The received wisdom is that there are lots of automated bots constantly scanning the internet for insecure devices.
Port 22/SSH is very standard and if there was any kind of exploit of the server on the Pi I can well believe it was exploited.
Hard to believe that all happened in 5 minutes though.
If it is making connections out via SSH from a vanilla installation then I would have to assume it has been exploited.
It is possible that the original installation was exploited? (this does happen too).
All sounds very worrying. I'd wipe it. I would also be looking at anything else on your network it might have infected.
Cheers,
Alex
--
You received this message because you are subscribed to the Google Groups "DoES Liverpool" group.
To unsubscribe from this group and stop receiving emails from it, send an email to does-liverpoo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/does-liverpool/CAK55gbDt%2BSFgkp8HsNbXMb2%2BVhLGsZpj1ZWL-8RmFXK%3DbTQP6g%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "DoES Liverpool" group.
To unsubscribe from this group and stop receiving emails from it, send an email to does-liverpoo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/does-liverpool/CAPdj8Z5439Z1rcdUcDofSk5BH03mCMPTy0x0x8-4g1LPok_%2BoA%40mail.gmail.com.