Hi all. I’ve pinned the post about the node-RED virus issue until Monday, I hope that’s OK.
It is affecting quite a number of systems, and the node-RED authors are recommending that any infected system should be completely wiped, as the virus is pretty much free (having root access) to install or do whatever it wants.
I think it’s important that emoncms users are aware, because not only has node-RED been bundled into the OS which is most popular with emoncms, but many users are using it as integration with emoncms, which of course would also need to be wiped if infected.
It’s hard to believe that users actually expose their system to the web without even considering the most basic password protection, but there we go, they’ll learn the hard way
Hi @Paul, Thanks for bringing this to our attention. I’m currently reading all the threads on the nodered forums regarding the issue. Is this the issue you are talking about:
Yes, every single emonPi / emonBase / emonSD with nodered is secured with an adminAuth username / password.
From my understanding it seems that the malware has only affected systems open to the internet without secure admin access. By default emonPi / emonBase systems should not have the nodered port open to the internet, if a users chooses to open their nodered system to the internet we have always strongly recommend they change the default password.
I’ve just scanned all the nodred installations that I have access (all have adminauth) to and have not been able to find any infections.
With this in mind, I guess we should be ‘ok’ and no further action is needed other than to make users aware of the importance of changing the emonPi default nodered password, if they choose to open their nodered port to the world. Do you agree?