Hi folks,
I've got a Pi that has been happily running my owncloud service for a few months. I also use it to allow SSH access to home so that I can access the rest of the house. I thought that I had secured it enough, with only the owncloud and SSH ports being allowed through my ASUS router/firewall.
I had SSH set up to use use protocol 2 and only allow publickey authentication.
However, last week I tried to SSH in but it failed. I coupled up a screen to the HDMI and plugged in a keyboard but could not get the screen to power up.
I tried debugging the SSH and confirmed that that was working fine. It looks like BASH is crashing on start-up.
Then tonight while trying again I got the following displayed (most of the SSH stuff has been cropped):
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Aug 7 16:30:44 2016 from 5.79.246.43
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.1.62 closed.
The problem I have is that I have no idea who is on IP address 5.79.246.43 but it certainly isn't me.
I've shut down the Pi and removed the SD card. My questions are:
1) have I been cracked? I'm pretty certain the answer is YES
2) is there any way I can tell how? Was it SSH or was it Owncloud?
3) is there any way to tell what they've done on my machine, how much they've accessed and if they've used it to access anyone else?
4) Once I build a new Owncloud from a new image, what do I need to do to make that one safe?