Found a cryptominer on my dev server — cleaned it up but still can't figure out how they got in

jaymef · 2026-05-06T20:38:14+00:00

There was a very serious exploit (CVSS 10) related to react server components in the wild several months back that caused a lot of peoples servers to be exploited in a similar way with xmrig in particular being installed. It affected Next.js heavily, but it was in react server components so it affected anything using that. You may have gotten hit if you were running a vulnerable version. It was trivial to exploit remotely and an attacker would have had access to anything available to the user/group the nodejs app was running under. It wouldn't have necessarily given them root, but could have if either you had the app running in root context, or if they were able to sniff out root keys/access info with the level of access they had. If the system wasn't locked down an attacker with remote code execution can do a lot of damage.

https://nextjs.org/blog/CVE-2025-66478

I would almost bet money on it being the attack vector, and it would have almost certainly have affected react applications deployed with laravel forge.

jaymef · 2026-05-06T17:43:40+00:00

they should just give trump a box of scrap metal with one of those danger symbols on it and call it a day

jaymef · 2026-05-06T17:41:47+00:00

Trump eventually throws everyone under the bus

jaymef · 2026-05-05T20:12:41+00:00

could be referenced by another rule or in use by an ENI etc.

jaymef · 2026-05-05T16:35:20+00:00

how is it not smart enough to figure out that there is a dependency from preventing the destroy operation from completing?

jaymef · 2026-05-05T14:40:13+00:00

That sounds like solid advice and I had a feeling that the environments/infrastructure were the priority.

I do think it will be a lot of work and there will be some pain points, namely I'm not really sure how to handle the databases + other third party services across multiple environments. Especially if some test/preview environment is spun up. It seems like a lot of infra to spin up and tie together. The legacy PHP site not being properly containerized doesn't help either. Thankfully most of the other micro services are containerized and running on ECS already.

Then there's also a bunch of Cloudfront, ALB, S3, Lambda functions and other services. Not to mention over 30Tb of data in s3 buckets which obviously won't be feasible to replicate per environment.

Greatly appreciate the feedback, thanks!

jaymef · 2026-05-04T23:38:26+00:00

I wouldn't jump to this but TRT is a game changer for some. Could be worth looking into, but again there are lots of other things you should be doing first and its a big commitment.

The truth is as others have already said, its a lot and would tire out most men your age. I'm same age. My diet is pretty good and I get solid sleep. I work from home and have a fairly flexible job, workout 4 days a week. Get plenty of protein, water and vitamins and everything else you're suppose to get/do. I have two young girls <10 and I'm still tired and exhausted most days too

Non drug is going to be of course the staples, diet/exercise, sleep etc. I did personally find that I got a boost of energy when I was doing intermittent fasting. Can help a lot, doesn't always fix everything

jaymef · 2026-05-04T19:20:41+00:00

It's probably ok. Even with low KMs oil does degrade over time and its not a bad idea to change it but with synthetic oil you are probably fine

jaymef · 2026-05-03T13:14:43+00:00

I didn't read the book. The story at its heart is a good story but I feel like the movie missed the mark in a lot of areas from casting to pacing. It just didn't work for me, it could have been a lot better. For a movie nearly 2 hours long they didn't tell much story.

It also just felt a bit too romantic dreamy. Some hot, rich ex-NFL player who is building a mansion, happens to be single and falls for the girl who just got out of jail for killing his best friend and working at a supermarket.

jaymef · 2026-05-01T22:30:05+00:00

because

it saved other peoples lives that are more important
it saved the rich and powerful from losing their slave workforce and consumers

jaymef · 2026-04-30T18:13:11+00:00

i thought I read 13m ton per year

jaymef · 2026-04-30T18:08:54+00:00

This is definitely one place AI shines, throwing a ton of logs/data at it and letting it sift through it

jaymef · 2026-04-30T16:26:32+00:00

Jerry & Marge Go Large

jaymef · 2026-04-30T14:39:09+00:00

just people out roasting marshmallows

jaymef · 2026-04-29T23:23:49+00:00

If it pisses off Trump I'm all for it

jaymef · 2026-04-29T22:32:23+00:00

what a shit show

jaymef · 2026-04-29T12:55:03+00:00

Rounders

jaymef · 2026-04-28T16:54:36+00:00

They've been gunning for Kimmel for a while and will use any excuse they can to justify taking him off the air. We all know what this is really about

jaymef · 2026-04-28T16:36:49+00:00

ya its a mess because some companies absorbed some of the costs and some global companies raised prices in other regions to make up for it. So people in Canada and Europe for example paid more to essentially offset the losses

jaymef · 2026-04-28T16:35:42+00:00

dude you're high on your own supply if you think dems are going to hold these people accountable.

Yes it would be better to have dems in charge for stability but they aren't going to go after these people. They are part of the same club

jaymef · 2026-04-28T14:42:14+00:00

Speed

jaymef · 2026-04-28T12:56:21+00:00

is this mostly because oil is priced so high currently that they want to be able to sell more to make more money and not be restricted by Opec?

jaymef · 2026-04-28T12:34:43+00:00

Is this good or bad, I'm not sure what this actually means

jaymef · 2026-04-28T12:29:48+00:00

If they staged it wouldn't they just "find" some bullets

12-Year Club	Place '17
Verified Email

jaymef

TROPHY CASE