Yeah, 6.40.8 bugfix only got patched, but that doesn’t mean anything with a higher rev than 6.40.8 was patched. 6.42 probably pre-dated the patch. I forget which current or beta FW got the fix.
Assume they grabbed your admin password. Also look for accounts they may have added. From: AF <[email protected]> On Behalf Of Josh Luthman Sent: Tuesday, September 25, 2018 3:37 PM To: AnimalFarm Microwave Users Group <[email protected]> Subject: Re: [AFMUG] Mikrotiks exploited on latest firmware? 6.42 has some known exploits. Not sure if 6.43 does...yet... Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Sep 25, 2018 at 4:20 PM, TJ Trout <[email protected] <mailto:[email protected]> > wrote: These are mostly customer routers on old firmware ~v5-v6, they are on the latest stable/current which I thought cured the exploit, the stuff I am seeing is usually socks or webproxy enabled for reflection attacks or smtp spam. I restored the configs back to virgin and they got back in again somehow, I'm going to see if somehow any of the above recommendations were the cause... On Tue, Sep 25, 2018 at 1:13 PM Jon Langeler <[email protected] <mailto:[email protected]> > wrote: >From what version to what versions? Jon Langeler Michwave Technologies, Inc. > On Sep 25, 2018, at 3:52 PM, TJ Trout <[email protected] > <mailto:[email protected]> > wrote: > > I had many mikrotiks exploited, we cleaned them up and disabled all services > except winbox and http, updated to the latest firmware and changed passwords. > > Most have input firewall and are unaffected but the ones sitting on the > internet seem to keep getting compromised > > Any idea why this could still be occurring? My ASSumption is that the latest > release cures the exploit from happening again but I'm confused why this > keeps reoccurring? > > Thanks > > TJ > -- > AF mailing list > [email protected] <mailto:[email protected]> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] <mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] <mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
