Solving the “router was rebooted without proper shutdown” error in MikroTik

They asked to find out somehow the reason for the frequent reboot of the MikroTik router.
When logging in the device, an error was constantly displayed in the logs:

router was rebooted without proper shutdown

The variant that the problem in the power supply unit is doubtful, therefore, I began to look after looking primarily at the resources in System – Resources and noticed that the processor is 90 – 100% loaded.

system resource print

Alternatively, more detailed logs could also be included in System – Logging.

I looked in the IP – Firewall and saw that all the standard rules were turned off, the IP on the router was external static, which means that SSH, telnet, etc. ports are visible to everyone and a password guess attack is possible.

Added a rule at the top allowing you to connect to the web via port 80 from the outside, so that it doesn’t disconnect me, since it was configured remotely.
See also my article – Configuring Remote Access in Mikrotik Routers
Set up standard rules:

add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
 
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid

In IP – Services, you can also specify for certain services from which IP addresses access is allowed. For example, to connect to the web it was possible from only one IP, specify for “www” in “Available From” for example 192.168.50.5/32.

After applying the rules and rebooting, the problem was resolved, the router itself stopped rebooting and the processor load was about ~ 10%. I note that attacks against the external IP addresses are always performed by selecting a password from at least viruses, especially to the standard ports telnet, ssh, ftp.