Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    help: somebody will hack my router??

    k nanya donk kok sepetinya ada yang mau masuk ke router mikrotik saya terus ya ??




    log printnya :
    (54 messages not shown)
    nov/03/2007 13:48:17 system,error,critical login failure for user test from 200.
    226.124.15 via ssh
    nov/03/2007 17:15:30 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 17:15:37 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 17:15:47 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 19:25:54 system,error,critical login failure for user admin from 202
    .149.88.250 via winbox
    nov/03/2007 23:11:47 system,error,critical login failure for user test from 202.
    113.25.22 via ssh
    nov/04/2007 00:57:56 system,error,critical login failure for user admin via winb
    ox
    nov/04/2007 01:26:33 system,error,critical login failure for user admin via winb
    ox
    Terminal vt102 detected, using multiline input mode
    [admin@yahuu.net] > log
    [admin@yahuu.net] log> pr
    nov/03 04:51:15 system,info simple queue changed by admin
    nov/03 04:51:47 system,info,account user admin logged out via winbox
    nov/03 07:17:11 system,error,critical login failure for user test from
    61.152.245.15 via ssh
    nov/03 07:17:19 system,error,critical login failure for user guest from
    61.152.245.15 via ssh
    nov/03 07:17:24 system,error,critical login failure for user admin from
    61.152.245.15 via ssh
    nov/03 07:17:29 system,error,critical login failure for user admin from
    61.152.245.15 via ssh
    nov/03 07:17:34 system,error,critical login failure for user user from
    61.152.245.15 via ssh
    nov/03 07:17:39 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:44 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:49 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:54 system,error,critical login failure for user test from
    61.152.245.15 via ssh

  2. #2
    Status
    Offline
    dr.on's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    41
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah gawat tuh........

    sebaiknya untuk service telnet dan web untuk menejemennya dimatikan, klo udah ketauan gitu mending di reject aja ip tersebut.
    Click here to enlargeClick here to enlarge

  3. #3
    Status
    Offline
    t3rm's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Posts
    665
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xxx123 Click here to enlarge
    k nanya donk kok sepetinya ada yang mau masuk ke router mikrotik saya terus ya ??




    log printnya :
    (54 messages not shown)
    nov/03/2007 13:48:17 system,error,critical login failure for user test from 200.
    226.124.15 via ssh
    nov/03/2007 17:15:30 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 17:15:37 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 17:15:47 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 19:25:54 system,error,critical login failure for user admin from 202
    .149.88.250 via winbox
    nov/03/2007 23:11:47 system,error,critical login failure for user test from 202.
    113.25.22 via ssh
    nov/04/2007 00:57:56 system,error,critical login failure for user admin via winb
    ox
    nov/04/2007 01:26:33 system,error,critical login failure for user admin via winb
    ox
    Terminal vt102 detected, using multiline input mode
    [admin@yahuu.net] > log
    [admin@yahuu.net] log> pr
    nov/03 04:51:15 system,info simple queue changed by admin
    nov/03 04:51:47 system,info,account user admin logged out via winbox
    nov/03 07:17:11 system,error,critical login failure for user test from
    61.152.245.15 via ssh
    nov/03 07:17:19 system,error,critical login failure for user guest from
    61.152.245.15 via ssh
    nov/03 07:17:24 system,error,critical login failure for user admin from
    61.152.245.15 via ssh
    nov/03 07:17:29 system,error,critical login failure for user admin from
    61.152.245.15 via ssh
    nov/03 07:17:34 system,error,critical login failure for user user from
    61.152.245.15 via ssh
    nov/03 07:17:39 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:44 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:49 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:54 system,error,critical login failure for user test from
    61.152.245.15 via ssh
    Ganti port SSH nya jangan di port 22
    Pada setting servicenya diliat dan diganti.

    Gue juga ngalamin gini sama ISP Melsakabel gue di bandung.
    Parah banget dah, kalau pake speedy masih mendingan.
    Click here to enlarge

  4. #4
    Status
    Offline
    lini's Avatar
    Forum Guru
    Join Date
    Sep 2007
    Location
    Karawaci
    Posts
    1,961
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by xxx123 Click here to enlarge
    k nanya donk kok sepetinya ada yang mau masuk ke router mikrotik saya terus ya ??




