I made an API for screenshots of sites, and some guy started mining through it cryptocurrency
Just wanted to share this story. I know I could be better prepared for this incident, but it just so happened. :)
This morning I opened a mailbox and found about 150 warnings from the log monitoring program. I thought that I had accidentally launched a bug in production - and quickly began an investigation. But it soon became clear that a certain guy very quickly creates new accounts on our API service ApiLeap screenshots and quickly spends the entire loan of a free plan on each account.
')
He took screenshots of this page and mined cryptocurrency on the machines where Chrome instances work, which we use for screenshots.
I found out that he hangs on the main page of our site, so you can talk to him through the online chat Crisp - a tool that we use to communicate with potential customers on the site. Here is a conversation:
This morning I opened a mailbox and found about 150 warnings from the log monitoring program. I thought that I had accidentally launched a bug in production - and quickly began an investigation. But it soon became clear that a certain guy very quickly creates new accounts on our API service ApiLeap screenshots and quickly spends the entire loan of a free plan on each account.
')
He took screenshots of this page and mined cryptocurrency on the machines where Chrome instances work, which we use for screenshots.
I found out that he hangs on the main page of our site, so you can talk to him through the online chat Crisp - a tool that we use to communicate with potential customers on the site. Here is a conversation:
Me: Hello. Please stop creating multiple accounts on ApiLeap, you are violating the terms of service.I think this is one of the most peaceful ways I eliminated the attack - and the hacker was not such a bad guy, after all.
He: How do you know?
I: From our admin interface, we have metrics to monitor usage.
He: So you tracked my IP? Wow !!!
I: We have legal obligations to collect data from our clients.
He: Oh, I'm sorry. I used your server for mining cryptocurrency. Sorry, I will stop it.
I: Thank you.
He: Will there be any legal proceedings? : D
I: If you stop now, no. If you continue, then yes.
He: But you are to blame. You have not implemented any mechanisms to prevent bots or automatic access.
Me: We allow users to freely create accounts, but we have various tools for the ban. We also have a contractor who can prepare a lawsuit if necessary.
He: Ok, I understand. But it is your responsibility to make sure that automated software cannot create an account on your site.
Me: We can add security measures if needed.
He: I am also a web developer, I can help. I just created a php tool to automatically create accounts on your site.
I: We understood that. Selenium?
He: Nope, PHP curl. I can help you if you want. So, you do not understand web security at all or is it too lazy to implement it? Put at least a captcha, it will protect such bots.
Me: Thanks for the tip. Our site is the first you attacked?
He: No ...: D
This is my hobby. For fun and profit.
Me: Do you earn decent money on Coinhive?
He: No. I haven't done anything yet. Therefore, I thought about using such sites for mining. Sorry if I caused you some kind of loss.
Me: It's all right, we haven't lost anything. There are a bunch of other services for screenshots that you can try.
He :: D
It uses their computational resources, you understand.
Me: Yes, this is Monero mining in the browser.
He: By the way, why do you want me to try other websites? Just to cause them some damage? : D
I: No, do not. I was just joking. :)
He: Okay. Take me to work?
I: Sorry, we already have a full-time developer.
He :;)
In any case, it was nice to meet you.
I: I bet you are a great guy deep inside. There are lots of better ways to make money as a developer. Nice to meet you. Good luck! I hope you will have everything great! :)
He: Thank you. Until :)
Source: https://habr.com/ru/post/354796/
All Articles