Property of Cat_attack18

My octoprint web interface is red and write Property of Cat_attack18
Can enybody help how can back to the green Web interface?

Do you have your OctoPrint instance accessible through the internet? It sounds like someone “hacked” or “p0wned” your OctoPrint. This means they have (had) fairly unlimited access to your printer, and could potentially set your house on fire. I wish I were kidding.

Forget about making the interface “green” again. Start over, and never, ever expose your OctoPrint directly over the internet.

1 Like

Hello,

I disconnected port octoprint 5000 from internet. Color red not changed green.
What can i do to have green octoprint web interface?

fieldOfView via OctoPrint Community Forum <noreply@community.octoprint.org> ezt írta (időpont: 2020. jún. 13., Szo 23:28):

You are missing my point.

Someone from the internet has had access to your OctoPrint installation in such a way that they could change the configuration. If they could do that, they could also install other software on your raspberry pi. With other software installed on your raspberry pi, they could still have access to it via a backdoor, even if you disconnect port 5000 and change the passwords on your raspberry pi. If they have access to your raspberry pi on your local network, they could take their time to see if there are other computers on your network that they can access and hack into. If that sounds scary, it should. I don't know if this is happening right now, but you cannot be sure it is not. You don't know what else they changed other than the color of the interface!

Please pull the SD card from the raspberry pi, and start with a fresh copy of OctoPi. Change the passwords to something else than what you used before. If you used those same passwords somewhere else, get new passwords there too. And, for the love of god, never ever have your OctoPrint installation directly accessible through the internet again!

2 Likes

Realy so Hard?
I see at logs:
octoprint.plugins.discovery - INFO - Registered OctoPrint instance "Property of Cat_attack18" for SSDP
In this case how can I deregister?

As @fieldOfView suggested: Your SD card is infected and mostly recommended is to start anew. I even would use the card anymore, the chances that your PC gets infected is too high.

Hello
I had found the proble.
The new update had changed in ~/.octoprint/config.yaml
This Was:

appearance:
appearance:
color: red
name: Property of Cat_attack18
I had changed :

appearance:
color: green
name: Octoprint

Aftre reboot my Octoprint is Original Green.

I have to chime in even though I can't say something new.

@Bela_Szautner, have you really read what @fieldOfView and @Ewald_Ikemann have written?

If you are not positively sure you yourself have something done to put "Property of Cat_attack18" willingly into config.yaml, discarding the sd-card is the only prudent action to do. No backup and restore. Simply throw the sd-card into the trash.

I would go even further. Get an up-to-date live-cd/dvd with virus-scan / root-kit detection software from someone else and test all other computers on the same network. Factory reset for all appliances like router and so on, at best reflash them.

This is the absolute minimum to do if you are valuing the safety of your home-network.

Maybe this looks more like the maximum than the minimum to you, but there is much more that can be compromised by an sophisticated intruder. Every single computer is really an amalgamation of multiple sub-computer with flashable firmware. Every usb-controller, sd-card, hd, ssd has small cpu with own firmware which can be compromised.

I remember a few years ago someone had reflashed the firmware of a sata-hd with a tiny linux which had analyzed the stream of sata commands and the filesystem on the disk to deliver a different /etc/shadow for a login process vs other accesses.

3 Likes

No, you really, really have not.

3 Likes

Just we had new installed octoprint, after that come the problem. I had read all off messages and every day serch informatoin from others also.

All of them working. With good speed I checkt vir scanner i no any issue have closed the port. I have other aplication on a same pi. I have vpn and virus chack on my router and have dns filter olso. I voundered in this situation anybody can hack a router and pi.
This is just a name of web interface. For a changing a name must not push the sd into the trash. Cost and waste lot of time and lot of work.

I had chacked all of internet logs speed on my router, no any network issue. Thanks for yours support.

For anyone reading this thread, please don't be like OP, don't put OctoPrint on the public facing internet (and if you do investigate VPNs, reverse proxies and proper firewalling, a port forward is NOT SAFE) and if you find evidence of tampering by a stranger do the responsible and sensible thing and nuke everything from orbit by reflashing.

2 Likes