返回列表 發帖

Hacker駭入...

本帖最後由 gfx86674 於 2018-7-23 14:08 編輯

https://www.mobile01.com/topicdetail.php?f=110&t=3205444&p=654#69408707
原本以為是個案,沒想到反應後受害者紛紛跳出,而且我的朋友昨日也遇到了...扯啊


Root帳號並非原本擁有,而是Hacker加上的..

mikrotik.php內存的應該是Hacker安插的指令碼,但似乎沒上傳成功


請注意您的Router有無這些內容,有的話請刪除並持續關注Mikrotik的後續回應

谢谢CHing的信息,我看过我的RotuerOS,没有发现问题。

TOP

本帖最後由 vpnuser 於 2018-7-27 00:41 編輯

thanks for sharing
有沒有方法加強防謢
防止attack 

我PC都wake on lan
一旦router 被攻等於PC被攻了。。。


mikrotik 
https://forum.mikrotik.com/viewtopic.php?f=2&t=135774


For the last few months we have been named as vulnerable, but most of the hacks used one and the same vulnerability that was patched already last year. After that we found out about problem with Winbox that was patched on the same day and versions with patch were released on all RouterOS channels. So in total there were and were fixed two vulnerabilities. Hackers are using them again and again because many users still have not upgraded and/or fixed their configuration.

Regarding this problem in v6.42.3 - we have received few reports about this problem, but seems that simply hacker who used Winbox vulnerability in the past simply stored usernames and passwords and now was able to simply log into your router without hacking.

If you did change usernames and passwords recently while running on the latest RouterOS version and still seems that you have been hacked, then please without any hesitation contact support@mikrotik.com and provide supout file from your router (if possible, then generate file before you reboot router).

TOP

我们注意到,流氓僵尸网络目前正在使用RouterOS Winbox服务中的漏洞,该漏洞在2018年4月23日的RouterOS v6.42.1中进行了修补。
由于所有RouterOS设备只需点击两次即可提供免费升级,如果尚未这样做的话,我们强烈建议您使用“检查更新”按钮升级设备。
采取的步骤:
- 将RouterOS升级到最新版本
- 升级后更改密码
- 恢复配置并检查其未知设置
- 根据这篇文章实现一个好的防火墙:

https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

从6.29(发布日期:2015/28/05)到6.42(发布日期2018/04/20)的所有版本都很容易受到攻击。您的设备受到影响吗?如果您已打开Winbox访问不受信任的网络并运行其中一个受影响的版本:是的,您可能会受到影响。遵循上面的建议。如果Winbox不可用于互联网,您可能会安全,但仍建议升级。
有关该问题的更多信息,请访问:https://blog.mikrotik.com

TOP

本週我有兩個朋友的Router被駭,帳密都被置換無法登入,只能找備份覆蓋還原。
兩人韌體都是最新的6.44,應該是有新漏洞被發現,不是6.42之前的。

各位請小心,尤其是帳號admin還未移除或關閉的。

TOP

我用long-term版v6.43.16 没有发现异常。

TOP

返回列表