    log printnya :
    (54 messages not shown)
    nov/03/2007 13:48:17 system,error,critical login failure for user test from 200.
    226.124.15 via ssh
    nov/03/2007 17:15:30 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 17:15:37 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 17:15:47 system,error,critical login failure for user root from 195.
    234.88.82 via ssh
    nov/03/2007 19:25:54 system,error,critical login failure for user admin from 202
    .149.88.250 via winbox
    nov/03/2007 23:11:47 system,error,critical login failure for user test from 202.
    113.25.22 via ssh
    nov/04/2007 00:57:56 system,error,critical login failure for user admin via winb
    ox
    nov/04/2007 01:26:33 system,error,critical login failure for user admin via winb
    ox
    Terminal vt102 detected, using multiline input mode
    [admin@yahuu.net] > log
    [admin@yahuu.net] log> pr
    nov/03 04:51:15 system,info simple queue changed by admin
    nov/03 04:51:47 system,info,account user admin logged out via winbox
    nov/03 07:17:11 system,error,critical login failure for user test from
    61.152.245.15 via ssh
    nov/03 07:17:19 system,error,critical login failure for user guest from
    61.152.245.15 via ssh
    nov/03 07:17:24 system,error,critical login failure for user admin from
    61.152.245.15 via ssh
    nov/03 07:17:29 system,error,critical login failure for user admin from
    61.152.245.15 via ssh
    nov/03 07:17:34 system,error,critical login failure for user user from
    61.152.245.15 via ssh
    nov/03 07:17:39 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:44 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:49 system,error,critical login failure for user root from
    61.152.245.15 via ssh
    nov/03 07:17:54 system,error,critical login failure for user test from
    61.152.245.15 via ssh
    kalo gak kepake services yang gak diperlukan didisable aja di bagian ip->services

    ato diganti dari port standar ke yang lain.

  5. The Following User Says Thank You to lini For This Useful Post:


  6. #5
    Status
    Offline
    diki's Avatar
    Baru Gabung
    Join Date
    Oct 2007
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Smile

    Kalo saya sih saya buat address list ip yg bisa msuk ke mikrotik terus yg lainnya saya reject

  7. #6
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    terima kasih wat bantuan kk2 sekalian

    mohonsaya di ajari donk caranya :
    1. kalo gak kepake services yang gak diperlukan didisable aja di bagian IP->services

    2. Ganti port SSH nya jangan di port 22 Pada setting servicenya diliat dan
    'diganti.

    3. sebaiknya untuk service telnet dan web untuk menejemennya dimatikan, klo udah ketauan gitu mending di reject aja ip tersebut.


    saya tidak tau gmn caranya itu semua

    moho tuznya dan bimbingannya

    thx


    regard

  8. #7
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dr.on Click here to enlarge
    wah gawat tuh........

    sebaiknya untuk service telnet dan web untuk menejemennya dimatikan, klo udah ketauan gitu mending di reject aja ip tersebut.
    Click here to enlargeClick here to enlarge

    mohon pencerahan apakah yang di maksud adalah :
    [admin@yahuu.net] ip service> pr
    Flags: X - disabled, I - invalid
    # NAME PORT ADDRESS CERTIFICATE
    0 telnet 23 0.0.0.0/0
    1 ftp 21 0.0.0.0/0
    2 www 80 0.0.0.0/0
    3 ssh 22 0.0.0.0/0
    4 X www-ssl 443 0.0.0.0/0 none
    [admin@yahuu.net] ip service>


    kalo bagian telnet dan www saya matikan terus saya cara nay remote winbox apakah masi bisa ??

  9. #8
    Status
    Offline
    nux
    nux's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    268
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    betul itu bro.
    telnet & www di-disable winbox masih bisa kok, port-nya kan lain.

  10. #9
    Status
    Offline
    devouzter's Avatar
    Newbie
    Join Date
    Oct 2007
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    saya coba bantu yah :
    1. kalo gak kepake services yang gak diperlukan didisable aja di bagian IP->services

    2. Ganti port SSH nya jangan di port 22 Pada setting servicenya diliat dan
    'diganti.

    3. sebaiknya untuk service telnet dan web untuk menejemennya dimatikan, klo udah ketauan gitu mending di reject aja ip tersebut.
    list service :
    Code:
    [admin@Router] > /ip serv pr
    Flags: X - disabled, I - invalid 
     #   NAME                                  PORT  ADDRESS            CERTIFICATE
     0   telnet                                23  0.0.0.0/0         
     1   ftp                                   21  0.0.0.0/0         
     2   www                                   80  0.0.0.0/0         
     3   ssh                                   22  0.0.0.0/0         
     4   www-ssl                               443   0.0.0.0/0          none
    ganti port service :
    0-telnet
    Code:
    [admin@Router] > /ip serv set 0 port=2233
    1-ftp
    Code:
    [admin@Router] > /ip serv set 1 port=2211
    2-web
    Code:
    [admin@Router] > /ip serv set 2 port=8800
    3-ssh
    Code:
    [admin@Router] > /ip serv set 3 port=2222
    trus disable service :
    Code:
    [admin@Router] > /ip serv set 0,1,3,4 disabled=yes
    add ip yang force login ke address list + di block :
    Code:
    [admin@Router] > /ip fire filter add chain=input protocol=tcp dst-port=22 action=drop comment="block ssh brute access" disabled=no 
    [admin@Router] > /ip fire filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh-blacklist address-list-timeout=5d disabled=no
    CMIIW, mudah2an bener, sedikit modifikasi dari website mikrotik.

    semoba membantu deh.

