ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ's avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ me@mleku.dev 3 weeks ago
a lot of apps have this kind of silly pattern, but they are usually trivial and non-valuable things especially before you set them up. the default should be that it writes a token to the terminal, that you have to use to set the password. unless the SSH connection is breached this prevents this kind of bootstrap snipe attack. if you have ever set up SSH on a VPS and looked at the logs, you will see there is probably tens of thousands or more bots on the internet scanning and probing everything they can find. they now have claude, to help them with this, not sure if you caught the news but they discovered that some clever guys were using claude to automate breaching of servers on the internet, that were far more sophisticated and fast than any such exploit ever seen before. at this point, it's pretty much game over. nothing should be open to connections on the internet without a back channel lock.
↑ Parent

Replies (1)

Francis Mars's avatar
Francis Mars francismars@chainduel.net 3 weeks ago
Calling it a silly pattern is very kind from you. @LNbits admin menu on Umbrel requires you to copy a string from the apps page. The reason I didn't go through with the initial installation is because I went back to the apps page to look for the password and couldn't find it🥴 This wasn't an automated attack. First of all, it happened right after I shared the news release article on @PUBPAY.me, I was probably attacked by someone that got the link directly from me by DM. Second, and most relevant to prove it was not automated, the perpetrator had access to the node for 18 hours before stealing the funds. He was probably learning how to clean up his tracks or maybe how to not feel guilty about being a thief son of a whore.
1 replies ↓