ApArki ー アプリヤント

statement “jangan nikah atau punya anak kalau miskin” itu classist dan dehumanizing. kekhawatiran dan standar pribadi lo gak seharusnya dipaksakan ke orang lain, apalagi dalam hal yang halal. definisi “mampu” juga beda-beda, gak bisa diseragamkan dan gak ada titik akhirnya, rezeki juga gak selalu stabil. kebayang ada keluarga sederhana bonceng tiga naik motor, main ke alun-alun, makan batagor di rumput sambil ketawa-tawa. lalu anaknya mulai besar dan baca kalimat “orang tuamu seharusnya tidak punya anak karena miskin” atau “bapak lo seharusnya gak nikahin ibu lo” di internet. selama ini dia punya prasangka baik dan kenangan hangat, tapi beberapa kalimat bisa meruntuhkan itu semua, bahkan mengubah cara dia memandang orang tuanya sendiri. hati orang tua mana yang gak hancur, seakan yang dihitung cuman uang, bukan cinta, usaha, dan pengorbanan mereka selama ini. yang gue percaya, any sane parent would want the best for their child, life also doesnt always go according to human plans, there are things beyond our control that cant be reduced to rigid standards. semua ini bukan berarti kita menolak ikhtiar perencanaan yah, tapi menyederhanakan nilai manusia hanya dari finansial itu gak adil buat buat gue. so please, maybe we can be more careful with our words, cobalah lebih berempati. di balik setiap keluarga, pasti ada usaha, cinta, ceritanya masing-masing yang gak keliatan buat lo, jangan lah direduksi jadi duit, duit, duit

i got a friend who didn’t even know what a memecoin was 7 days ago he starts trading, gets rugged twice, loses $300 (3.5 sol) in 48 hours starts crying about devs.. so instead of complaining, he becomes the dev he had a bit of coding knowledge vibecoded some “ai tech” coin in like 1 hour > bundled 50% at launch > paid for dex > locked dev supply waited for the exit liquidity to flood in.. dumped half at 80k other half at 40k walked away with $14,000 profit (180 sol) that’s 4 months of his 9-5 just told me he’s quitting tomorrow 😭

KRIPTO SEKARANG hanya TUMPUKAN SAMPAH. Di Solana atau di BSC sama saja... Token yg total supply nya di atas 1M pasti banyak Nol nya... Apalagi yg ratusan milyar atau trilyunan. Kalau ngomong harga waow murah sekali... Apalagi jika di rupiah in bahkan Shiba Inu dan pepe pun Masi di bawah 1 rupiah. Pumpfun dan fourmeme membuat pasar kripto seperti sampah. Tiap detik lahir koin baru. Karena ini dunia bebas Lo ga usah ngomongin scam lah Ponzi lah rugpull lah apalah semua sifat nya. Dex ini seperti lembah hitam nya pasar keuangan, ga usah di debat semua ada di sana. Mulai dari maling perampok begal amapi orang tersuci juga ada. Bantar gebang adalah TPA sampah terbesar di Indonesia . Kita semua sangat terganggu jika lewat di area itu. Tapi di atas tumpukan sampah itu, di sekeliling tumpukan sampah yg memuakan itu ada uang yg beredar setiap hari setiap detik. Perputaran uang di Bantar gebang mencapai puluhan bahkan ratusan milyar per hari. Kenapa ada orang bisa dapet duit dari sampah sementara kita tidak bisa. Semuanya di tangan kita sendiri. Kripto itu adalah tumpukan sampah.. Tapi bukan berarti sampah tidak ada duitnya. Kamu yg bau doang dan benci dengan kripto ya GPP hindari saja, sama seperti kamu menghindari TPA Bantar gebang yg sangat bau sehingga memilih tidak lewat terlebih lagi tinggal di area sana.

i've been hacked and traced the malware's wallet to see how much money they actually made from this new exploit (if you use Next.js/React, READ THIS!) I woke up to a terrifying email from Hetzner: "Netscan Detected." my server was blocked and a botnet was using my IP to attack others i dug into the logs and what I found the anatomy of the attack: 1) The Symptoms: I logged into htop and saw the mess: - CPU usage: 361% - A process named ./3ZU1yLK4 running wild - Random connections to an IP in the Netherlands my server wasn't serving my app anymore; it was mining crypto for someone else! 2) The Culprit: It wasn't a random SSH brute force. It was inside my Next.js container the malware was sophisticated it renamed itself nginxs and apaches to look like web servers it even had a "killer" script that hunted down other hackers' miners to kill the competition 3) The "Root" Cause (literally): Probably the recent React/Next.js CVE-2025-66478 exploit was the entry point (my project was running on "next": "15.5.4", behind cloudflare dns, but their recent fix didn't work apparently) but the fatal error was mine: my Docker container was running as ROOT Coolify deploys like this automatically when using Nixpacks, and I never changed it... so because of USER root, the malware could install cron, systemd, and persistence scripts to survive reboots meaning, it was able to infect my whole server, from a single Next.js docker! 4) The Forensics: I ran docker diff on the container - the hacker didn't just run a script, they installed a whole toolset.. - /tmp/apaches.sh (The installer) - /var/spool/cron/root (The persistence) - /c.json (The wallet config) 5) The Fix: I killed the container, scrubbed the host, and extracted the malware for analysis. but the real fix is in the Dockerfile. if you are deploying Node/Next.js, DO NOT use the default (root), you must: - RUN adduser --system nextjs - USER nextjs if you have Docker on ROOT and didn't update the exploited react version, you'll be hacked soon check your containers NOW. Run: docker exec <container_id> id (or get the full list first: docker stats --no-stream) If it says uid=0(root), you are one vulnerability away from being a crypto-miner host. (it's easy to notice when hacked, it will be a command running on the top CPU%, using all your hardware resources) 6) The Money: I dug deeper and recovered the config file (c.json) - Wallet: A Monero (XMR) address: 831abXJn8dBdVe5nZ*** - Pool: auto.c3pool . org and ofc i tracked the hacker’s wallet on the mining pool 7) The Scale: My server wasn't alone. It was just 1 of 415 active zombies in this botnet they are burning the CPU of 400+ cloud servers... to earn... guess how many millions? $4.26/day on the image attached you can see: "Total Paid: 0.00", meaning this campaign just started. I caught them on Day 1. i also tracked back the server where they hosted the malware, and by inspecting the code, I found several comments in Chinese, so I guess that's their origin im rebuilding from scratch on a fresh VPS. the lesson was expensive, but at least I caught it before the hosting nuked my account permanently... PS: I have the IP for all the other machines mining with that malware, not sure how I can help them, but feel free to contact me if ur doing infosec stay safe