All umami instances have been infected with a persisting crypto miner. Umami was affected by the next.js CVE but quietly released a fix, so most of their users missed it
You must log in or # to comment.
Look inside
React2Shell
Just another day on the job
This could explain why my 4C/8T VPS started hitting 100% CPU usage shortly after boot with like next to nothing else running on it.
Yup, umami was the culprit in my case. Quick update and it’s all running smooth again.
Wow I’m glad I happened to see this here. Thank you for the post. I was just thinking about putting all my services behind a VPN too, I think I’m going to go ahead and put that at the top of the list…
I don’t think a vpn would help here
