[ bmarkovic06 @ 06.08.2018. 20:47 ] @
Hello,

It has come to our attention that a rogue botnet is currently using a vulnerability in the RouterOS Winbox service, that was patched in RouterOS v6.42.1 in April 23, 2018.

Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the "Check for updates" button, if you haven't done so already.

Steps to be taken:

- Upgrade RouterOS to the latest release
- Change your password after upgrading
- Restore your configuration and inspect it for unknown settings
- Implement a good firewall according to the article here:

https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable. Is your device affected? If you have open Winbox access to untrusted networks and are running one of the affected versions: yes, you could be affected. Follow advice above. If Winbox is not available to internet, you might be safe, but upgrade still recommended.

More information about the issue can be found here: https://blog.mikrotik.com

Best regards,
MikroTik
[ valjan @ 07.08.2018. 06:02 ] @
To je samo ponovljeno obaveštenje, jer se mnogi još uvek nisu ažurirali...
[ bmarkovic06 @ 07.08.2018. 06:10 ] @
Prethodno se odnosilo do verzije 6.41.2 a sada do 6.42 ili se varam.

[Ovu poruku je menjao bmarkovic06 dana 07.08.2018. u 09:29 GMT+1]
[ npero @ 08.08.2018. 12:33 ] @
Samo ponovljeno obavestenje posto su masovno poceli da hackuju koristeci taj exploit, bas masovno posto sve koje sam video ispod 6.42.1 da imaju spoljnu adresu su hakovani.

Samo proveris da li u files imas mikrotik.php ako imas hakovan je, potreban je update, iz schedulera i iz scrits obrisati kao i diseblovati socks, naravno uz promenu passworda.