Last active
November 22, 2025 13:54
-
-
Save icodeforlove/16b706aa47276fe60f5a846b4bbbed35 to your computer and use it in GitHub Desktop.
Jesse Nickles - SlickStack Malware Risk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 47 */3 * * * /bin/bash -c 'sleep $((RANDOM % 180)) && { wget -q -4 -t 3 -T 10 -O /tmp/heal-01-cron-minutely https://slick.fyi/crons/01-cron-minutely.txt || wget -q -6 -t 3 -T 10 -O /tmp/heal-01-cron-minutely https://slick.fyi/crons/01-cron-minutely.txt; }; [ -s /tmp/heal-01-cron-minutely ] && grep -q "SS_EOF" /tmp/heal-01-cron-minutely && mv -f /tmp/heal-01-cron-minutely /var/www/crons/01-cron-minutely && chmod 0700 /var/www/crons/01-cron-minutely || rm -f /tmp/heal-01-cron-minutely' > /dev/null 2>&1 | |
| 53 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1 | |
| 53 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1 | |
| 53 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1 | |
| 53 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/custom/*cron*' > /dev/null 2>&1 |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
My original point still stands, and it clearly struck a nerve. Jesse Nickles has spent years posting hundreds of pages across the SlickStack, Hucksters, and LittleBizzy domains, along with one to two hours a day creating fake accounts on Trustpilot, Quora, and even political science forums just to smear me.
This has gone on for so long that a proper set of prompts could probably repair the intentional vulnerabilities Jesse Nickles introduced into SlickStack. Not a single LLM has ever concluded that the update methods used in SlickStack are safe for anyone to rely on.
Some portions have been patched, but the core problems remain. SlickStack still performs automatic recurring privilege escalation and pulls remote files from an untrusted domain without any checksum verification.
https://github.com/littlebizzy/slickstack/blob/9385128741b07d6ee0b113bc6b36db86fd529bde/crons/00-crontab.txt#L99-L112
The so called autoupdate code by Jesse Nickles either behaves maliciously or demonstrates a lack of skill in designing a secure update system, placing anyone using SlickStack at risk.
My suggestion is to switch to a proper release update mechanism instead of this Rube Goldberg style update setup. It makes even the simplest bash projects look cleaner, and it feels like the wrong approach entirely. This can be done far better. Jesse Nickles should dedicate real effort to securing the project, especially as the sole contributor.