I found malicious code in my project. It was not in my repository, not even proof It has been active as it errored an update. The prior edit of the project was 18 hours ago (no issues) and I updated portainer 2 days ago. I am still clueless about the source. The relevant code code removed by moder…

Buy flowfuse license and delegate security to their team

:face_blowing_a_kiss: Employee?

Nope. I just think that if you don't want to take care of your servers security it is better to pay someone to do that.

I take care and I want to take care.

Since (I believe) that is an Amazon ip address should this be reported to them?

[image] Bolukan: this post was also to view whether more people have the same issue. It is certainly a new one on me, and (I think) more sophisticated than the usual attacks we see. Could this be a targeted attack on your system? In your situation I think I would disconnect everything from …

I don't believe we've seen anything similar. But, of course, it could be that you are the only person to have spotted it. [image] Colin: Since (I believe) that is an Amazon ip address should this be reported to them? I doubt they would do anything and would simply say that it is something to…

I think the IP is that of the attacker isn't it? Not the OP's system. Or have I misunderstood the details?

A compromised dependency would not need to edit the Node-RED flow, it would just do all this from within it's own code and not expose it's self to being discovered like this. The fact the flow was edited very much indicates that something/someone had access to the Node-RED instances API to inject t…

Malware found in node-red project

General

AllanOricil 23 August 2025 18:26 24

@Bolukan is your node-red instance configured with auth? If yes, and the updates were done via the API, then your credentials have also leaked

Topic		Replies	Views
Dashboard suddenly asks for password (Hacked Node-RED servers) General security	128	4277	4 December 2022
Node Red starts mining Monero coins without my consent! General security	34	408	28 July 2025
Have I been hacked? General security	62	1316	2 January 2024
Nodered hacked by adding invisible nodes General security	143	2995	6 March 2024
Unexpected flow restart with lost of context files & tokens (google and telegram)! General security	24	143	12 January 2026

Malware found in node-red project

Related topics