✨ Read how Fotorama reduced app’s subscription refund rate by 40% with Refund Saver

The first time hackers attacked our servers

Vitaly Davydov

Updated: January 25, 2023

Content

612cf5ac6d0a5dd9e613b21f hackers attacked min

Last night, we experienced a significant increase in the number of requests to certain endpoints of the server API, the logic of which assumed non-trivial changes in data in various tables. Due to this issue, an abnormally large number of operations were performed with one of the tables associated with analytics, which caused a number of locks in queries to the database. This significantly increased the response time from the database (Fig. 1) and, accordingly, from the servers (Fig. 2). As a result, some of the requests (about 30%) did not fit into the timeout and were discarded with an error code. Most likely this error did not affect you.

60205765c134290b604f91a6 fpkpjjvnlmaljxdwfx0uieaa53a6fvifm0qcd9dqqwxthelqfwku09d8sihhfq9v9qrtm2jkoouhuqru3vk3pwuw
Figure 1 — DB metrics

We can see that all requests came from one account that was only registered recently. As we have established, this account is not a major app publisher, so we consider this incident to be an attack. Based on historical data, we found that attempts were made to test the system’s behavior and performance that did not correspond to any real load, as a result of which the attackers identified the most vulnerable areas of the system. The deliberate nature of this incident is also indicated by the fact that this incident occurred at night, when most of the team was absent from the workplace.

6021efada92b2fe446c6aba1 image 7
Figure 2 — response time

From the start of the incident, we were working hard to solve this problem. In the early morning we localized the abnormal requests and eliminate the malfunctions. Preventive measures were taken against this attack vector and the vulnerability was eradicated.

Unlock 2024 subscription holiday secrets
Discover why apps thrive during Black Friday, Christmas & New Year and how you can do the same.
Get your free report
Unlock 2024 subscription holiday secrets

Further reading