The flows disappear

XavierTGN · 14 July 2024 09:29

Hello.
I have a problem with node-red that I don't know what to do anymore.
Every so often, varying between two weeks and 2 or 3 days, the system deletes all the data in the flows.json file and the flows disappear.

Versions:
Node-RED v4.0.0
Node.js v20.14.0
MariaDb
MQTT
Debian without desktop
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

Two months ago I changed from Raspberry Pi 3B to 4, I installed everything from scratch, but the problem persists.
I have a home automation application, temperatures, smoke detectors, etc., and I can't trust the system anymore.

Has anyone had the same problem?

Thanks for everything

jbudd · 14 July 2024 09:34

Hi @XavierTGN, welcome to the forum.

Have you ever made your Node-red setup accessible from the internet?

XavierTGN · 14 July 2024 09:40

Hello jbudd.
No, but can I copy it here?
Or should I put it on Github?

jbudd · 14 July 2024 09:43

No no no, I don't want to access your Node-red, I wanted to find out if you might have been hacked, which would be possible if (for example) you had set up port forwarding on your router.

XavierTGN · 14 July 2024 09:54

If I have port 1880 open to access from the Internet.

GogoVega · 14 July 2024 09:57

Is this file empty (completely)?

Locally in your network or open to internet (outside your network) ?

jbudd · 14 July 2024 10:01

Sorry but that is ambiguous.
Do you now, or have you ever had port 1880 open to the internet?

XavierTGN · 14 July 2024 10:01

Yes the file is empty, only .

Yes, I can acces from internet with the address public . Example
http://83.56.65.45:1880.

jbudd · 14 July 2024 10:06

You have almost certainly been hacked.

Turn off port forwarding.

Reinstall the entire operating system on the Node-red device.
Check all of your computers for viruses.
If you restore Node-red from a backup, check all the flows for nodes you don't recognise, especially exec nodes. Note that these nodes might not be easily visible in the editor desktop.

Search the forum for advice on securing Node-red.
Password protect your editor.
Do not use port forwarding!

XavierTGN · 14 July 2024 10:14

Ok. Now I close the ports and reinstall Debian and node-red,

Thanks for the advice

jbudd · 14 July 2024 10:30

Congratulations on possibly being the first person to report Node-red v4 being hacked.

I hope the developers are taking note.

To misquote another forum post on this topic

V4.x stream is where it ~~will~~ ~~might~~ ~~should be~~ [wasn't] worked on.

TotallyInformation · 14 July 2024 11:43

Please remember to change any exposed passwords. Also, check anything else that is on your local network. For example, your router - if an attacker had access to Node-RED, they could easily have made changes to anything that they could access. Especially if you have used default logins for things like routers, the Pi, etc.

jbudd · 14 July 2024 11:45

If you have other Raspberry Pies on the network they are probably especially likely to have been impacted,

system · 13 August 2024 11:46

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Flows disappear after a few hours! General	45	727	7 February 2024
All flows have disappeared on AWS hosted system General	9	288	8 February 2024
Node-RED "loses" flows General	7	2306	15 September 2019
Vanishing flows General	12	179	29 December 2023
Example of Node Red Going Wacko! (Or Node js?) General	74	1604	5 December 2020

The flows disappear

Related topics