0

I am pretty new in this, and I am working on a home automation project where my Pi should be accessed from the outside world and some slave Arduinos should perform tasks like monitoring the environment and turning devices on and off. A couple of weeks ago I installed Django with Apache server on my Raspberry Pi, and forwarded the RPIs local IP address to the http port. In this way, I can access the Django server from the outside world by simply typing my home's IP adress on a web browser. I've been sporadically testing this and there has not beed a single time where I couldn't access the Django server :-)

The thing is that today I wanted to SSH my Pi, and when I introduced the password I got "SSH: Permission denied, please try again" together with sometimes "Permission denied (publickey password). Hell, I have not changed the password! Anyway, I booted to single user mode and changed the password. When I totally relieved tried to log in again....damn! I got the same message!

When I then boot the RPi normally, I see how, in the process, inmediately after stating:

zmap is already the newest version.
0 upgraded, 0 newly installed, 0 to remove 1 not upgraded-

The following never ending process starts:

Oct 20 17:54:20.561 [INFO] zmap: output module: csv

enter image description here

But the process gets interrupted by telling me that some hosts have permanently been added? Is my little computer being hacked?

enter image description here

Then the process starts over and over, sometimes reaching 100%, but even though starting again. I even get a message from some NCDev/PLUR stating:

WELCOME TO NCDEV.
This is a secured computer network and only authorized users are allowed.
If you are not an authorized user please disconnect inmediately.

Note that all connections/IP addresses are subject to review by the system administrator and your connection to this network may result in your connection being probed to maintain the security of this network.

Before I format and reebot my RPi I wanted to ask you guys, if there's anyone that knows what is going on here.

Ivy
  • 29
  • 7
  • To the person that gave me a negative point: I would really much appreciate an explanation. I have tried to explain my issue as well as I could.... – Ivy Oct 21 '17 at 05:19

1 Answers1

1

What was going on is that I was being hacked: http://www.zdnet.com/article/linux-malware-enslaves-raspberry-pi-to-mine-cryptocurrency/

Never keep your default password!

Ivy
  • 29
  • 7
  • It takes a lot more than changing the default password to properly secure an internet accessible computer of any type. I suggest you strongly reconsider your skills and your project idea. Have you considered what else may have been done to the rest of your network? What about your main PC which you use to shop online etc. – Steve Robillard Oct 21 '17 at 13:36
  • @SteveRobillard thanks for the advice. Well my skills are aweful, but is there a way you could give me some advice on how to secure my network beyond? My skills are bad, but that should not stop me from learning instead of abandoning my project :-) – Ivy Oct 21 '17 at 14:23
  • I would start here https://raspberrypi.stackexchange.com/questions/1247/what-should-be-done-to-secure-raspberry-pi/1250#1250 and do a lot of reading. I am not suggesting you give up your project, but a successful project needs to be within your skill set, which at the moment this does not appear to be. Have you considered only accessing django from within your LAN or using a webhost to access django outside your LAN? I would also consider auditing your network and every device connected to it for further compromises. – Steve Robillard Oct 21 '17 at 14:38