Registration Form Attack

Started at

App

Resolved

Date and Time of Incident

17 June 2024, 1:45PM - 4:15PM UTC

Description of the Incident

Our registration form was attacked by an IP address originating from Egypt. The attacker was sending thousands of registration emails to different users, using a link as the name so that it appeared in the email.

Impact

The attack caused us to exceed our email sending quota, which resulted in us being unable to send emails through our provider. Users were unable to log in, register, or receive email notifications while the email service was down.

Mitigation Actions Taken

The offending IP address was blocked and rate limiting was added to our API. We also added a second email provider to resume the email service and as a backup for the future.

Future Prevention Measures

We have made changes to our registration form and email templates to prevent such abuse in the future. We have also implemented rate limiting on our API to prevent excessive requests from a single source. We are also implementing an advanced alert system that will promptly notify us of any unusual activity or anomalies in our email sending patterns in the future.

Lessons Learned:

  • It's important to have measures in place to protect our API from abuse and ensure our forms are secure.
  • Having a backup email provider ready to go can help minimize downtime of service in case of such incidents.
  • Regular monitoring and quick response to unusual activity can help mitigate the impact of such attacks.