DreamPi hacked... some questions.

[dcnigma]

I think my Dreampi was hacked.

Yesterday night I openend DMZ for my PI and left the default password open..
this morning i tried ssh to it but it refused the password.
tried this link https://howtoraspberrypi.com/recover-pa ... pberry-pi/ to get back in it.
No luck, already back online flashed a new SD card, a 2GB card now as the 16GB that got hacked,
( 16GB is overkill for DreamPi )
And changed the default password after first boot....

Did expect that my Pi would be hacked that quick its been online for like 8 hours or less.

But still want to know if there is something to check if i am really hack and not corrupt sd card...
I can write to the card so i think i can rule out corrupt SD card. But are there things I can check?

[kazade]

Ouch this didn't even occur to me. Dreampi has a default pi username and password and SSH enabled!!!

Which is fine, as long as you don't expose port 22 to the outside world! Which presumably DMZ does!

**Everyone change the default password or do not expose port 22 via your router!!**

[pcwzrd13]

Well this is easily avoided if you don't open ports to your Pi. There's no reason to do that. When you set up port forwarding / DMZ, you want to do it to the Dreamcast's IP address, not the Pi's.

[HuntrRose]

never go full pi dmz...

[ERVOSCV]

I have never done anything with my DreamPi other than the intructions that came with it. Will I be ok?

Also, PC - are you a Stargate fan? "Teal'c - lvl 119 HUcast - GC# 11666"?

[mistamontiel]

If you're unsure what address is assigned to your Dreamcast, connect to Quake 3 briefly tells you it

DMZ onto that, not the Pi!

[pcwzrd13]

I have never done anything with my DreamPi other than the intructions that came with it. Will I be ok?

You're fine as long as you don't DMZ to the Pi's IP address.

Also, PC - are you a Stargate fan? "Teal'c - lvl 119 HUcast - GC# 11666"?

Yep! Well with the exception of Stargate Universe. I like to forget that existed. lol

[ERVOSCV]

Yep! Well with the exception of Stargate Universe. I like to forget that existed. lol

Thats cool. I just finished watching SG-1, Ark of Truth, and Atlantis for the 1st time. I'm a big scifi guy, just never bothered with it when it was on TV, but thats neither here nor there in this Pi hacking thread, but I had to ask lol.

[dcnigma]

Yeah it was stupid to go full DMZ and not to change the default password..
But did't think it would happen that quick...
But then again its was Saturday night
Based on the mac address they could see that it was a Raspberry. All berry's start with this mac address b8:27:eb:XX:XX:XX

It's freaky that it happend so quick. My first modem was in bridge modes and I remember that one day I was lazy to check the ip of my xbox.
So I did a lan scan my pc was connected directly so the result was not what I expected. Because it returned also everybody that was on the same node as I was. That day I installed a Router/firewall because I needed a home network. And seeing all those different IP's made me scary that someone could get in to my pc.

So I am not surprised that it happend, only that it happend so quick.
And I want to know if there is away to get in to the log . I am just curious to find out what is been done, our how did it

Also one strange thing to note: my ISP blocks all in coming connection below 1024 for security reasons
So yes, port 22 is below 1024 so in theory this could not happen.
Maybe policies have changed after I left them 3 years ago. And DMZ is wide open now.
Back when I was working for that ISP I needed to change many ports above 1024 to make servers/services work.

[dcnigma]

Well this is easily avoided if you don't open ports to your Pi. There's no reason to do that. When you set up port forwarding / DMZ, you want to do it to the Dreamcast's IP address, not the Pi's.

Oops I over looked this part of the info. I thought the PI needed DMZ, but makes sense now I think about it that the dreamcast would need the DMZ.. Whoops lets fix that