At 2 am, I was about to go to sleep after developing my AI template project, I saw an email from an email Hetzner. It said something about my server, DDoS, some logs and had a line “explain how that happened”. I barely could understand what I read. Is this a scam prompting me to open some link? No, it was from a real email.
So, did my server get DDoS-ed? Hetzner prevented it and now asks me how did I let that happen? The way I read it, sounded like I had severe skill issues in protecting my server.
I copied the email, copied the logs and forwarded it to my chatbot and it said that actually, it was my server that performed DDoS. Well, this makes more sense and why they want an explanation. This one actually does read like I have severe skill issues in protecting my server.
I asked Cursor to help me diagnose the issue. Let it write a few scripts and look for processes that run on certain ports. Turns out indeed, there was a piece of malware rbot from an npm package called Next.JS
I ran npm audit locally, and there was a critical vulnerability. I began the project recenlty, and was surprised that something like this would happen, and with a big package like Next.JS
I updated the npm pacakges. Deleted the container, and recreated the app.
Lastly, I had to write a response to the Hetzner abuse team, otherwise they would do somthieng to my server (either ban me, or ban my server, neither of which I want). I was about to generate a messsage using Cursor, until I saw the check mark at the end “I confirm the message is not generated using AI”.
I am so tired at this point, but sure, let’s write it. Asked an outline from Cursor, and wrote it by hand. Added my appologies if it’s not exactly like they expect it cause this is my first time writing one and sent it off.
The next day I got a response that they accepted it.
I see in the news that npm packages have vulnerabilities on them often, but this is my first time having to get rid of one, and luckly I got to keep my server.