Pi3 rebooted by it's own (HACKED)
-
@mahcneto It's not downloading anything. Because the previous restart was not a clean one, it checks the files on the card to make sure they're not corrupted. If your sd card is large, it could take a while.
-
My SD card is 64gb. I recorded this, is this normal? Its taking almost 30 mins so far
-
@mahcneto said in Pi3 rebooted by it's own, then started to update something:
My SD card is 64gb. I recorded this, is this normal? Its taking almost 30 mins so far
Based on your video, I'd say your installation has been 'hacked' and your system has a rootkit installed, acting as a SSH brute-force attacker.
Save your ROMs and re-install from scratch. Don't expose the RPI directly into the internet and make sure you change the default password for thepi
user. -
@mitu said in Pi3 rebooted by it's own, then started to update something:
Based on your video, I'd say your installation has been 'hacked' and your system has a rootkit installed,
Wow... didn't even know this was a "thing" outside Windows or some Mac viruses. Good to know.
-
it seems that i'm screwed? I tried accesing from FTP and my password has been changed. Is there any other way to backup my ROMs and Ports section & configs? this seems like a real pain in the ass, I can't belive there're peeps doing this, why for anyways, this sucks :/
-
@mahcneto Did you open up ports on your router to the Pi, or just no firewall? I ask as I use the Kodi port as my media server around the home, but it doesnโt have any extra access to the Internet other than when it needs to update the library, so I leave the Ethernet cable plugged in all the time.
-
@mahcneto said in Pi3 rebooted by it's own (HACKED):
I can't belive there're peeps doing this [..]
Unless you've been living under a rock, you must have heard about the rampant malware/spam/data breaches/hacked home appliances that are more and more prevalent and becoming more sophisticated each day.
It sucks, but you've been affected. Disconnect your PI from the internet and try to connect with file shares from a local connected PC - as mentioned in the docs. Make sure you only copy the ROMs and not some executables/other files. -
@fruitybit I just opened one port for it.
@mitu I mean, I know there're malware and stuff but why with the Pi3, dang.
-
Don't mind me, but this is my first time seeing Linux get infected, let alone a Raspberry Pi getting infected. Fascinating...
-
@pokeengineer This is not the first time it's been reported in the forums:
-
@pokeengineer said in Pi3 rebooted by it's own (HACKED):
Don't mind me, but this is my first time seeing Linux get infected, let alone a Raspberry Pi getting infected. Fascinating...
This is not an "infection" via a virus. It's an open system and everybody who scans port 22 and got's a ping can try user
pi
and Passwordraspberry
.Voila... install whatever you want ... a php server with a full set of bitcoin mining user interface or a bot network, a porn blackbox, a torrent server, a hidden ftp file server, a hidden email server, a jabber network, irc servers .... endless possibilities... Nothing that's really fascinating ... just meat for underground damn dogs
You can follow @mitu's links and you will see consequences of spreaded open systems.
-
@cyperghost said in Pi3 rebooted by it's own (HACKED):
@pokeengineer said in Pi3 rebooted by it's own (HACKED):
Don't mind me, but this is my first time seeing Linux get infected, let alone a Raspberry Pi getting infected. Fascinating...
This is not an "infection" via a virus. It's an open system and everybody who scans port 22 and got's a ping can try user
pi
and Passwordraspberry
.Voila... install whatever you want ... a php server with a full set of bitcoin mining user interface or a bot network a porn blackbox a torrent server a hidden ftp file server endless possibilities... Nothing that's really fascinating ... just meat for underground hounds
Well, yeah, I knew that. It's just fascinating to me, because I'm into computer junk like that. Though, I never said it was virus that infected it.
Contributions to the project are always appreciated, so if you would like to support us with a donation you can do so here.
Hosting provided by Mythic-Beasts. See the Hosting Information page for more information.