Our app has been attacked – How do you handle?

Question

Our App** has been recently attacked in the last 24 hours.Someone is testing and doing security checking on our platform** without our consent. Even though, this has not made any single dent on our performance, Since our architecture is rock solid, but we failed on throttling user's request.We have received massive entries in our database from multiple attackers.We have temporarily disabled few things while we add throttling, but wanted to ask, how do you guys handle such attacks, when you receive them on your end?*Our internal chat screenshot - https://i.imgur.com/VPuBdnA.jpg**our app that is under attack by spammers - qocial.com, we launched a week ago and we shared our URL on reddit ( this is where I believe attackers are coming from )Looking for some valuable feedback, if you report them at some places or just move on and add or improve throttling to requests, feel free to share your feedback please.Thanks

yellow_lead · Accepted Answer

Collect as much data as possible on them and use it to shadow ban them, or outright ban them. Blacklist their IPs, devices, etc. You can even blacklist their country temporarily if possible. For DDOS, etc you could look at putting Cloudflare in front of your services. And make sure you rate limit everything.
>We have received massive entries in our database from multiple attackers.
Review all your validation code. If this shouldn't be possible, but your code let it through, it's something you should be validating but are not.

saluki · Answer

Cloudflare business level plan has upgraded DDOS protection that's a good first step to upgrade to even temporarily.
Block Thailand IPs. https://www.alphr.com/block-country-cloudflare/
Add honeypot form fields if it's a bot you can show success message but disregard the data and blacklist their ip.

ksaj · Answer

Maybe it is a lack of info or differentiation between the different attack vectors, but it sounds like you actually have it under control if the business is not being impacted.Are they "testing" your security, or spamming from your service, or spamming to your service?

qocial · Answer

The SPAMMER is from Thailand Bangkok - https://whatismyipaddress.com/ip/49.49.248.205 and is spamming to all our networks in the last 24 hours.

gardenhedge · Answer

> our architecture is rock solid> We have received massive entries in our database from multiple attackers.Really?

qocial · Answer

Those spammers have also targeted our Email account. We got the first possible name of the attackers as "Junaid Raza."

Our app has been attacked – How do you handle?

Cloudflare business level plan has upgraded DDOS protection that's a good first step to upgrade to even temporarily.
Block Thailand IPs. https://www.alphr.com/block-country-cloudflare/
Add honeypot form fields if it's a bot you can show success message but disregard the data and blacklist their ip.

Maybe it is a lack of info or differentiation between the different attack vectors, but it sounds like you actually have it under control if the business is not being impacted.
Are they "testing" your security, or spamming from your service, or spamming to your service?

The SPAMMER is from Thailand Bangkok - https://whatismyipaddress.com/ip/49.49.248.205 and is spamming to all our networks in the last 24 hours.

> our architecture is rock solid
> We have received massive entries in our database from multiple attackers.
Really?

Those spammers have also targeted our Email account. We got the first possible name of the attackers as "Junaid Raza."

Our app has been attacked – How do you handle?

Cloudflare business level plan has upgraded DDOS protection that's a good first step to upgrade to even temporarily.Block Thailand IPs. https://www.alphr.com/block-country-cloudflare/Add honeypot form fields if it's a bot you can show success message but disregard the data and blacklist their ip.

Maybe it is a lack of info or differentiation between the different attack vectors, but it sounds like you actually have it under control if the business is not being impacted.Are they "testing" your security, or spamming from your service, or spamming to your service?

The SPAMMER is from Thailand Bangkok - https://whatismyipaddress.com/ip/49.49.248.205 and is spamming to all our networks in the last 24 hours.

> our architecture is rock solid> We have received massive entries in our database from multiple attackers.Really?

Those spammers have also targeted our Email account. We got the first possible name of the attackers as "Junaid Raza."

Cloudflare business level plan has upgraded DDOS protection that's a good first step to upgrade to even temporarily.
Block Thailand IPs. https://www.alphr.com/block-country-cloudflare/
Add honeypot form fields if it's a bot you can show success message but disregard the data and blacklist their ip.

Maybe it is a lack of info or differentiation between the different attack vectors, but it sounds like you actually have it under control if the business is not being impacted.
Are they "testing" your security, or spamming from your service, or spamming to your service?

> our architecture is rock solid
> We have received massive entries in our database from multiple attackers.
Really?