Node-red 4.1.2
My flow randomly restart (each 2 or 3 days) and then all the context files are deleted (the variables are not re-written).
Furtherlore the tokens field for telegram and google are blank.
Is there a log file that could provide an indication why the flows restart?
Remark: If I restart the flows by myself everything goes fine; the context variables are correctly initialized and the tokens not lost
Welcome you the forum.
We need to see what comes before the restart.
It is probably in /var/log/syslog
There is no syslog in /var/log but I can read the log with journalctl command.
I don’t see anything that can explain the restart of the flows (see the screenshot in my initial request).
Actually I suspect node-red-contrib-googlehome to be the root cause. I have just deleted all the nodes relying on this palette and wait if the problem comes again
Find the node red start and see what comes before it.
In future please copy/paste logs, not screenshot.
That is the result of a Deploy. If it wasn't you then, if your system is open to the internet, then you have been hacked. Disconnect the system from the internet and stop node-red.
This looks to me like evidence of malicious cron jobs.
Unless you intend to fetch and execute bash scripts from that site, I too think you have been hacked.
Yes, you are right. I missed that. Unless @sebamelo is doing something rather unusual then his machine has been well and truly hacked. Not just messing with node-red but also adding cron jobs.
@sebamelo I think you need to recreate the SD card on the pi and start again. Hopefully you have got a backup of your flows from before the hack. Also you need to consider the possibility that other machines on your network may have been infiltrated from the pi.
See this FAQ post for advice on how to safely access node-red over the internet.
@sebamelo will you please tell us if your Node-red machine has ever been accessible from the internet (by you or anyone)?
If it has been, how did you set it up?
Does the user raspberrypi have the right to run sudo, with or without a password?
The hacker has made multiple changes to your computer, not confined to Node-red. You will have to reinstall the entire operating system from scratch.
The download site seems (in chatgpt's opinion) to be on Cloudflare. Perhaps they would be interested to know they are serving cryptomining code for hackers.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy
