The flows disappear

XavierTGN · 14 2024 09:29

Hello.
I have a problem with node-red that I don't know what to do anymore.
Every so often, varying between two weeks and 2 or 3 days, the system deletes all the data in the flows.json file and the flows disappear.

Versions:
Node-RED v4.0.0
Node.js v20.14.0
MariaDb
MQTT
Debian without desktop
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

Two months ago I changed from Raspberry Pi 3B to 4, I installed everything from scratch, but the problem persists.
I have a home automation application, temperatures, smoke detectors, etc., and I can't trust the system anymore.

Has anyone had the same problem?

Thanks for everything

jbudd · 14 2024 09:34

Hi @XavierTGN, welcome to the forum.

Have you ever made your Node-red setup accessible from the internet?

XavierTGN · 14 2024 09:40

Hello jbudd.
No, but can I copy it here?
Or should I put it on Github?

jbudd · 14 2024 09:43

No no no, I don't want to access your Node-red, I wanted to find out if you might have been hacked, which would be possible if (for example) you had set up port forwarding on your router.

XavierTGN · 14 2024 09:54

If I have port 1880 open to access from the Internet.

GogoVega · 14 2024 09:57

Is this file empty (completely)?

Locally in your network or open to internet (outside your network) ?

jbudd · 14 2024 10:01

Sorry but that is ambiguous.
Do you now, or have you ever had port 1880 open to the internet?

XavierTGN · 14 2024 10:01

Yes the file is empty, only .

Yes, I can acces from internet with the address public . Example
http://83.56.65.45:1880.

jbudd · 14 2024 10:06

You have almost certainly been hacked.

Turn off port forwarding.

Reinstall the entire operating system on the Node-red device.
Check all of your computers for viruses.
If you restore Node-red from a backup, check all the flows for nodes you don't recognise, especially exec nodes. Note that these nodes might not be easily visible in the editor desktop.

Search the forum for advice on securing Node-red.
Password protect your editor.
Do not use port forwarding!

XavierTGN · 14 2024 10:14

Ok. Now I close the ports and reinstall Debian and node-red,

Thanks for the advice

jbudd · 14 2024 10:30

Congratulations on possibly being the first person to report Node-red v4 being hacked.

I hope the developers are taking note.

To misquote another forum post on this topic

V4.x stream is where it ~~will~~ ~~might~~ ~~should be~~ [wasn't] worked on.

TotallyInformation · 14 2024 11:43

Please remember to change any exposed passwords. Also, check anything else that is on your local network. For example, your router - if an attacker had access to Node-RED, they could easily have made changes to anything that they could access. Especially if you have used default logins for things like routers, the Pi, etc.

jbudd · 14 2024 11:45

If you have other Raspberry Pies on the network they are probably especially likely to have been impacted,

system · 13 2024 11:46

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Flows disappear after a few hours! General	45	724	7 2024
All flows have disappeared on AWS hosted system General	9	288	8 2024
Node-RED "loses" flows General	7	2303	15 2019
Vanishing flows General	12	179	29 2023
Example of Node Red Going Wacko! (Or Node js?) General	74	1603	5 2020

The flows disappear

Related Topics