Hi @Paul, Thanks for bringing this to our attention. I’m currently reading all the threads on the nodered forums regarding the issue. Is this the issue you are talking about:
Yes, every single emonPi / emonBase / emonSD with nodered is secured with an adminAuth username / password.
From my understanding it seems that the malware has only affected systems open to the internet without secure admin access. By default emonPi / emonBase systems should not have the nodered port open to the internet, if a users chooses to open their nodered system to the internet we have always strongly recommend they change the default password.
I’ve just scanned all the nodred installations that I have access (all have adminauth) to and have not been able to find any infections.
With this in mind, I guess we should be ‘ok’ and no further action is needed other than to make users aware of the importance of changing the emonPi default nodered password, if they choose to open their nodered port to the world. Do you agree?
Would you mind if I made this thread public?