Any node-red accessible from the internet without requiring credentials to get in is liable to be hacked. There are bots out there looking for them. You will have to rebuild the whole system I am sorry to say, and put it down to a learning exercise.
Then read this FAQ post for advice on how to safely access node-red over the internet.