Community discussions

MikroTik App
 
rgkprod
just joined
Topic Author
Posts: 1
Joined: Wed Nov 10, 2021 10:58 pm

RB3011 Hack

Wed Nov 10, 2021 11:03 pm

My mikrotik rb3011uiasrm router was hacked in 2018. User rights have been changed. I no longer have full access but only write on the admin and a new user (user1) has been created with full rights. So I can no longer reset the router. Do you have a solution ?
Thanks for the help
 
whatever
Member
Member
Posts: 351
Joined: Thu Jun 21, 2018 9:29 pm

Re: RB3011 Hack

Fri Nov 12, 2021 9:19 am

Netinstall
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: RB3011 Hack

Fri Nov 12, 2021 9:46 am

Exactly.
And do it completely disconnected from the rest of your network.

Only the router, eth cable and a computer with netinstall.
I read somewhere it could sometimes help to put a switch in between if netinstall doesn't find your device after several tries.
Also disconnected from the rest !!
 
Elans
Member Candidate
Member Candidate
Posts: 131
Joined: Wed Apr 18, 2018 12:41 pm

Re: RB3011 Hack

Tue Nov 16, 2021 1:11 pm

If you do have "read-only" access to these devices, you can find out the protected boot-loader settings, and use the reset button to clear all configuration and reinstall the device with Netinstall. You will have to hold the reset button more than the specified time in the "*reformat-hold-button*" setting.

Devices with boot-loader protection CAN NOT be recovered if you don't know the "
*reformat-hold-button*" setting.

Please always keep your devices updated and secured with a firewall. Never leave Winbox or ssh open from distrusted networks, never use "admin" user, and follow other recommendations as outlined here: [https://blog.mikrotik.com/security/winb ... ility.html]

Even if your device has been upgraded, it is not automatically safe, you must also remove all unknown files and change your user/password since they can still be in possession of attackers from older hack attempts.
The course of action for unaffected devices is outlined in the article above. Upgrade, change passwords, and make sure Winbox is not available to distrusted IP addresses or interfaces.

Who is online

Users browsing this forum: No registered users and 27 guests