Community discussions

MikroTik App
 
BrianWisp
just joined
Topic Author
Posts: 1
Joined: Thu Apr 18, 2019 12:56 pm

System,error,critical login failure

Thu Apr 18, 2019 1:19 pm

Hello,

I just started using mikrotik recently, when i login to my router, i keep getting this

"apr/18/2019 06:04:07 system,error,critical login failure for user applmgr from 192.169.217.183 via ssh
apr/18/2019 06:04:16 system,error,critical login failure for user support from 103.99.3.201 via ssh
apr/18/2019 06:04:18 system,error,critical login failure for user support from 103.99.3.201 via ssh
apr/18/2019 06:07:14 system,error,critical login failure for user openstack from 165.227.53.51 via ssh
apr/18/2019 06:07:36 system,error,critical login failure for user pi from 217.241.30.150 via ssh
apr/18/2019 06:07:36 system,error,critical login failure for user pi from 217.241.30.150 via ssh


What could be happening...whats the course and how can i stop it.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3025
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: System,error,critical login failure

Thu Apr 18, 2019 1:46 pm

It seems that you have SSH open to access the router from the outside.
So anyone who tries port tcp/22 will be logged if they have wrong password.

BUT this is some you should not do. Do not open your router Winbox/SSH/Telnet/Web for admin access on outside.

If you need to use SSH from the outside you do not have many option.

1. VPN (best option)

2. Open SSH but:
a. change to other port than 22
b. set an access list to reduce who can access it
c. use port knocking (google it)
d. setup some monitoring. example getting email every time some logs inn
e. create a new user and remove admin user
f. use a very strong password
g. +++
 
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
 
 
User avatar
Lifz
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue Feb 26, 2013 1:05 pm

Re: System,error,critical login failure

Thu Apr 18, 2019 2:10 pm

You may use firewall rules to prevent login brute-force: https://wiki.mikrotik.com/wiki/Brutefor ... prevention
 
Docop
just joined
Posts: 24
Joined: Thu May 23, 2019 3:56 pm

Re: System,error,critical login failure

Tue May 28, 2019 3:23 am

With the wiki.. on the : address-list=ssh_blacklist : do we need to create somewhere the ssh_blacklist ? or it will be creating a log or something like that.. ?

And do we just add those action in the firewall filter just before the : :
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

and is just this one can do the same :
add action=drop chain=forward in-interface=bridge1 src-address=!192.168.0.0/24 comment="Drop all that do not match LAN IP"

So with this, can it then make the service port ssh and other less problematic and be leave on .. as only being possible to log via lan ip.?

Thanks
 
saktimandraguna
just joined
Posts: 1
Joined: Thu Oct 22, 2020 3:32 am

Re: System,error,critical login failure

Thu Oct 22, 2020 3:46 am

It seems that you have SSH open to access the router from the outside.
So anyone who tries port tcp/22 will be logged if they have wrong password.

BUT this is some you should not do. Do not open your router Winbox/SSH/Telnet/Web for admin access on outside.

If you need to use SSH from the outside you do not have many option.

1. VPN (best option)

2. Open SSH but:
a. change to other port than 22
b. set an access list to reduce who can access it
c. use port knocking (google it)
d. setup some monitoring. example getting email every time some logs inn
e. create a new user and remove admin user
f. use a very strong password
g. +++


i have recent problem..
someone/thing tried to login via winbox but from the router IP itself (172.26.0.1) pics attached..
please, need help..
thank you..
You do not have the required permissions to view the files attached to this post.
 
kd2pm2
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: System,error,critical login failure

Fri Oct 23, 2020 3:59 am

Hopefully, you have already disabled the admin password and only use a trusted one you created. As noted, you should set up access so that only IP addresses from within your LAN can use winbox or HTTP to the router.
Ed in NJ-USA
RB2011 / RB4011 / RB260GS / RB750
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 866
Joined: Fri Nov 10, 2017 8:19 am

Re: System,error,critical login failure

Fri Oct 23, 2020 7:03 am

i have recent problem..
someone/thing tried to login via winbox but from the router IP itself (172.26.0.1) pics attached..
please, need help..
thank you..
this looks more like TheDude ... Probably added the device and now its trying to log in (enabled by default). find the device and uncheck "router OS" option in the details page.
If you find me posting too many replies, I am either procrastinating on some really important task, or just drunk. Roll D20 to find out which one it is.
 
ryomexico
just joined
Posts: 1
Joined: Fri Dec 10, 2021 7:06 am

Re: System,error,critical login failure

Fri Dec 10, 2021 7:20 am

00:54:00 system,error,critical login failure for user  from 192.168.72.10 via ssh 
00:54:00 system,error,critical login failure for user admin from 192.168.72.10 via ssh 
00:54:00 system,error,critical login failure for user admin from 192.168.72.10 via ssh 
00:54:00 system,error,critical login failure for user MikroTikSystem from 192.168.72.10 via ssh 
00:54:00 system,error,critical login failure for user admin from 192.168.72.10 via ssh 
00:54:01 system,error,critical login failure for user dircreate from 192.168.72.10 via ssh 
00:54:01 system,error,critical login failure for user SolucTec from 192.168.72.10 via ssh 
00:54:01 system,error,critical login failure for user EServicios from 192.168.72.10 via ssh 
I had the same symptoms of trying to access hapac2 from local on my windows 10 computer.

I assume that these accesses are from antivirus software to check for vulnerabilities.
Which antivirus software do you use?
I am using the free version of Avast.

Who is online

Users browsing this forum: No registered users and 27 guests