  11. The Following User Says Thank You to devouzter For This Useful Post:


  12. #10
    Status
    Offline
    xxx123's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    [admin@Router] > /ip fire filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh-blacklist address-list-timeout=5d disabled=no
    [/code]

    CMIIW, mudah2an bener, sedikit modifikasi dari website mikrotik.

    semoba membantu deh.[/QUOTE]

    mkasih kk wat infonya

    untuk melakukan blok diatas apakah harus di wajibkan membuat list ip yang akan di blok??

    atau saya langusng kopi paste aja itu ??

    maklum newbie mohon pencerahan

    NB :
    dan tujuannya ip2 txb mau msk ke router wat apa ya??

    regard
    Last edited by xxx123; 05-11-2007 at 10:59.

  13. #11
    Status
    Offline
    devouzter's Avatar
    Newbie
    Join Date
    Oct 2007
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    gini , intinya tuh filternya memblokir akses dari luar dengan ip address yang dimasukkan dalam list-address ssh-blocklist.

    Code:
    [admin@Router] > /ip fire filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh-blacklist address-list-timeout=5d disabled=no
    baris ini akan mengambil src address yang meng-access port 22 di router mikrotik lo, dan akan membuat address list dari src address tersebut dengan nama ssh-blacklist yang otomatis setiap 5 hari sekali akan terhapus dengan sendirinya.

    jadi tidak perlu susah2 untuk memasukkan satu/satu ip address yang -Brute-Force- mikrotik lo. hanya tinggal copy paste ajah.

    kalo tidak jalan tolong beritahu juga, biar dibantu penyelesainnnya.

  14. #12
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sama juga jangan lupa
    user admin sebaiknya diganti jadi read only (atau malah sebaliknya di non aktif kan), dan sebelumnya jangan lupa bikin user baru untuk menggantikan user admin tadi.

  15. #13
    Status
    Offline
    h1r
    h1r's Avatar
    Baru Gabung
    Join Date
    Oct 2007
    Posts
    10
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by devouzter Click here to enlarge
    saya coba bantu yah :


    list service :
    Code:
    [admin@Router] > /ip serv pr
    Flags: X - disabled, I - invalid 
     #   NAME                                  PORT  ADDRESS            CERTIFICATE
     0   telnet                                23  0.0.0.0/0         
     1   ftp                                   21  0.0.0.0/0         
     2   www                                   80  0.0.0.0/0         
     3   ssh                                   22  0.0.0.0/0         
     4   www-ssl                               443   0.0.0.0/0          none
    ganti port service :
    0-telnet
    Code:
    [admin@Router] > /ip serv set 0 port=2233
    1-ftp
    Code:
    [admin@Router] > /ip serv set 1 port=2211
    2-web
    Code:
    [admin@Router] > /ip serv set 2 port=8800
    3-ssh
    Code:
    [admin@Router] > /ip serv set 3 port=2222
    trus disable service :
    Code:
    [admin@Router] > /ip serv set 0,1,3,4 disabled=yes
    add ip yang force login ke address list + di block :
    Code:
    [admin@Router] > /ip fire filter add chain=input protocol=tcp dst-port=22 action=drop comment="block ssh brute access" disabled=no 
    [admin@Router] > /ip fire filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh-blacklist address-list-timeout=5d disabled=no
    CMIIW, mudah2an bener, sedikit modifikasi dari website mikrotik.

    semoba membantu deh.
    saya jg mengalami hal yang sama seperti xxx123 dan setelah saya baca forum ini saya lakukan seperti apa yg telah dijelaskan diatas oleh devouzter dan saya msh punya beberapa pertanyaan yaitu:

    1. jika kita sdh jalankan perintah ini /ip fire filter add chain=input protocol=tcp dst-port=22 action=drop comment="block ssh brute access" disabled=no kenapa port service msh harus diganti?

    2. saya sdh jalankan perintah ini /ip fire filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh-blacklist address-list-timeout=5d disabled=no tetapi di address list kok tidak ada? padahal jika dilihat di filter rules ada paket yg di drop dengan perintah ini /ip fire filter add chain=input protocol=tcp dst-port=22 action=drop comment="block ssh brute access" disabled=no

    mohon bantuan teman2 sekalian krn msh nubi nih Click here to enlarge thx

  16. #14
    Status
    Offline
    scorpion14's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    306
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge wah saya jg sering kena serang gitu tuh,.....

  17. #15
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Wah... aku juga sering, tapi rule yang di wiki.mikrotik jalan semua!!! terblokir kok dan tercatat di LogClick here to enlarge, coba ini dipelajari lebih lanjut

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •