We have about 8 Mikrotik router's in lights out remote locations. All routers are on 6.46.3
There are NVR's behind the router which are accessed remotely. 1 or 2 locations have a computer also.
About 4 of the got hacked.
From what we can see the hacker was attempting to send out emails , bitnija reported back to our ISP with links to logs etc.
We got back into the routers , disabled SSH , restricted Winbox & web access to our Ips & FQDNS
Removed any settings , users, modifications and address list setup by hackers. Changed our password and setup web access to random port. Have not changed Winbox port.
We primarily use Mikrotik for dude monitoring. Winbox and Dude use the same port
1. Will changing the Winbox port affect Dude access ?
2. Is there something else we should check , basically do the hackers modify the OS, to leave a backdoor , which will give them access again despite the steps we took above or are we safe now ?