Loading

My OctoPrint Just Got Hacked!

Please Login to Comment

So I was just about 9.5 hours thru an 11 hour print when I noticed that my printer had paused mid-print. When I looked at OctoPrint, I saw this message. This is the first time in more than two years of printing that this has happened. How can I prevent it from happening again?

Do you really use octoprint beyond other people telling you that you need it?
Or a better way to ask is "What is it giving you, that you can't do without?" What's wrong with just printing from SD card?

Well, using an SD card is a hassle. I also like to be able to check print status remotely. But aside from that, it's just my personal preference to use OctoPrint. I didn't intend for my post to turn into a debate on the merits of OctoPrint vs any other method.

Oh I didn't mean to debate it. Not implying that. I use a $25 Wyzecam to check on my printers from time to time. And they are all on smart outlets so I can kill them as needed if there is a fail.

For those in printer farms there are some useful features of Octoprint for those that really use them: Like spool use tracking. I think like any tool, its good for some and less so for others.

Just offering a quick fix if you're not adept at securing your internet.

It's all good. I resolved the issue several days ago by re-flashing the latest version of OctoPrint and configuring it correctly. So now I have it secured and the latest version (aside from incremental updates, my previous version was at least 2.5 years old).

That was at least a friendly way to alert you to the problem :D

My suggestion regarding a VPN is to use OpenVPN. I have set that up several times using an Asus 1900 / AC-68U and the Asus Merlin Firmware and it works great (https://x3mtek.com/openvpn-server-setup-instructions-for-asuswrt-merlin/). It is also possible to run a VPN client and Server on the same router using Policy Based Routing which is simpler than it sounds (if you already use a VPN client for a service like Nord, etc).

First advice is to not open the RasPi to the open web!! Don't open ports etc on your router to expose it in the first place.

Next, only utilize a secure tunnel VPN if you need to access it from outside your home network.

I didn't think I had it open to anything outside my LAN. I set this up a couple of years ago when I first got the printer. I had problems using USB and the SD card process was cumbersome, so I had heard about OctiPrint. I bought a Raspberry Pi 3 B+ and downloaded OctoPrint, then followed their directions for flashing it and getting the Raspberry Pi up and running. I certainly didn't go outside of those directions to open anything additional or make any undirected configuration changes.

Guess I need to go back thru it now that I have a couple years experience with it to make sure it's isolated.

When you install it at the beginning as its expanding the install it asks you to set a password if you don't or if the password is to easy welcome to hacks. Also when you install it askes if you wish to allow blacklisted apps say no so you don't get some app hacker made. I would save profile and re img sd. Take snap shot of your profile settings.

Yeah, it just happened again (it always just pauses with the resume button enabled). I'm going to try and finish this print and then just start again from scratch (latest download, re-flash, etc.).

https://octoprint.org/blog/2018/03/15/security-issue-update-to-1.3.6/

always check for vulnerabilities, when you have an internet-connected-device ;)