问HN:还有谁受到Next.js远程代码执行漏洞的影响?
我有点尴尬,但不太确定除了阅读GCP发来的主题为“新通知”的周六邮件外,我还能做些什么。十个小时后,GCP实例因加密货币挖矿被暂停。现在查看磁盘映像,发现它在 ~ /nxt/ 目录下安装了一些东西,在 ~ /c3pool/ 目录下安装了一个门罗币矿工,并添加了几个 systemctl 服务以便在启动时运行这些程序。等一下,我要用火烧掉这台机器……这让我觉得我应该把<i>所有</i>东西都放在Docker中运行,即使是那些“应该没有”潜在安全问题的小东西。
幸运的是,这台机器对我来说并不重要,也没有敏感数据需要外泄,除了AI API密钥。但我想象其他组织可能已经遭遇了灾难性、不可恢复的攻击。
你的故事是什么?
(RCE背景: https://news.ycombinator.com/item?id=46136026)
查看原文
I'm a little embarrassed, but not sure what I could have done differently other than reading the Saturday email from GCP with the nondescript subject "New Advisory Notification". Ten hours later, GCP instance suspended due to crypto mining. Now looking at the disk image, it installed something at ~/nxt/ , installed a monero miner at ~/c3pool/ , and added several systemctl services to run these on startup. BRB, killing this machine with fire... This makes me think I should be running <i>everything</i> in Docker, even simple small stuff that "shouldn't" have any potential security issues.<p>Fortunately this machine wasn't anything important for me and there was no sensitive data to exfil beyond AI API keys. But I imagine there's other orgs that just got catastrophically, irrecoverably pwned.<p>What's your story?<p>(RCE context: https://news.ycombinator.com/item?id=46136026 )