Community discussions

MikroTik App
 
BrianWisp
just joined
Topic Author
Posts: 1
Joined: Thu Apr 18, 2019 12:56 pm

System,error,critical login failure

Thu Apr 18, 2019 1:19 pm

Hello,

I just started using mikrotik recently, when i login to my router, i keep getting this

"apr/18/2019 06:04:07 system,error,critical login failure for user applmgr from 192.169.217.183 via ssh
apr/18/2019 06:04:16 system,error,critical login failure for user support from 103.99.3.201 via ssh
apr/18/2019 06:04:18 system,error,critical login failure for user support from 103.99.3.201 via ssh
apr/18/2019 06:07:14 system,error,critical login failure for user openstack from 165.227.53.51 via ssh
apr/18/2019 06:07:36 system,error,critical login failure for user pi from 217.241.30.150 via ssh
apr/18/2019 06:07:36 system,error,critical login failure for user pi from 217.241.30.150 via ssh


What could be happening...whats the course and how can i stop it.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1818
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: System,error,critical login failure

Thu Apr 18, 2019 1:46 pm

It seems that you have SSH open to access the router from the outside.
So anyone who tries port tcp/22 will be logged if they have wrong password.

BUT this is some you should not do. Do not open your router Winbox/SSH/Telnet/Web for admin access on outside.

If you need to use SSH from the outside you do not have many option.

1. VPN (best option)

2. Open SSH but:
a. change to other port than 22
b. set an access list to reduce who can access it
c. use port knocking (google it)
d. setup some monitoring. example getting email every time some logs inn
e. create a new user and remove admin user
f. use a very strong password
g. +++
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
User avatar
Lifz
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Tue Feb 26, 2013 1:05 pm

Re: System,error,critical login failure

Thu Apr 18, 2019 2:10 pm

You may use firewall rules to prevent login brute-force: https://wiki.mikrotik.com/wiki/Brutefor ... prevention
 
Docop
just joined
Posts: 22
Joined: Thu May 23, 2019 3:56 pm

Re: System,error,critical login failure

Tue May 28, 2019 3:23 am

With the wiki.. on the : address-list=ssh_blacklist : do we need to create somewhere the ssh_blacklist ? or it will be creating a log or something like that.. ?

And do we just add those action in the firewall filter just before the : :
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

and is just this one can do the same :
add action=drop chain=forward in-interface=bridge1 src-address=!192.168.0.0/24 comment="Drop all that do not match LAN IP"

So with this, can it then make the service port ssh and other less problematic and be leave on .. as only being possible to log via lan ip.?

Thanks
 
saktimandraguna
just joined
Posts: 1
Joined: Thu Oct 22, 2020 3:32 am

Re: System,error,critical login failure

Thu Oct 22, 2020 3:46 am

It seems that you have SSH open to access the router from the outside.
So anyone who tries port tcp/22 will be logged if they have wrong password.

BUT this is some you should not do. Do not open your router Winbox/SSH/Telnet/Web for admin access on outside.

If you need to use SSH from the outside you do not have many option.

1. VPN (best option)

2. Open SSH but:
a. change to other port than 22
b. set an access list to reduce who can access it
c. use port knocking (google it)
d. setup some monitoring. example getting email every time some logs inn
e. create a new user and remove admin user
f. use a very strong password
g. +++


i have recent problem..
someone/thing tried to login via winbox but from the router IP itself (172.26.0.1) pics attached..
please, need help..
thank you..
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: fremaint and 58 guests