SSH connection from my OMV to unknow IP

https://www.whois.com/whois/123.183.209.137
Greetings from China

You need to change that root password NOW. If you can't, then reinstall the system. Who know what stuff that Chinese hacker has installed.

- Do not open your SSH on port 22 to the internet if you don't know what you're doing.
- If you do open your SSH to the internet:
- Use public key authentication, never password authentication.
- Always disable root access and never allow default account names ('admin', 'pi', etc...)
- Use a random port number that only you know. Never use 22.

There is no backdoor in OMV. I just think you have your SSH port 22 open to the internet don´t you?

You were hacked because you left your SSH access open to the internet, on port 22, and with root enabled. You must NEVER do that.

The script kiddies (often from China and Russia) run scripts that scan IP addresses for SSH access, mainly on port 22, and try to brute-force passwords for common user names, like "pi", "root", "admin", "user", common first names, etc... Password access is NOT safe.

The safest way to allow SSH access is to:
- Use a different port than 22.
- Do not enable 'root' or any other common user name with SSH access.
- Use public/private key authorization instead of password authorization.

At this stage, you HAVE been hacked and your system HAS been compromised. Someone might have introduced any kind of malware on your machine. The best thing you can do now is to reinstall OMV, change usernames, change passwords, and take measures the above measures.