tymbusku wrote: ↑
Wed Sep 19, 2018 1:38 am
After a while I decided to see what would happen if I forwarded port 22. This was when my router started slowly dying.
To follow on from what Ernst has said.
If you didn't change the password for the pi account then it's highly likely your pi has been compromised. This means your pi is probably now taking part in scanning for other vulnerable systems on the local network and internet as well as potentially doing other things you don't want.
Best bet is probably to disable the port forwards on your router, wipe the sd card and start again. The very first thing you should do is change the pi user to something else (alternatively create a new user with a strong password and remove the pi user).
If you want to open up ssh to the world then spend some time ensuring it's secure, fail2ban is one good way to start, other options are to enforce the use of ssh keys rather than passwords for login and moving ssh away from port 22 (choose something random not just 2222). Most of that won't stop the attempts but they aim to reduce the likelihood of them succeeding.