On last of couple weeks back, one of my customer whose using MikroTik got attacked with Winbox vulnerability. This causes some firewall rules became disable somehow and lead into several incidents reported. Nevertheless i did quick observation and found a script sitting on and forcefully export some setting to unknown place.

Therefore i delete the script as well as the API and allowed internal connection only for accessing Winbox. Last but not least upgrade ROS might also best practice action if you are not sure on what’s going on by using obsolete version of ROS.

Below script i have used just to make upgrade will be starting automatically whenever there is new release coming.

/system package update
check-for-updates once
:delay 10s;
:if ( [get status] = “New version is available”) do={ install; };

Please take note by using above script you agree for taking your own risk.

Hope this useful.