am

Did you have any luck with sorting this out? I have a couple instances of clients being detected as a VPN or Proxy and if we eliminate the Mikrotik, they can watch netflix no problem.
 
49er
Member
Member
Posts: 409
Joined: Tue Sep 27, 2011 7:55 am

Re: Can default configuration be hacked?

Wed Oct 10, 2018 11:41 am

Hi,
Anyone an idea?
I have the same thing.
My router was hacked.
Reset it to defaults and update the firmware.
After that I configured it again as it has to be and has allways worked.
But now still netfilx is not working.
If I connect a device at once to the modem (no mikrotik router in place. than netfilx is working but if place the mikrotik back it is not working
Still get the message (unblocker or proxy).
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Can default configuration be hacked?

Wed Oct 10, 2018 11:42 am

Netflix not working is in no way some indication of a hacked router. There could be lots of reasons why.
 
49er
Member
Member
Posts: 409
Joined: Tue Sep 27, 2011 7:55 am

Re: Can default configuration be hacked?

Wed Oct 10, 2018 11:52 am

Normis,
The router was sure hacked.
I Save Proxy settings and vpn settings (I never made).
But before Netflix works for 3 years.
Now I reset the router and add the config again (same as first setup).
But Netflix is still not working.
If I connect a device right to the modem than netfilx is working.
But if I place the mikrotik at the modem (as normal) than Netflix is not working anymore.
What can be the reason, and better, how can I solve this.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Can default configuration be hacked?

Wed Oct 10, 2018 12:30 pm

It seems that some hacks of RB routers make changes that could not be simply undone. The only 100% cure is to netinstall hacked router. Configuration reset is not enough.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], andreacar, Google [Bot], sebus46, tarfox and 59 guests