These are mostly customer routers on old firmware ~v5-v6, they are on the latest stable/current which I thought cured the exploit, the stuff I am seeing is usually socks or webproxy enabled for reflection attacks or smtp spam.
I restored the configs back to virgin and they got back in again somehow, I'm going to see if somehow any of the above recommendations were the cause... On Tue, Sep 25, 2018 at 1:13 PM Jon Langeler <[email protected]> wrote: > From what version to what versions? > > Jon Langeler > Michwave Technologies, Inc. > > > > On Sep 25, 2018, at 3:52 PM, TJ Trout <[email protected]> wrote: > > > > I had many mikrotiks exploited, we cleaned them up and disabled all > services except winbox and http, updated to the latest firmware and changed > passwords. > > > > Most have input firewall and are unaffected but the ones sitting on the > internet seem to keep getting compromised > > > > Any idea why this could still be occurring? My ASSumption is that the > latest release cures the exploit from happening again but I'm confused why > this keeps reoccurring? > > > > Thanks > > > > TJ > > -- > > AF mailing list > > [email protected] > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
