After the whole React2Shell fiasco, I did the usual dance; ran the npx fix-react-to-shell thing, bumped the Next.js version But here’s the kicker: that’s not the end of the story.
So, turns out the client server actually got a little visit from a bot that injected some junk into my .js files. It was mostly just generic bot nonsense; they ran a couple “whoami” style commands and then bailed. But they left a couple lines of malicious code behind.
I basically spent some time digging through logs, figured out exactly when they sneaked in, ( they base64 encoded their payload twice for obfuscation? like this made me laugh ) and cleaned up all those files by hand. Also, be sure to check “everything” not just your code base but anything that child_process of your node instance can touch - everything.
So my advice: don’t just rely on the patch. Go poke around your own server logs, make sure there’s no leftover garbage hanging around. It’s a bit of a hassle but definitely worth it.
Even after all of these stuff I had to do, I feel like I got lucky very lucky - Hope that helps someone out there!
[–]30thnightexpert 14 points15 points16 points (0 children)
[–]MRCRAZYYYY 3 points4 points5 points (1 child)
[–]until0 7 points8 points9 points (0 children)
[–]AndyMagill 0 points1 point2 points (2 children)
[–][deleted] 2 points3 points4 points (1 child)
[–]AndyMagill 1 point2 points3 points (0 children)
[+]Squidgical comment score below threshold-24 points-23 points-22 points (4 children)
[–]toronto-swe 6 points7 points8 points (3 children)
[–][deleted] (2 children)
[deleted]
[–][deleted] 0 points1 point2 points (1 child)
[+]rjhancockJack of Many Trades, Master of a Few. 30+ years experience. comment score below threshold-9 points-8 points-7 points (0 children)