You know how when tech is free or cheap, you are the product? That probably holds true for security cameras.
Bosch, Axis, etc. sell PoE cameras that are reliable and keep your stream private. They cost more and take work to install and set up, but could be worth it.
Looked into the /proc issue a bit: seems like with recent #react2shell exploit activity, bind mounts have been used to hide malicious process info. attack.mitre.org/techniques/T...
If you selfhost (or otherwise run workloads for fun, etc.), what are your experiences handling attacks or compromised hosts?
In this case, it looks like there was probably a remote code execution vulnerability in NextJS that allowed an attacker to steal my hosting resources to mine crypto.
I have major respect for folks doing this professionally, using the knowledge to layer security and detect attacks as they occur.
As more of the services we rely on do awful things, some of us are inclined to selfhost out of spite, but as this incident shows, there are risks. This was isolated, but could have been much worse. It's easy to miss an image update that patches a CVE, or not have time to set up alerting.
Screenshot of config.json excerpt showing crypto miner params pool, user, pass, etc.
Circling back to the poorly obfuscated "node" process, the file linked to in the process command line was configuration for SupportXMR, a monero crypto miner. ๐
I tried to inspect its available /proc/<pid> info, but either got nothing back or permission denied. Not sure what was up with that, but I'm sure I have more to learn there.
Netstat showed a connection to we.love.servers.at.iofloodโ.netโsuper legit looking. I suspect C2, but I left it alone.
Netcat (nc) is a utility for making network connections, but is also usedโas in this caseโto establish remote access by malicious actors. It's convenient for that, too, because it's already present on most Linux systems.
Screenshot of ps command output showing expected node processes next to malware processes.
Had to sift through some metrics, but eventually found the outlier, a NextJS container using 2 vCPU and 3GB ram. Once I got to a shell, the problem was pretty clear: in addition to the expected Node processes, there was a process running from /tmp/.libsystem/node andโuh oh! Netcat.
Is my NodeJS container supposed to be running netcat? ๐ I usually wake up sipping coffee, not choking on it seeing my cloud usage, but I made the most of the situation by doing some amateur forensics. #selfhosting has its ups and downs...
Hiding Hands & Seeking Elbows, page 1: Some favorite hand artists, and the pocket investigation begins.
A final batch of figure drawing tips for 2025. Following up on hands, we investigate what happens when we stick 'em in our pockets... (1/3)
an album cover in a walter wick i spy style of me with a guitar, sitting amongst a bunch of found objects
SPYGLASS - i spy-themed folktronica album out now!
louiezong.bandcamp.com/album/spyglass
Tuesday we will join minds and hearts and keyboards and code for Front End Study Hall 37. We get together to learn HTML and CSS new and old. Event info is on the #IndieWeb events website. It's a Zoom! If you're HTML-curious, or CSS-phobic, this is the place. events.indieweb.org/2025/09/fron...
Awesome! This approach would be good for syncing maybe? When I left Spotify, the trouble I had was getting their data export into another service, e.g. Apple Music. I had to write a UI to search Appleโs catalog, find & confirm the best match, and add it to a playlist. They donโt make it easy!
Maybe you've been curious about password managers? I wrote a how-to about self-hosting one: mossymaker.com/articles/202...
So one of the things that I think is lost on AI proponents is what I call the card catalog effect, a thing I shouldnโt call it because a lot of people probably have no experience with a card catalog.
If you have ever received treasury payments - tax returns, student loans, financial aid, social security, etc. Call your bank, mortgage company, credit card company, university. Express concerns about the federal personal data breach. Ask how they will protect your information. Put on the pressure!
Protocol for sites to exchange replies and such. indiewebify.me is a good place to start.
Yes! Astro is a joy to work with. Are you thinking youโll do any #IndieWeb functionality like Webmentions? Itโs awesome to interact with each otherโs sites. โจ
Bumble bee slurping a giant clover flower.
Tasty clover!
Excited about the Raspberry Pi Pico 2 news! ๐คฉ Likely going to wait for the WiFi version, but what a great list of improvements! โจ
Shield beetle trying not to be seen on a yarrow stem.
Nothing to see here. Just a bunch of foliage.
Thereโs a new Indie Web event, Front-end Study Hall, on April 24th. I plan on being there!
Bowl of instant ramen with soft boiled egg and veggies.
I miss a good bowl of ramen. Instant with extras is pretty tasty though.
Salad of lettuce, cucumber, carrot, chicken, fried onions, and ranch dressing.
Salad is almost back in season! Crinkle cut veggies make it extra fancy.
Astrophysicists theorize that 85% of the day is spent doing โdark workโ which cannot be directly measured but is implied by how tired I feel
