MikroTik

hi sir
when i open log to see how user can log or not
i see string events
i will upload this image
best regards ..

Change the "admin" address list below to contain all networks that you want to have SSH, FTP, and winbox access before applying the configuration change, the below allows all private IPs (which probably isn't what you want, but at least won't badly break things): That's just a stop gap measure. Read the below links until you fully understand them and then secure your router.
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Securing_your_router

sir i don't log in this time
i think this is hacker
i am not trying to log anyway
when i try to login no problem
this is not me

ip firewall address-list
add list=admin address=10.0.0.0/8
add list=admin address=172.16.0.0/12
add list=admin address=192.168.0.0/16
this is ok

but this is no
[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
item number must be assigned by a print command
use print command before using an item number in a command
[admin@MikroTik] ip firewall filter>

Then do what it asks.

[admin@MikroTik] > /ip firewall filter
[admin@MikroTik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid connections
chain=input connection-state=invalid action=drop

1 ;;; Allow Established connections
chain=input connection-state=established action=accept

2 ;;; Allow ICMP
chain=input protocol=icmp action=accept

3 ;;; Drop everything else
chain=input action=drop

4 ;;; Accept established connections
chain=input connection-state=established action=accept

5 ;;; Accept related connections
chain=input connection-state=related action=accept

6 ;;; Drop invalid connections
chain=input connection-state=invalid action=drop

7 ;;; UDP
chain=input protocol=udp action=accept

8 ;;; Allow limited pings
chain=input protocol=icmp limit=50/5s,2 action=accept

9 ;;; Drop excess pings
chain=input protocol=icmp action=drop

10 ;;; SSH for secure shell
chain=input protocol=tcp dst-port=22 action=accept

11 ;;; winbox
chain=input protocol=tcp dst-port=8291 action=accept

12 ;;; From Mikrotikls network
chain=input src-address=159.148.172.192/28 action=accept

13 ;;; From our private LAN
chain=input src-address=10.0.0.0/8 action=accept

14 ;;; Log everything else
chain=input action=log log-prefix="DROP INPUT"

15 ;;; Drop everything else
chain=input action=drop

16 chain=forward src-address=0.0.0.0/8 action=drop

17 chain=forward dst-address=0.0.0.0/8 action=drop

18 chain=forward src-address=127.0.0.0/8 action=drop

19 chain=forward dst-address=127.0.0.0/8 action=drop

20 chain=forward src-address=224.0.0.0/3 action=drop

21 chain=forward dst-address=224.0.0.0/3 action=drop

22 chain=forward protocol=tcp action=jump jump-target=tcp

23 chain=forward protocol=udp action=jump jump-target=udp

24 chain=forward protocol=icmp action=jump jump-target=icmp

[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
invalid value 21,22,8291 for min, an integer required
[admin@MikroTik] ip firewall filter>

What version are you running? Post the output of "/system resource print". Please start wrapping output in