From 1c989ecb5e3e74b5c676f8a1284f2db8ab936e59 Mon Sep 17 00:00:00 2001
From: Mikhail Grebenkin <mix@m14xa.ru>
Date: Sun, 5 Aug 2018 12:36:44 +0300
Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=B5=D1=80=D0=B2=D1=8B=D0=B9=20=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=BC=D0=BC=D0=B8=D1=82=20+=20=D0=B4=D0=BE=D0=B1=D0=B0?=
 =?UTF-8?q?=D0=B2=D0=B8=D0=BB=20=D1=81=D0=BA=D1=80=D0=B8=D0=BF=D1=82=20?=
 =?UTF-8?q?=D0=B4=D0=BB=D1=8F=20=D0=BF=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BA?=
 =?UTF-8?q?=D0=B8=20=D0=BC=D0=B8=D0=BA=D1=80=D0=BE=D1=82=D0=B0=20=D0=BD?=
 =?UTF-8?q?=D0=B0=20=D1=83=D1=8F=D0=B7=D0=B2=D0=B8=D0=BC=D0=BE=D1=81=D1=82?=
 =?UTF-8?q?=D1=8C=20winbox?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                     | 0
 check_mikrotik_socks.mikrotik | 5 +++++
 2 files changed, 5 insertions(+)
 create mode 100644 README.md
 create mode 100644 check_mikrotik_socks.mikrotik

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/check_mikrotik_socks.mikrotik b/check_mikrotik_socks.mikrotik
new file mode 100644
index 0000000..25726bb
--- /dev/null
+++ b/check_mikrotik_socks.mikrotik
@@ -0,0 +1,5 @@
+:if ([/ip socks get port] = 1080) do={:log info "Socks port is still Default."} else={:log info "Socks Port changed Possible infection!"}
+:if ([/ip socks get enabled] = false) do={:log info "Socks is not on."} else={:log info "Socks is enabled... that could be bad!"}
+:if ([:len [/file find name="mikrotik.php"]] > 0) do={:log info "!!!mikrotik.php!!! File Detected!"} else={:log info "mikrotik.php not found."}
+:if ([:len [/file find name="Mikrotik.php"]] > 0) do={:log info "!!!Mikrotik.php!!! File Detected!"} else={:log info "Mikrotik.php not found."}
+:if ([:len [/user find name="service"]] > 0) do={:log info "!!!YOU WERE BREACHED!!!"} else={:log info "No sign of the service user."}