I have received complaints from my IPS that my IP address is trying to connect to a remote site and is not good
here is the reported problem
Mar 28 18:25:27 m2 sshd[6057]: Invalid user pi from (my IP removed from view)
Mar 28 18:25:27 m2 sshd[6055]: Invalid user pi from (my IP removed from view)
Mar 28 18:25:29 m2 sshd[6055]: Failed password for invalid user pi from (my IP removed from view) port 42516 ssh2
Mar 28 18:25:29 m2 sshd[6057]: Failed password for invalid user pi from (my IP removed from view) port 42518 ssh2
I have a fairly new update from Octoprint on my Pi (like about 4 weeks ago)
I have remove power from the Pi until I can correct this problem
any help ???
If you were notified of something connecting out, this is most likely a compromised computer. It could be your desktop, laptop, or octoprint instance.
If you have a raspberry pi, and you opened it up for remote access, I am guessing you set it in the DMZ or opened up port 22 (SSH).
I am also guessing you never changed the SSH password, so anyone could have gotten in, and now connecting out.
The things I would start with:
- Did you open up any ports, or set up any computer in the DMZ?
- If not, then you probably have an infected computer with malware or a virus. Run an anivirus and malware scanner on ALL computers.
- If you did open up ports or the DMZ, I would strongly suggest closing them until you figure out what is going on.
- This may not be directly related to octoprint, even though your ISP is saying it is connecting as the user pi.
- If this is your raspberry pi, I would strongly suggest copying any settings, and setting up a newly installed instance. And do not forget to change your SSH password.
In any case do not use passwords for SSH on a publicly reachable machine (be it desktop or RPI). Use keyfiles instead. Disable the use of passwords over SSH.
1 Like