I run several printers at my place of employment, and one of my main printers is a Creality CR10S Max that I have a Raspberry Pi 4b 4GB connected to running the latest version of Octoprint. This morning I woke up to check in on a 54 hour print that I started on Friday before I left work, and noticed via the webcam stream that the print was terribly blobbed - still printing, but the head was moving horribly slow around curves and the quality was just atrocious. So I jumped into another Chrome tab and tried to open the Octoprint interface and got the error page stating that the server wasn't available... So I SSH in, I verify everything that the error page asks me to through command line - the service is running with no issues from what I can see. I check the log file and see a whole lot of lines from Tornado.Access "GET" for about a 5 minute period of time this morning from 8:12AM through 8:17AM. I think it only stopped when the web server crashed.
A reboot of the service corrected the issue, I am not concerned about the PI as everything seems normal again. What I would like to know is - does this look like a DDOS attack of some kind? The items Tornado.Access appears to be requesting are odd... things like credit cards and passwd, and some gibberish that didn't make any sense to me. Based on this log file I am curious it looks as though anything might have been compromised?[octoprint (1).log|attachment]
Here is the log file I pulled, showing the lead up to and the post-restart conditions.
octoprint (1).log (1015.9 KB)
My setup is as follows:
Raspberry Pi 4B 4GB Ram
Creality CR10S Max 3D printer
Running in a corporate environment - static IP internally, has access to internet
Any help with this would be amazing! As I am running this box inside of a corporate network, I have to be very concerned about any kind of network threat that could compromise our site network security. If anyone can recommend any suggestions for further protecting my Octoprint instances here I would love to know about them! Thank you for your assistance in advance!
I also want to mention that I do not have ports open to access this Pi remotely. I have to login to my corporate network through VPN and access through the browser from inside the network. My company has most of our ports blocked through hardware firewalls, Palo Alto hardware and such. Very difficult to get through unless you have access to the internal network. You can see in the attached picture here right where the "attack" started.