Persistence should be near impossible; you most likely have a bad habit or other factor that makes you vulnerable. As others have said, check your router settings; make sure your router firmware is the latest to patch any vulnerabilities. Check devices on your network to make sure none are compromised.

My first guess, like others, is you’re doing something horribly wrong with your port forwarding, followed by you’re installing suspect software. Don’t go installing from random Github/Gitlab repositories without at least doing a bit of background research. Also, sometimes even legitimate open source projects get compromised. Ultimately, try to stick to the bare minimum, just stuff from the Debian repos, and see if it still happens.

If you still have the problem, then my last resort is to ask this (and this is really paranoid, hopefully an unlikely scenario for you): do you use your computer in a safe environment where only people you trust can access it?

I mostly ask because if not, maybe someone has physical access to your computer and is pulling an evil maid attack, installing the software when you’re not looking. Maybe it’s a jerk coworker. Maybe it’s a creepy landlord. A login password is not enough to defend against this; it may be possible for the attacker to boot off a USB stick and modify system files. The only way to prevent this is to reinstall and use full disk encryption, which I do on my laptop. You can try to use Secure Boot and TPM¹ to add further protection, but honestly, your attacker just sounds like some script kiddie and probably won’t perform a complex attack on your boot partiton.

1: Despite their obnoxious utilization by Microsoft, they can actually be quite useful to a Linux user, making it possible to set up auto-decryption on boot that doesn’t work if the boot partition has been tampered with (in which case you use a backup password).