On Saturday morning, I woke up late, still satisfied from last night’s tasty Amatriciana, Tiramisu, and wine. I took a moment to enjoy the warm breeze that Rome’s 10am winds brought with them. The plan for the day was an exciting visit to the Colosseum, followed by an inspiring tour of the Vatican. However, everything changed when I checked my emails and found a message from Fly.io.
My server for madepublic.io had crashed in the middle of the night.
Odd I thought - there’s a dedicated VPS with 2GB of RAM running that Elixir application - what could have happened?
I tried to access the platform using my phone - I didn’t have my laptop with me, I decided I wasn’t going to be doing any work or indiehacking this weekend - and no response.
I logged into fly.io to check the logs and saw a stream of 200 OK responses coming from my user registration controller action. Looks like someone was creating 240 user accounts with real email addresses with bitcoin related spam in their user details per second.
Credential stuffing attack while I’m on holiday - great.
continue reading on chrisgregori.substack.com
⚠️ This post links to an external website. ⚠️
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.