Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Urgent need HELP ada yang sekalu mau login ke microtik gue pls help

    dear all master

    beberapa hari ini wa liat log selalu muncul spt ini :

    aug/27/2007 21:27:12 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:14 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:16 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:19 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:26 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:29 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:36 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 22:25:38 system,error,critical login failure for user admin via winbox
    Terminal vt102 detected, using multiline input mode
    [admin@MikroTik] > log
    [admin@MikroTik] log> pr
    aug/27 21:25:38 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27 21:25:40 system,error,critical login failure for user danny from 202.133.251.253 via ssh
    aug/27 21:25:42 system,error,critical login failure for user sharon from 202.133.251.253 via ssh
    aug/27 21:25:43 system,error,critical login failure for user aron from 202.133.251.253 via ssh
    aug/27 21:25:44 system,error,critical login failure for user alex from 202.133.251.253 via ssh
    aug/27 21:25:46 system,error,critical login failure for user brett from 202.133.251.253 via ssh
    aug/27 21:25:48 system,error,critical login failure for user mike from 202.133.251.253 via ssh
    aug/27 21:25:50 system,error,critical login failure for user alan from 202.133.251.253 via ssh
    aug/27 21:25:55 system,error,critical login failure for user data from 202.133.251.253 via ssh
    aug/27 21:26:02 system,error,critical login failure for user www-data from 202.133.251.253 via
    ssh
    aug/27 21:26:06 system,error,critical login failure for user http from 202.133.251.253 via ssh
    aug/27 21:26:09 system,error,critical login failure for user httpd from 202.133.251.253 via ssh
    aug/27 21:26:14 system,error,critical login failure for user nobody from 202.133.251.253 via ssh
    aug/27 21:26:15 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27 21:26:17 system,error,critical login failure for user backup from 202.133.251.253 via ssh
    aug/27 21:26:19 system,error,critical login failure for user info from 202.133.251.253 via ssh
    aug/27 21:26:20 system,error,critical login failure for user shop from 202.133.251.253 via ssh
    aug/27 21:26:23 system,error,critical login failure for user sales from 202.133.251.253 via ssh
    aug/27 21:26:26 system,error,critical login failure for user web from 202.133.251.253 via ssh
    aug/27 21:26:27 system,error,critical login failure for user www from 202.133.251.253 via ssh
    aug/27 21:26:29 system,error,critical login failure for user wwwrun from 202.133.251.253 via ssh
    aug/27 21:26:31 system,error,critical login failure for user adam from 202.133.251.253 via ssh



    gmn cara ngatasi hal tsb

  2. #2
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    matiin SSH dari IP->Service..

    trus dari FIrewall. matiin akses ke Router yg melalui SSH, Winbox, Telnet, Webbox...jadi hanya bisa dari interface lokal saja...

  3. #3
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    itu harus diblok di firewallnya... ini firewall gue. ssh/telnet/ftp mikrotik gue masih bisa diakses oleh ip ip tertentu dari luar (ex. admin provider, kalo gue mo remote dari luar).

    2 ;;; block ftp,ssh,telnet except from addresslist.
    chain=input protocol=tcp dst-port=21-23 src-address-list=!znossh
    action=drop

    nanti di addresslist tambahin ip ato ip/subnet yg bisa dan boleh akses ke mikrotik kamu

    setelah gue pake rule ini log system gue bersih dari tulisan merah2.

  4. #4
    Status
    Offline
    ree_bood's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    47
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xxx123 Click here to enlarge
    dear all master

    beberapa hari ini wa liat log selalu muncul spt ini :

    aug/27/2007 21:27:12 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:14 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:16 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:19 system,error,critical login failure for user root from 202.133.251.253 via ssh
    aug/27/2007 21:27:26 system,error,critical login failure for user root from 202.133.251.253 via ssh


    gmn cara ngatasi hal tsb
    sama bosss...
    Code:
    aug/21/2007 22:05:58 system,error,critical login failure for user webmaster from 202.159.19.138 via ssh
    aug/21/2007 22:05:59 system,error,critical login failure for user user from 202.159.19.138 via ssh
    aug/21/2007 22:06:04 system,error,critical login failure for user username from 202.159.19.138 via ssh
    aug/21/2007 22:06:05 system,error,critical login failure for user username from 202.159.19.138 via ssh
    aug/21/2007 22:06:12 system,error,critical login failure for user user from 202.159.19.138 via ssh
    aug/21/2007 22:06:13 system,error,critical login failure for user root from 202.159.19.138 via ssh
    aug/21/2007 22:06:13 system,error,critical login failure for user admin from 202.159.19.138 via ssh
    cuba tak whois ternyata masuk ke network nya indoNet

    pa gara2 make MK bajakan trus dari pembajaknya sono ditanemi backdoor ya...
    Click here to enlarge

