Rallly
Monitoring the uptime of various rallly.co services.
resolved
Jun 17, 2024 01:45 (UTC)
Date and Time of Incident
17 June 2024, 1:45PM - 4:15PM UTC
Description of the Incident
Our registration form was attacked by an IP address originating from Egypt. The attacker was sending thousands of registration emails to different users, using a link as the name so that it appeared in the email.
Impact
The attack caused us to exceed our email sending quota, which resulted in us being unable to send emails through our provider. Users were unable to log in, register, or receive email notifications while the email service was down.
Mitigation Actions Taken
The offending IP address was blocked and rate limiting was added to our API. We also added a second email provider to resume the email service and as a backup for the future.
Future Prevention Measures
We have made changes to our registration form and email templates to prevent such abuse in the future. We have also implemented rate limiting on our API to prevent excessive requests from a single source. We are also implementing an advanced alert system that will promptly notify us of any unusual activity or anomalies in our email sending patterns in the future.
Lessons Learned:
- It's important to have measures in place to protect our API from abuse and ensure our forms are secure.
- Having a backup email provider ready to go can help minimize downtime of service in case of such incidents.
- Regular monitoring and quick response to unusual activity can help mitigate the impact of such attacks.