I currently have OSMC installed on a Raspberry Pi3. According to my router (ASUS RT-N16 running AdvancedTomato CFW), the IP associated with the OSMC machine accesses strange websites and makes random searches every couple of minutes (image of the log).
Not sure if relevant, but I also have Sonarr installed on the Pi. Nothing else has been installed as far as I know. Just wondering if this is expected behavior, and if not, what I can do to prevent it?
Correct, it is static. I have forwarded ports 20-22 to access FTP and port 8989 to access Sonarr. Is there a log I can upload that would give you more info about my system customization?
it just means you either turned on SSH and left the default username and password and become part of a Russian botnet or they are just using your raspberry pi for crypto mining.
disable SSH password once you format your SD card and use ssh keys only unless you know what you’re doing.
And install ufw. I also notice some weird stuff in my log files one time, but since i installed this firewall and set it up, everything was fine. Here are some links on how to do it:
As the others wrote you normally would do it on the router (especially as on the device itself even the monitoring application might be infected.
But generally you can use tcpdump to watch all traffic. Basically you could monitor the DNS requests from the Pi as a starting point.
Or you can use iptraf
Thank you, this is most likely the case, since I don’t know a lot about setups, etc and just followed a guide. I will re-install and give the ideas in this thread a try.