Community discussions

 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 23562
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Tue Oct 23, 2018 9:05 am

Seems that it is no longer functional, as I tried it, and did not see anything similar to a script. I think the domains have expired or have been seized.
Read this article here about more details on all this issue:

https://blog.avast.com/mikrotik-routers ... aign-avast
No answer to your question? How to write posts
 
gnuttisch
Member
Member
Posts: 309
Joined: Fri Sep 10, 2010 3:49 pm

Re: URGENT security reminder

Sun Oct 28, 2018 8:16 pm

So, I got some routers that are "hacked" and has some stuff on them.
I try to clean them and then upgrade, but I cant, the upgrades wont get true. Is the only option to netinstall them?

Regards
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1623
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: URGENT security reminder

Sun Oct 28, 2018 8:19 pm

Why to waste time? Netinstall and import configuration via script if you have one.
Real admins use real keyboards.
 
gnuttisch
Member
Member
Posts: 309
Joined: Fri Sep 10, 2010 3:49 pm

Re: URGENT security reminder

Sun Oct 28, 2018 8:35 pm

Cause I have routers all over the country, that's why I'am asking and cant be the only one who has that.
 
maxmayer
just joined
Posts: 3
Joined: Sat Oct 13, 2018 12:23 pm
Location: ukraine

Re: URGENT security reminder

Fri Nov 02, 2018 12:59 pm

i ll try to fix it, and if your advise will help i would be happy
 
martinees
just joined
Posts: 2
Joined: Thu Nov 08, 2018 9:49 pm

Re: URGENT security reminder

Thu Nov 08, 2018 10:38 pm

Hello guys, is there any chance to get into hacked device and dump actual configuration?

I regret to tell you that that one of my RB3011 has been hacked this week even though it has ROS 6.43.4 on it and recommended security measures was applied (winbox access is restricted only from LAN).

Unfortunately the thing is that I only performed upgrade each time, because I simply didn't see any evidence of changed configuration in the exported script from older ROS version.
Therefore, it would be pretty interesting for all of us, what is behind the "scenes".
Currently Winbox login does not work, nor ssh.

Any thoughts?
Thank you for your help.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 23562
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Fri Nov 09, 2018 8:48 am

What makes you so sure it is hacked, if you say only LAN was open and upgrade had been done?
If you don't have ANY access to it, maybe it's just "dead" (broken)?
No answer to your question? How to write posts
 
martinees
just joined
Posts: 2
Joined: Thu Nov 08, 2018 9:49 pm

Re: URGENT security reminder

Fri Nov 09, 2018 12:48 pm

Well, this suspected branch office router was still connected via SSTP tunel to the "main" router, therefore I had still full access to the remote site via SSTP tunel. I just couldn't login into the router. Only what I got is typical wrong username/password message. So I had to turn it off and use only backup link.
Moreover, I saw in the statistics provided by my ISP, the outgoing traffic was ranging at 80% of uplink speed constantly in last few days. Which is not typical expected traffic shape from that branch office.
I am still wondering how this could happened.
Thank you for help.
 
sebastia
Member
Member
Posts: 486
Joined: Tue Oct 12, 2010 3:23 am

Re: URGENT security reminder

Fri Nov 16, 2018 11:16 pm

Hey martinees, did you had a backup partition on that router? If you do, switch to it and override the primary?
 
eduardo84
just joined
Posts: 2
Joined: Fri Nov 16, 2018 7:45 pm
Location: habana
Contact:

Re: URGENT security reminder

Fri Nov 16, 2018 11:30 pm

Seems that it is no longer functional, as I tried it, and did not see anything similar to a script. I think the domains have expired or have been seized.
Read this article here about more details on all this issue:

https://blog.avast.com/mikrotik-routers ... aign-avast
hello I do not abloi well English, I want to know who can help me connect my sxt lite 5 station mode to an ap that a pirate clone the mac, I had it resolved by connect list, but the pirate cloned the mac and I can not connect ,please help

Who is online

Users browsing this forum: eworm, Mazutti and 16 guests