Pi3 rebooted by it's own (HACKED)

mitu

@mahcneto It's not downloading anything. Because the previous restart was not a clean one, it checks the files on the card to make sure they're not corrupted. If your sd card is large, it could take a while.

mahcneto

My SD card is 64gb. I recorded this, is this normal? Its taking almost 30 mins so far

mitu

@mahcneto said in Pi3 rebooted by it's own, then started to update something:

My SD card is 64gb. I recorded this, is this normal? Its taking almost 30 mins so far

Based on your video, I'd say your installation has been 'hacked' and your system has a rootkit installed, acting as a SSH brute-force attacker.
Save your ROMs and re-install from scratch. Don't expose the RPI directly into the internet and make sure you change the default password for the pi user.

ClassicGMR

@mitu said in Pi3 rebooted by it's own, then started to update something:

Based on your video, I'd say your installation has been 'hacked' and your system has a rootkit installed,

Wow... didn't even know this was a "thing" outside Windows or some Mac viruses. Good to know.

mahcneto

it seems that i'm screwed? I tried accesing from FTP and my password has been changed. Is there any other way to backup my ROMs and Ports section & configs? this seems like a real pain in the ass, I can't belive there're peeps doing this, why for anyways, this sucks :/

Fruitybit

@mahcneto Did you open up ports on your router to the Pi, or just no firewall? I ask as I use the Kodi port as my media server around the home, but it doesn’t have any extra access to the Internet other than when it needs to update the library, so I leave the Ethernet cable plugged in all the time.

mitu

@mahcneto said in Pi3 rebooted by it's own (HACKED):

I can't belive there're peeps doing this [..]

Unless you've been living under a rock, you must have heard about the rampant malware/spam/data breaches/hacked home appliances that are more and more prevalent and becoming more sophisticated each day.
It sucks, but you've been affected. Disconnect your PI from the internet and try to connect with file shares from a local connected PC - as mentioned in the docs. Make sure you only copy the ROMs and not some executables/other files.

mahcneto

@fruitybit I just opened one port for it.

@mitu I mean, I know there're malware and stuff but why with the Pi3, dang.

PokeEngineer

@mitu

Don't mind me, but this is my first time seeing Linux get infected, let alone a Raspberry Pi getting infected. Fascinating...

mitu

@pokeengineer This is not the first time it's been reported in the forums:

cyperghost

@pokeengineer said in Pi3 rebooted by it's own (HACKED):

@mitu

Don't mind me, but this is my first time seeing Linux get infected, let alone a Raspberry Pi getting infected. Fascinating...

This is not an "infection" via a virus. It's an open system and everybody who scans port 22 and got's a ping can try user pi and Password raspberry.

Voila... install whatever you want ... a php server with a full set of bitcoin mining user interface or a bot network, a porn blackbox, a torrent server, a hidden ftp file server, a hidden email server, a jabber network, irc servers .... endless possibilities... Nothing that's really fascinating ... just meat for underground damn dogs

You can follow @mitu's links and you will see consequences of spreaded open systems.

PokeEngineer

@cyperghost said in Pi3 rebooted by it's own (HACKED):

@pokeengineer said in Pi3 rebooted by it's own (HACKED):

@mitu

Don't mind me, but this is my first time seeing Linux get infected, let alone a Raspberry Pi getting infected. Fascinating...

This is not an "infection" via a virus. It's an open system and everybody who scans port 22 and got's a ping can try user pi and Password raspberry.

Voila... install whatever you want ... a php server with a full set of bitcoin mining user interface or a bot network a porn blackbox a torrent server a hidden ftp file server endless possibilities... Nothing that's really fascinating ... just meat for underground hounds

Well, yeah, I knew that. It's just fascinating to me, because I'm into computer junk like that. Though, I never said it was virus that infected it.