oh yea.. when they are hacked they get all the acct passwords so you would need to change your current admin password as well.
On Tue, Sep 25, 2018 at 4:38 PM Louis Arsenault <[email protected]> wrote: > Check [System --> Users] for any unknown accounts. > > On Tue, Sep 25, 2018 at 4:22 PM TJ Trout <[email protected]> wrote: > >> These are mostly customer routers on old firmware ~v5-v6, they are on the >> latest stable/current which I thought cured the exploit, the stuff I am >> seeing is usually socks or webproxy enabled for reflection attacks or smtp >> spam. >> >> I restored the configs back to virgin and they got back in again somehow, >> I'm going to see if somehow any of the above recommendations were the >> cause... >> >> On Tue, Sep 25, 2018 at 1:13 PM Jon Langeler <[email protected]> >> wrote: >> >>> From what version to what versions? >>> >>> Jon Langeler >>> Michwave Technologies, Inc. >>> >>> >>> > On Sep 25, 2018, at 3:52 PM, TJ Trout <[email protected]> wrote: >>> > >>> > I had many mikrotiks exploited, we cleaned them up and disabled all >>> services except winbox and http, updated to the latest firmware and changed >>> passwords. >>> > >>> > Most have input firewall and are unaffected but the ones sitting on >>> the internet seem to keep getting compromised >>> > >>> > Any idea why this could still be occurring? My ASSumption is that the >>> latest release cures the exploit from happening again but I'm confused why >>> this keeps reoccurring? >>> > >>> > Thanks >>> > >>> > TJ >>> > -- >>> > AF mailing list >>> > [email protected] >>> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > > -- > -Louis > > NTInet > O: 803-533-1660 X 207 > C: 803-997-0004 > -- -Louis NTInet O: 803-533-1660 X 207 C: 803-997-0004
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
