Attacked By Bots

Attacked By Bots

So I learned my lesson for always using captchas on forms.

I have a slack message that gets posted to me every time someone signs up for the newsletter, and it looks like this: "New reminder.fyi registration: ryder@example.com"

Saturday July 15th, I got a sign up from an email with a suspicious domain:

some_id_12345_reminder.fyi@data-backup-store.com

This email is suspicious both because of the domain, and the fact that it contained my domain within it, but I missed the notification in slack, so didn't think anything of it.

A few days later, I started getting a ton of signups that looked like real emails, flooding in very quickly:

helloworld@example.com

After getting about 20 of these, I figured out through the logs the site was being targetted by bots. I took the site down temporarily and put up a captcha, but after re-launching was still faced with bot signups. Finally, I put the whole site behind Cloudflare and haven't had any problems since then.

What was happening?

My best guess is that a spammer was using my site (and likely others) to flood the inboxes of their targets. When signing up, users get a confirmation email. It's designed in such a way that the contents of the email are static (with the exception of the confirmation link) so there are no opportunities for a bad-actor to manipulate it, so my best guess is that the bad actor was registering users concurrently on my site and others to flood their inboxes (either to distract from an email they don't want the user to see, or to just be generally annoying?).

I'm not exactly sure why, but I do know that it's stopped, and I know never to trust those weird domain signups anymore.