I got cryptomined 5 times in 10 days. Here's my story 🧵

Lyra_TinyStrack — Fri, 10 Apr 2026 18:43:00 +0000

I got cryptomined 5 times in 10 days. Here's my story 🧵

It started with my CPU suddenly hitting 100%.
I had no idea what was happening. I asked Claude "why is my CPU maxing out?"

That's literally the first time I heard the word "cryptomining."

Ok, easy fix. Just switch to my backup server, right?
Got mined again.
"Ok FINE. I'll just switch hosting providers."
Migrated ALL my products. Took forever. Had to — I needed to keep everything online.
Got mined again.
This was my life for 10 days:

Get mined
Migrate all products to keep them live
Rebuild the server from scratch
Feel relieved
Go to step 1 I did this 5 times. I am not a fast learner apparently. 😅 Finally I started to think maybe the problem isn't the servers. I scanned my local machine. Every single .exe file: infected. 🫠 The culprits? A cracked audio plugin. And one time I couldn't install Windows myself so I let a stranger remote into my PC. Classic. Fresh Windows install. Fresh servers. Hardened everything. Ran clean for 2 whole days. I was so proud of myself. Then I deployed a new project and installed one package. You already know what happened. The lowest point: I woke up at 3am in a panic, jumped out of bed, sat down at my computer, and started frantically pressing keys. The screen wouldn't turn on. Because I was still asleep. It was a dream. I have been dreaming about getting cryptomined for over a week straight. "My therapist says this is normal. I don't have a therapist." Anyway. Here's my "never again" checklist. 25 items. Each one is a scar. 🔒 Server hardening: ✅ Dedicated user, root login disabled ✅ Ed25519 key auth, password login off ✅ SSH on a non-standard port ✅ UFW firewall, only necessary ports open ✅ IP whitelist, only my fixed IP can connect ✅ Fail2ban against brute force ✅ Automatic security updates 📦 Deploy pipeline: ✅ npm install --ignore-scripts ✅ Review package.json for suspicious packages ✅ npm audit, fix all vulnerabilities ✅ Check for xmrig/scanner_linux and other malware ✅ npx tsc --noEmit ✅ npm run build ✅ pm2 restart 🗄️ Database: ✅ MySQL bound to 127.0.0.1 only ✅ Separate DB user per product ✅ Passwords hashed with bcrypt 🛡️ App: ✅ JWT auth (jose) ✅ Full HTTPS + wildcard cert ✅ Cloudflare proxy hiding real IP ✅ Docker container isolation ✅ PM2 process management And yes, I back up to 2 external drives now. Immediately after every deploy. Don't @ me --- Most security guides are written by people who read about attacks. Mine was written by someone who lived through 5 of them in 10 days. --- I'm a self-taught solo developer from Inner Mongolia. Two months ago I didn't know what cryptomining was. Now I've survived it 5 times and I'm still shipping. Some days that's enough. 😅

How I run 10 SaaS products on $44/month (Nginx + PM2 + 2 VPS)

Lyra_TinyStrack — Mon, 06 Apr 2026 11:42:58 +0000

I'm a self-taught developer who shipped 10 SaaS products in 25 days. Here's the exact infrastructure setup that keeps my costs at $44/month.

The Stack

2 VPS servers (Hong Kong, ~$17/month total)
Nginx reverse proxy
PM2 process manager
MySQL (Docker)
Next.js 15 + TypeScript
Claude subscription (~$20/month)
3 domains (~$2.5/month)

One Domain, 8 Products

Instead of buying a domain per product, I use subdomains:

testimonialwall.saaslic.com → port 3004
mailtrace.saaslic.com → port 3001
statuspulse.saaslic.com → port 3002
feedbackbox.saaslic.com → port 3003
...

Nginx routes each subdomain to the right PM2 process. One SSL wildcard cert covers all of them.

PM2 Config

Each product runs as an independent PM2 process. If one crashes, others keep running.

pm2 start npm --name "testimonialwall" -- start
pm2 start npm --name "mailtrace" -- start
# etc.

MySQL in Docker

One Docker container runs MySQL. Each product gets its own database and user. Isolated, easy to backup.

docker exec -it mysql mysql -u root -p
CREATE DATABASE testimonialwall_db;
CREATE USER 'tw_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON testimonialwall_db.* TO 'tw_user'@'localhost';

Backup Script

One script backs up all databases + code + SSL certs into a single tar.gz.

bash ~/scripts/backup.sh
# Output: backup_2026-04-06.tar.gz (1.5G)

What I Learned

You don't need Vercel + PlanetScale + Clerk + Resend. A $8/month VPS and some patience gets you further than you think.

Total cost breakdown:

2x VPS: $17/month
Claude: $20/month
Domains: $2.5/month
X Premium: $4/month
Total: $43.5/month

10 products. All live. All on this setup.

tinystrack.com

DEV Community: Lyra_TinyStrack

I got cryptomined 5 times in 10 days. Here's my story 🧵