Security on sarkie blogshttps://tech.imsarkie.in/tags/security/Recent content in Security on sarkie blogsHugoen-usSat, 25 Apr 2026 00:05:01 +0530I Got Hackedhttps://tech.imsarkie.in/posts/i-got-hacked/Sat, 25 Apr 2026 00:05:01 +0530https://tech.imsarkie.in/posts/i-got-hacked/<p>I made a rookie mistake.</p> <p>I built a Telegram bot that fetches top stories from <a href="https://lobste.rs/">Lobste.rs</a> — ones scoring above a threshold I set. Straightforward enough. The problem was deployment.</p> <p>I&rsquo;m not great at setting up servers, so I turned to AI for help. I don&rsquo;t usually accept AI output blindly, but this time I did, and it gave me this:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#75715e"># docker-compose.yml</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">db</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">mysql:8.0</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">MYSQL_ROOT_PASSWORD</span>: <span style="color:#ae81ff">rootpassword</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">MYSQL_DATABASE</span>: <span style="color:#ae81ff">${MYSQL_DB:-lobster_bot}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">MYSQL_USER</span>: <span style="color:#ae81ff">${MYSQL_USER:-lobster}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">MYSQL_PASSWORD</span>: <span style="color:#ae81ff">${MYSQL_PASSWORD:-lobsterpassword}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">mysql_data:/var/lib/mysql</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;3306:3306&#34;</span> </span></span></code></pre></div><p>The bot ran fine for two days. Then the Telegram notifications stopped.</p>