zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. codege+k9[view] [source] 2025-12-17 22:00:24
>>jakels+(OP)
tl:dr: He got hacked but the damage was only restricted to one docker container runn ing Umami (that is built on top of NextJS). Thankfully, he was running the docker container as a non privileged non-root user which saved him big time considering the fact that the attack surface was limited only within the container and could not access the entire host/filesystem.

Is there ever a reason someone should run a docker container as root ?

◧◩
2. d4mi3n+jb[view] [source] 2025-12-17 22:12:10
>>codege+k9
If you're using the container to manage stuff on the host, it'll likely need to be a process running as root. I think the most common form of this is Docker-in-Docker style setups where a container is orchestrating other containers directly through the Docker socket.
[go to top]