I'm a beginner with server management, and I'm facing a really frustrating problem with my DigitalOcean droplet. After deploying my Next.js app, it keeps getting infected with malware, specifically Mirai and Kinsing. Here's what I've tried: 1. I built the app directly on the server, but it used a lot of memory and crashed. 2. I attempted to build locally and then upload the build via rsync, which worked temporarily until I found a suspicious file that turned out to be malware. 3. I created a fresh droplet but encountered the same infection issues. 4. My latest approach has been to use a standalone build, but after some time, it still gets compromised. I'm using Ubuntu, Node.js 24.4.0, and Next.js 15.3.0. I'm really worried that I might be missing a fundamental issue in my process or that a dependency could be malicious. Can anyone help me figure out how to identify the source of these infections and prevent them in the future?
3 Answers
It sounds like you're running into a known vulnerability with Next.js 15.3. The version you're using has a critical RCE vulnerability that can be exploited super quickly. You should definitely run an audit on your package using `npm audit` or something similar to find any issues. The key here is to upgrade your Next.js version to at least 16.0.7 to patch that vulnerability.
Absolutely, along with what others have said, you should regularly run your package manager's audit commands. This will highlight any vulnerable packages. Just type `npm audit` or `bun audit` into your terminal to get insights on what's at risk.
Definitely! I'm seeing some alerts in my `yarn audit` as well, so I need to prioritize fixing those.
You're not using source control tools like GitHub, right? Because with your version (Next.js v15), you're missing out on notifications for critical vulnerabilities like React2Shell. The solution is to upgrade both React and Next.js to the latest patched versions, which will keep your deployed app secure. And you really need to reconsider your development process; deploying vulnerable code isn't a good practice!
Why doesn’t NPM alert users about these vulnerabilities during installs?
Right, I did a `yarn audit` and found some critical and high-severity issues as well. Do you know if there's a quick way to fix them?