Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Highlighted
New Member
Posts: 2
Registered: ‎01-14-2019
Accepted Solution

spaming virus

Hi. We have some trouble with AirMax units which have a public IPs. Firmware was downgraded from 6.1.8 to 6.0.4 and then these units started to send spam. There is no way to upgrade firmware back to 6.1.8 or the new one 6.1.9 because of eula field is empty and the confirmation button missing.

 

Is there any way to fix this problem? Its about hunderds customer units and its impossible for us to visit each of them personally and reset it to default.


Accepted Solutions
Ubiquiti Employee
Posts: 12,186
Registered: ‎11-27-2012
Kudos: 3898
Solutions: 797
Contributions: 73

Re: spaming virus

I'm sending you an email @velkypsikoule.

 

I suspect that you have at least one unit that wasn't updated and shared the same user/password as updated units.  It just takes one unit.

 

Make sure not to reuse the same admin password, or even better, restrict access to your user management Interfaces.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

View solution in original post


All Replies
Veteran Member
Posts: 5,152
Registered: ‎03-02-2015
Kudos: 1032
Solutions: 239

Re: spaming virus

[ Edited ]

older fw 6.0.4 is vulnerable to remote flashing with unsigned fw, so why you flashed it in first place?

this happens with weak username/pw and management interface exposed with public IPs.


Are they monitored by Aircontrol2.1?
do you still have WebGUI or ssh access to these devices?
How many radios we're talking about?
100 ?

===================================================
We all work for KUDOs here.
Thx
New Member
Posts: 2
Registered: ‎01-14-2019

Re: spaming virus

Web server is still running, I can open web interface but all other ports like ssh, telnet are blocked. It flashed to 6.0.4 itself. Its around 150 devices

Veteran Member
Posts: 5,152
Registered: ‎03-02-2015
Kudos: 1032
Solutions: 239

Re: spaming virus

seems like you were hijacked.
I guess you had a weaker password and same pw on each device?
confirm that ssh is disabled or just port changed?
===================================================
We all work for KUDOs here.
Thx
Ubiquiti Employee
Posts: 11,657
Registered: ‎04-14-2017
Kudos: 2188
Solutions: 335

Re: spaming virus

@UBNT-James can you take this one please?
Ubiquiti Employee
Posts: 12,186
Registered: ‎11-27-2012
Kudos: 3898
Solutions: 797
Contributions: 73

Re: spaming virus

I'm sending you an email @velkypsikoule.

 

I suspect that you have at least one unit that wasn't updated and shared the same user/password as updated units.  It just takes one unit.

 

Make sure not to reuse the same admin password, or even better, restrict access to your user management Interfaces.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!