  5. #5
    Status
    Offline
    Harno's Avatar
    Baru Gabung
    Join Date
    Aug 2007
    Location
    Alas Roban
    Posts
    15
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ato ganti port ssh nya...

  6. #6
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    itu harus diblok di firewallnya... ini firewall gue. ssh/telnet/ftp mikrotik gue masih bisa diakses oleh ip ip tertentu dari luar (ex. admin provider, kalo gue mo remote dari luar).

    2 ;;; block ftp,ssh,telnet except from addresslist.
    chain=input protocol=tcp dst-port=21-23 src-address-list=!znossh
    action=drop

    nanti di addresslist tambahin ip ato ip/subnet yg bisa dan boleh akses ke mikrotik kamu

    setelah gue pake rule ini log system gue bersih dari tulisan merah2.
    kk caranya ngeblok gmn

    pls donk


    newbie berat nih

  7. #7
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    pake ini sudah ?

    /ip service set ssh address=network.local.punya.kita

  8. #8
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yahh itu kan udah gue ajarin.... tinggal masukin rulenya paling atas sendiri.... (di firewall)

    terus masukin semua ip adress ato ip dan subnetnya yang boleh masuk ke mikrotik kamu ke address-list (pakai nama znossh)

    kalo pengin gampang pake winbox.... terus add rule baru, masukin sesuai rule di atas, jangan lupa address-list tambahin kaya gini: (ini gue lewat console)
    add list=znossh address=192.168.1.0/24 comment="allow remote login dari LAN" disabled=no
    add list=znossh address=220.247.168.0/25 comment="allow remote login dari ISP" disabled=no
    add list=znossh address=192.111.111.150 comment="allow remote login dari speedy" disabled=no

    itu address list sekedar contoh jangan asal diterima mentah2 di kopiin ke mikrotik kamu.
    Last edited by okto_2005; 29-08-2007 at 06:04.

  9. #9
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    pake ini sudah ?

    /ip service set ssh address=network.local.punya.kita
    yang ini ga bisa jdnya gini :

    [admin@MikroTik] ip service> add list address=192.168.0.0/24
    no such command or directory (add)
    [admin@MikroTik] ip service> ip service set ssh address=192.168.0.0/24
    no such command or directory (ip)


    kalo pengin gampang pake winbox.... terus add rule baru, masukin sesuai rule di atas, jangan lupa address-list tambahin kaya gini: (ini gue lewat console)
    add list=znossh address=192.168.1.0/24 comment="allow remote login dari LAN" disabled=no
    add list=znossh address=220.247.168.0/25 comment="allow remote login dari ISP" disabled=no
    add list=znossh address=192.111.111.150 comment="allow remote login dari speedy" disabled=no[/QUOTE]


    yang ini jg kok ga bisa ya??

    gmn om pls ajarin

 

 

Thread Information

Users Browsing this Thread

There are currently 5 users browsing this thread. (0 members and 5 guests)

Similar Threads

  1. [help]script buat block ip yang coba2 login
    By vitamin-c in forum Scripting @ Mikrotik
    Replies: 44
    Last Post: 23-06-2014, 10:16
  2. Ask Modem Cabel in Mikrotik, Urgent Required!!
    By HolyShied in forum Beginner Basics
    Replies: 34
    Last Post: 24-02-2008, 13:04
  3. Replies: 1
    Last Post: 28-08-2007, 02:18
  4. Bagaimana Setting Mirc Di Microtik
    By aa_uwan in forum Beginner Basics
    Replies: 16
    Last Post: 14-08-2007, 18:04

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •