Hi all, some of you will be aware that a few people have reported having their Node-RED servers infected by cryptomining malware.
This can only happen if you have left a server exposed to the Internet in some way without suitable security applied.
The IP address serving the malware script is
220.127.116.11. This belongs to hosting vendor OVH. If you would like to report this to them, that would be good. If lots of people do this, they will probably take action pretty quick. The address to use to report to is
email@example.com. When reporting, you might like to reference this report which is showing other malware being served from that address.
The full URL of the malware script is:
This is currently safe to access though it is possible that may change so be aware.
If you discover any other IP addresses serving up this malware, please let me know as I'm trying to report it at the moment.
Stay safe! Secure your servers.