DO NOT USE API without a SSL. :) !!!!
Now client sends username and password in first message. Password is sent in plain text. in case of error, reply contains =message=error message. In case of successful login client can start to issue commands. Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition" Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage's with www.towercoverage.com -----Original Message----- From: AF <[email protected]> On Behalf Of Justin Wilson Sent: Tuesday, July 17, 2018 10:47 AM To: AnimalFarm Microwave Users Group <[email protected]> Subject: Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes What's new in 6.43rc44 (2018-Jul-11 07:45): MAJOR CHANGES IN v6.43: ---------------------- !) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login); Justin Wilson [email protected] www.mtin.net www.midwest-ix.com > On Jul 16, 2018, at 10:57 PM, Nate Burke <[email protected]> wrote: > > I just happened to be looking through the Logs of a couple Mikrotiks that I > didn't have Winbox Firewalled off From the outside world. Someone from the > outside world logged into winbox today. I had what I 'thought' were strong > passwords on them. The only active service on the router is the Winbox > Service. > > The only changes that were made was they enabled the 'socks' server, and > added input firewall rule for the socks port. They were in and out of the > router in a matter of seconds, so it looks like it was scripted somehow. > > I'm going through now and changing passwords and verifying all routers are > locked from the outside. On the routers that I've found this on, all the > logins were sourced from this same IP Address. So far the affected routers > I've found were running versions 6.39-6.41.3 > > Might be a good time to check your logs and access controls. > > > jul/15 02:29:14 system,info,account user admin logged in from 194.40.240.254 > via winbox > jul/15 02:29:17 system,info,account user admin logged in from 194.40.240.254 > via telnet > jul/15 02:29:18 system,info socks config changed by admin > jul/15 02:29:18 system,info filter rule added by admin > jul/15 02:29:19 system,info,account user admin logged out from 194.40.240.254 > via winbox > jul/15 02:29:19 system,info,account user admin logged out from 194.40.240.254 > via telnet > > > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
