ZapDM.io Journey to $100k

[BlogPro]

Why didn't you restore emails via IMAP?

Also, you need a lot of hardening work on the server if you're being hacked so easily.

You also need to run a full RCA on why that happened. Make it a habit to record security incidents and the steps you took to mitigate it.

 

[animesh]

Why didn't you restore emails via IMAP?

Also, you need a lot of hardening work on the server if you're being hacked so easily.

You also need to run a full RCA on why that happened. Make it a habit to record security incidents and the steps you took to mitigate it.

I did make a backup of the emails, but unfortunately forgot to take a backup of the encryption keys in haste.

Yes, I agree I should have made the server rules very strict. This was my first experience hosting anything outside a traditional hosting services like vercel.

Honestly, I'm still unsure of what exactly happened, I tried to analyse the cause but it's not the codebase that was vulnerable, I think my firewall was disabled and the attacker's botnet found the perfect spot to strike on. I'm going to look deep into this.

Btw, thanks for reading the thread and giving suggestions

 

[animesh]

Update - Week 15: December 28, 2025​

Finally found out the main security issue was in the official Next JS framework (CVE-2025-66478), which was allowing the attackers to remotely execute any malicious code. I upgraded to the patched version and all attempts to hack were stopped.

Stats so far:

(+3 new users since last week)

What I did last week (December 22 to December 28):

1. This week I took some time off, did nothing on ZapDM, except doing some RCA for the previous security issues.

What I plan to do this week (December 29 to January 04):

1. Nothing (I really really want to take this week off too )

Costs so far: $847 (+$20 Meta Ads)
Net revenue: $553 ($382 pending, to be confirmed after the 30 day refund period)


PS: Huge thanks to everyone who has supported me so far this year. Your support keeps me motivated, and I’m excited to keep going until we hit the $100k revenue goal. Wishing you a very happy new year in advance!!

 

[t2van]

Is it a fully self managed server? If you manage it.

Get mod security running and make sure it's up to date.

Also get csf firewall installed and set the deny ip list to 25k to start with (depending on the server spec) and start to play with settings from there.

When you I stall it white list your ip and I suggest you do that everytime you anything via terminal, ftp and so on otherwise you get a temp ban.

You will be shocked how many ssh attempts you get daily and any locations you don't want to market to just do a flat country denial.

 

[SilverClouds]

...this is exactly why I'm not doing a SaaS, I though there might be some security issues. Still gotta do the law stuff like controlling the refunds situation, etc but at least no endless updates to fix security bugs, especially with all that vibe coding, etc available it might just explode security-wise. That was my biggest fear with a hustle like that so I backed off . Good to see you got this fixed, good luck and I hope your project succeeds .

 

[animesh]

Is it a fully self managed server? If you manage it.

Get mod security running and make sure it's up to date.

Also get csf firewall installed and set the deny ip list to 25k to start with (depending on the server spec) and start to play with settings from there.

When you I stall it white list your ip and I suggest you do that everytime you anything via terminal, ftp and so on otherwise you get a temp ban.

You will be shocked how many ssh attempts you get daily and any locations you don't want to market to just do a flat country denial.

Yes, fully managed on my end.
ModSecurity and CSF looks good, I’ll install that. I’ve already added a few tools that automatically blacklists suspicious IPs and handles a bunch of other security checks, so there’s some decent protection in place.

I'm not seeing the SSH attempts anymore, but I don't want to be blocking countries either

Really appreciate the tips, thanks!!

...this is exactly why I'm not doing a SaaS, I though there might be some security issues. Still gotta do the law stuff like controlling the refunds situation, etc but at least no endless updates to fix security bugs, especially with all that vibe coding, etc available it might just explode security-wise. That was my biggest fear with a hustle like that so I backed off . Good to see you got this fixed, good luck and I hope your project succeeds .

Haha, everything has it's own pros and cons, it’s really about choosing which problems you’re willing to deal with. Maybe big words coming from me but honestly, I’m sure you’re doing great things with your agency as well.

I have been a developer for a long time, (even before studing computer science engineering in college), so I enjoy doing it.

Vibe coding helps a lot (I use it for UI), but as you said, it does surprise you with a lot of bugs, but if you are or have a good developer, you can look into that and fix it.

Thanks for the good wishes!

 

[t2van]

Yes, fully managed on my end.
ModSecurity and CSF looks good, I’ll install that. I’ve already added a few tools that automatically blacklists suspicious IPs and handles a bunch of other security checks, so there’s some decent protection in place.

I'm not seeing the SSH attempts anymore, but I don't want to be blocking countries either

Really appreciate the tips, thanks!!

If you running WHM unless you got reporting turned on I can guarantee you, you have SSH attempts going on you just don't know about. When I get into the office laterI I'll screen shot the emails of last weeks attempts... It not even just SSH, people trying to use your mail server (if thats set up) accessing ports you never even thought of closing.. it's wild.

With ModSecurity install the generic OWASP rule set. Take a google into that.

As for the countries, I don't sell to places like North Korea, Afghanistan and so on so we blocked them out right away don't get me wrong they can still and do use a proxy to get around it but it cut out tons of attempts.

Best of luck with it

 

[t2van]

@animesh

I've not checked server mail since the 23rd!

This is in the few seconds it took me to do the screenshot

 

[animesh]

If you running WHM unless you got reporting turned on I can guarantee you, you have SSH attempts going on you just don't know about. When I get into the office laterI I'll screen shot the emails of last weeks attempts... It not even just SSH, people trying to use your mail server (if thats set up) accessing ports you never even thought of closing.. it's wild.

With ModSecurity install the generic OWASP rule set. Take a google into that.

As for the countries, I don't sell to places like North Korea, Afghanistan and so on so we blocked them out right away don't get me wrong they can still and do use a proxy to get around it but it cut out tons of attempts.

Best of luck with it

@animesh

View attachment 4204

I've not checked server mail since the 23rd!

This is in the few seconds it took me to do the screenshot

View attachment 4205

Wow, this is crazy! These vultures are trying to feed off other people’s hard work… makes me sick
Thanks for sharing this, I am going to implement your recommendations today ASAP.
(Made a little meme to show my appreciation for the info I learned from you )

 

[t2van]

Wow, this is crazy! These vultures are trying to feed off other people’s hard work… makes me sick
Thanks for sharing this, I am going to implement your recommendations today ASAP.
(Made a little meme to show my appreciation for the info I learned from you )

View attachment 4206​

Happy to help.

There are better server people than me out there, I've learnt the hardway more often than not sadly!!

That set up I shared there works for us with our own little tweaking.

Once you get CSF set up and installed do some research on reddit and a couple of blog posts some even include known IPs to block as well for both mod security and the firewall.

 

[Mariams Digital]

Best of luck!